mikepenz
commented
2 years ago Thank you @wseemannroku for the report. I'll need to have a closer look on that.
Really appreciate your sponsor!
Closed wseemannroku closed 2 years ago
mikepenz
commented
2 years ago Thank you @wseemannroku for the report. I'll need to have a closer look on that.
Really appreciate your sponsor!
mikepenz
commented
2 years ago This could possibly take more time to resolve.
It looks gradle does not resolve the module artifacts associated with the platform specification, like it would do for other artifacts. Resulting in all the child dependencies declared via the bom not ending up in the report.
Interesting enough. the general dependencies task from gradle itself will also only report the top level bom and no children.
wseemannroku
commented
2 years ago Not a problem, thanks for looking into this so quick! I work for Roku and I'm migrating away from the Google OSS plugin to your library. I had to do a 1:1 comparison to make sure all of the licenses generated by the OSS plugin matched in yours, the only things missing were the BOM declarations. It's worth noting that the Google OSS plugin doesn't resolve the BOM's child dependencies either. Based on your screenshot, it appears you're at least able to detect the present of the BOM dependency. If that's true I'd probably be sufficient enough, for parity sake, to just include the BOM and stop there. Thoughts?
mikepenz
commented
2 years ago As an initial step yes.
I'll need to look how it's handled there, as while the plugin sees it, the related artifact files are not resolved which results in the pom.xml not being found which is required for the license and further information about it.
Will keep any findings posted here. Sadly not around the Mac anymore today
mikepenz
commented
2 years ago As a temporary (manual) solution if the platform dependencies are at a minimum, you can provide libraries/licenses which will be included: https://github.com/mikepenz/AboutLibraries#libraries
wseemannroku
commented
2 years ago Thanks @mikepenz, I was going to to that but this issue prevented me from adding them manually. I was waiting for that multiplatform fix to make it into the next release so I didn't have to use a pre-release version.
mikepenz
commented
2 years ago Oh interesting one. So there are actually multiple aspects to that.
1.) If you provide the additional library as .json and configure the plugin, the plugin will automatically merge the additional library (also licenses) into the resulting definition file. (Similar if this approach is used to update data retrieved from the pom files) - In that case you would not require to modify the withLibs programmatically
2.) Currently that release is pending as I wanted to await a stable compose-jb release for the used Kotlin version. Would not anticipate other changes beyond this, but I understand if policies define to not use beta releases.
3.) Given the environment, if you have the chance to use compose, I'd suggest to prefer the compose ui module, being much more lightweight.
a.) Not sure if this is the plan, but for enterprise usecases I recommend to configure the plugin so it will only generate the library meta-data on-demand so you can have it checked in, and stay aware of any changes to your dependencies.
wseemannroku
commented
2 years ago Thanks for the fix, I appreciate it!
mikepenz
commented
2 years ago You are welcome @wseemannroku
Thank you for the report and the feature request.
About this issue
Hello, thank you so much for this great library! I can tell you put a lot of work into it.
If I add
implementation platform('com.google.firebase:firebase-bom:30.0.0')in my app level build.gradle this library isn't detected in the final JSON output. The Google OSS plugin does however, here's the entry in their resulting JSON:Does this library support dependencies added with
implementation platform(...)? If not, is it possible to add support? Thanks again!Details
Checklist