search

cashapp / licensee

Gradle plugin which validates the licenses of your dependency graph match what you expect
https://cashapp.github.io/licensee/docs/1.x/
Apache License 2.0
626 stars 29 forks source link

Document how to ignore AARs #44

Closed rashadsookram closed 3 years ago

rashadsookram commented 3 years ago

There are some AARs included in the project I tried using Licensee on (e.g. specified like this in my build.gradle: implementation(name:'my-lib-3.5.0', ext:'aar')), and the validation was failing because there wasn't a corresponding POM file included in the project:

Execution failed for task ':app:licensee'.
> Could not find my-lib-3.5.0-.pom (:my-lib-3.5.0:).
  Searched in the following locations:
      file:/Users/me/src/MyApp/app/libs/my-lib-3.5.0.pom

Through some trial and error, I was able to figure out that it could be ignored by configuring Licensee with ignoreDependencies('', 'my-lib-3.5.0'), but it wasn't obvious at first. Originally I tried ignoreDependencies('my-lib-3.5.0'), not realizing that I needed to specify the name as the artifactId, not the groupId.

I wonder if this could be documented, or if the error message could be improved to make it easier to figure this out?

JakeWharton commented 3 years ago

There's nothing aar-specific about this. It seems like you're using a flat folder Maven repo and have the aar dropped into that folder which Gradle exposes to the dependency system as a dependency with no group and only a name.

I'll try to reproduce it in a test fixture and make sure the build doesn't fail but instead it just reports it as not having a pom.