search

CycloneDX / cyclonedx-gradle-plugin

Creates CycloneDX Software Bill of Materials (SBOM) from Gradle projects
https://cyclonedx.org/
Apache License 2.0
153 stars 73 forks source link

With Spring Boot 3.3.1 and Kotlin 2.0.0: Could not resolve com.fasterxml.jackson.core:jackson-annotations:2.17.1 #459

Closed oneiros-de closed 1 month ago

oneiros-de commented 2 months ago

I have a project with Gradle 8.8, Spring Boot 3.3.1 and Kotlin 2.0.0/Java 21 and testcontainers 1.19.8

When I include the plugin (1.8.2), compilation fails with

> Task :cyclonedxBom
An unexpected issue occurred attempting to create a PackageURL for org.jetbrains.kotlin:kotlin-native-prebuilt:2.0.0

> Task :cyclonedxBom FAILED

FAILURE: Build failed with an exception.

* What went wrong:
Execution failed for task ':cyclonedxBom'.
> Could not resolve all dependencies for configuration ':testDependencySources'.
   > Could not resolve com.fasterxml.jackson.core:jackson-annotations:2.17.1.
     Required by:
         project :
      > No matching variant of com.fasterxml.jackson.core:jackson-annotations:2.17.1 was found. The consumer was configured to find sources for use during runtime, packaged as a jar, preferably optimized for standard JVMs, and its dependencies declared externally, as well as attribute 'org.jetbrains.kotlin.platform.type' with value 'jvm' but:
          - Variant 'apiElements' declares a component, packaged as a jar, and its dependencies declared externally:
              - Incompatible because this component declares a library for use during compile-time and the consumer needed documentation for use during runtime
              - Other compatible attributes:
                  - Doesn't say anything about its target Java environment (preferred optimized for standard JVMs)
                  - Doesn't say anything about org.jetbrains.kotlin.platform.type (required 'jvm')
                  - Doesn't say anything about the documentation type (required sources)
          - Variant 'runtimeElements' declares a component for use during runtime, packaged as a jar, and its dependencies declared externally:
              - Incompatible because this component declares a library and the consumer needed documentation
              - Other compatible attributes:
                  - Doesn't say anything about its target Java environment (preferred optimized for standard JVMs)
                  - Doesn't say anything about org.jetbrains.kotlin.platform.type (required 'jvm')
                  - Doesn't say anything about the documentation type (required sources)
   > Could not resolve com.fasterxml.jackson.core:jackson-annotations:2.10.3.
     Required by:
         project : > org.testcontainers:junit-jupiter:1.19.8 > org.testcontainers:testcontainers:1.19.8 > com.github.docker-java:docker-java-api:3.3.6
      > No matching variant of com.fasterxml.jackson.core:jackson-annotations:2.17.1 was found. The consumer was configured to find sources for use during runtime, packaged as a jar, preferably optimized for standard JVMs, and its dependencies declared externally, as well as attribute 'org.jetbrains.kotlin.platform.type' with value 'jvm' but:
          - Variant 'apiElements' declares a component, packaged as a jar, and its dependencies declared externally:
              - Incompatible because this component declares a library for use during compile-time and the consumer needed documentation for use during runtime
              - Other compatible attributes:
                  - Doesn't say anything about its target Java environment (preferred optimized for standard JVMs)
                  - Doesn't say anything about org.jetbrains.kotlin.platform.type (required 'jvm')
                  - Doesn't say anything about the documentation type (required sources)
          - Variant 'runtimeElements' declares a component for use during runtime, packaged as a jar, and its dependencies declared externally:
              - Incompatible because this component declares a library and the consumer needed documentation
              - Other compatible attributes:
                  - Doesn't say anything about its target Java environment (preferred optimized for standard JVMs)
                  - Doesn't say anything about org.jetbrains.kotlin.platform.type (required 'jvm')
                  - Doesn't say anything about the documentation type (required sources)

Apparently the plugin screws up the dependencies so that com.fasterxml.jackson.core:jackson-annotations isn't found anymore...

Jasz commented 1 month ago

Apparently it's an issue with the Kotlin Gradle Plugin 2.0.0, see KT-68447.

A temporary workaround could look like this:


tasks.cyclonedxBom {
    setSkipConfigs(
        listOf(
            "dependencySources",
            "testDependencySources",
        )
    )
}
skhokhlov commented 1 month ago

I agree this is an issue of Kotlin Gradle Plugin, not CycloneDX. Please use the workaround to exclude affected configuration.

github-actions[bot] commented 1 week ago

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.