Multiple gradle projects in the same repository sharing common modules fail to scan dependencies

[mervyn-mccreight]

Current behaviour

The SBOM creation sometimes fail with Timeout waiting to lock buildSrc build lock. It is currently in use by another Gradle instance.

Expected behaviour

The SBOM creation works for all specified projects

Comment

I think it has something to do with parallel execution of multiple gradlew runs that operate on the same projects. Gradle does not seem to support something like this.

I can think of two possible solutions: 1) Run the Gradle tasks for each project sequentially 2) Clone the repository n-times (n being the number of defined projects) and run every SBOM creation for each sub-project in a different clone of the repository, so each Gradle instance can have its own lock-files.

[heubeck]

That's not a bug of technolinator, but a gradle issue. basically gradle itself is the issue.

[mervyn-mccreight]

Looking at

• https://issues.gradle.org/browse/GRADLE-2032.html
• https://github.com/gradle/gradle/issues/17139
• https://github.com/gradle/gradle/issues/8750

it seems that this is indeed a bug in Gradle, but I'd like not to wait for Gradle to fix a bug like this. This seems to appear, disappear, re-appear over and over again.