[FEATURE] Use local maven repo for tests

[guillermo-varela]

• What are you trying to do? Currently unit and integration tests are using Maven Central to download/resolve dependencies used:

https://github.com/sonatype-nexus-community/scan-gradle-plugin/blob/5e4a765d26f81e38f88c9e1a205d14284a4dc1c1/src/integTest/resources/exclude_vulnerabilities_by_coordinate.gradle#L7

https://github.com/sonatype-nexus-community/scan-gradle-plugin/blob/2f28eb6aea8aa16ed56745f6b5039e13543c0129/src/test/java/org/sonatype/gradle/plugins/scan/ossindex/OssIndexAuditTaskTest.java#L144

https://github.com/sonatype-nexus-community/scan-gradle-plugin/blob/2f28eb6aea8aa16ed56745f6b5039e13543c0129/src/test/java/org/sonatype/gradle/plugins/scan/common/DependenciesFinderTest.java#L470

• What feature or behavior is this required for? Tests are taking extra time due to needing to download files from Internet and sometime fails due to timeouts.

• How could we solve this issue? (Not knowing is okay!) There are ways to set a local file/directory to resolve files or maven repos in Gradle, so we should explore that option

cc @bhamail / @DarthHater / @guillermo-varela / @shaikhu

[guillermo-varela]

After some tests, I see that creating a local folder (for example "mavenLocal") and there mimicking the folder structure of the dependency used (commons-collections/commons-collections/3.1/) containing both the JAR and POM files of the dependency (that is, creating a local maven repository folder) we could set the path to it like this in unit tests:

project.getRepositories().maven(repository -> repository.setUrl(new File("src/test/resources/mavenLocal").toURI()));

However, for integration tests now I see we use Android plugins and dependencies from the Google maven repository: https://github.com/sonatype-nexus-community/scan-gradle-plugin/blob/6de7fa931531dc11a3ea64c9b575604c50e6f008/src/integTest/resources/legacy-syntax/android/build.gradle#L3-L8

https://github.com/sonatype-nexus-community/scan-gradle-plugin/blob/6de7fa931531dc11a3ea64c9b575604c50e6f008/src/integTest/resources/legacy-syntax/android/app/build.gradle#L1

https://github.com/sonatype-nexus-community/scan-gradle-plugin/blob/6de7fa931531dc11a3ea64c9b575604c50e6f008/src/integTest/resources/legacy-syntax/android/app/build.gradle#L17

Meaning, the dependency we use from Maven Central can be replaced with a local one, but the Android plugins and dependencies would also need to be copied locally if the desire is still to make all tests work without getting dependencies from internet.

Particularly for Android, we use multiple versions of the Google's Android plugin: https://github.com/sonatype-nexus-community/scan-gradle-plugin/blob/6de7fa931531dc11a3ea64c9b575604c50e6f008/src/integTest/resources/android/build.gradle#L8-L15

At this point I think having local copies of all those artifacts adds little to nothing to the tests performance or stability, considering that it's been a while since I saw an error fetching dependencies in CI jobs and the downloads that takes the most time are the Gradle versions for integration tests.