Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CycloneDX generates empty bom or throws error that the consumer didnt ask for it (config) #322

Closed
eazyenno opened this issue Jul 17, 2023 · 3 comments
Closed

CycloneDX generates empty bom or throws error that the consumer didnt ask for it (config) #322

eazyenno opened this issue Jul 17, 2023 · 3 comments
Labels
android Android related issues duplicate This issue or pull request already exists

Comments

@eazyenno
Copy link

eazyenno commented Jul 17, 2023
edited
Loading

Hello People,

i want to generate a bom for my Android App with gradle. The Problem is that when i just install the plugin

plugins {
id 'org.cyclonedx.bom' version '1.7.4'
}

i get this error
Execution failed for task ':app:cyclonedxBom'.

The consumer was configured to find a component for use during compile-time, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.0.2', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm'. However we cannot choose between the following variants of project :app:
- Configuration ':app:debugApiElements' variant android-app-symbol-for-data-binding declares a component for use during compile-time, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.0.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Unmatched attributes:
- Provides attribute 'artifactType' with value 'android-app-symbol-for-data-binding' but the consumer didn't ask for it
- Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
- Provides a library but the consumer didn't ask for it
- Configuration ':app:debugApiElements' variant android-base-module-metadata declares a component for use during compile-time, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.0.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Unmatched attributes:
- Provides attribute 'artifactType' with value 'android-base-module-metadata' but the consumer didn't ask for it
- Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
- Provides a library but the consumer didn't ask for it
- Configuration ':app:debugApiElements' variant android-classes-jar declares a component for use during compile-time, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.0.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Unmatched attributes:
- Provides attribute 'artifactType' with value 'android-classes-jar' but the consumer didn't ask for it
- Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
- Provides a library but the consumer didn't ask for it
- Provides its elements packaged as a jar but the consumer didn't ask for it
- Configuration ':app:debugApiElements' variant android-feature-all-metadata declares a component for use during compile-time, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.0.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Unmatched attributes:
- Provides attribute 'artifactType' with value 'android-feature-all-metadata' but the consumer didn't ask for it
- Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
- Provides a library but the consumer didn't ask for it
- Configuration ':app:debugApiElements' variant android-feature-res-ap_ declares a component for use during compile-time, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.0.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Unmatched attributes:
- Provides attribute 'artifactType' with value 'android-feature-res-ap_' but the consumer didn't ask for it
- Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
- Provides a library but the consumer didn't ask for it
- Configuration ':app:debugApiElements' variant android-feature-signing-config-data declares a component for use during compile-time, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.0.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Unmatched attributes:
- Provides attribute 'artifactType' with value 'android-feature-signing-config-data' but the consumer didn't ask for it
- Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
- Provides a library but the consumer didn't ask for it
- Configuration ':app:debugApiElements' variant android-feature-signing-config-versions declares a component for use during compile-time, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.0.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Unmatched attributes:
- Provides attribute 'artifactType' with value 'android-feature-signing-config-versions' but the consumer didn't ask for it
- Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
- Provides a library but the consumer didn't ask for it
- Configuration ':app:debugApiElements' variant android-java-res declares a component for use during compile-time, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.0.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Unmatched attributes:
- Provides attribute 'artifactType' with value 'android-java-res' but the consumer didn't ask for it
- Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
- Provides a library but the consumer didn't ask for it
- Configuration ':app:debugApiElements' variant android-manifest-metadata declares a component for use during compile-time, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.0.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Unmatched attributes:
- Provides attribute 'artifactType' with value 'android-manifest-metadata' but the consumer didn't ask for it
- Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
- Provides a library but the consumer didn't ask for it
- Configuration ':app:debugApiElements' variant jar declares a component for use during compile-time, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.0.2', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
- Unmatched attributes:
- Provides attribute 'artifactType' with value 'jar' but the consumer didn't ask for it
- Provides attribute 'com.android.build.gradle.internal.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
- Provides a library but the consumer didn't ask for it
- Provides its elements packaged as a jar but the consumer didn't ask for it

But when i use the cyclonedxBom config like this:

cyclonedxBom {
// includeConfigs is the list of configuration names to include when generating the BOM (leave empty to include every configuration)
includeConfigs = ["runtimeClasspath"]
// skipConfigs is a list of configuration names to exclude when generating the BOM
skipConfigs = ["compileClasspath", "testCompileClasspath"]
// Specified the type of project being built. Defaults to 'library'
projectType = "application"
// Specified the version of the CycloneDX specification to use. Defaults to '1.4'
schemaVersion = "1.4"
// Boms destination directory. Defaults to 'build/reports'
destination = file("build/reports")
// The file name for the generated BOMs (before the file format suffix). Defaults to 'bom'
outputName = "bom"
// The file format generated, can be xml, json or all for generating both. Defaults to 'all'
outputFormat = "json"
}

i just get an empty bom that looks like this:

{
"bomFormat" : "CycloneDX",
"specVersion" : "1.4",
"serialNumber" : "urn:uuid:ff984595-c3c1-43c7-866d-6b99075e719f",
"version" : 1,
"metadata" : {
"timestamp" : "2023-07-17T11:17:57Z",
"tools" : [
{
"vendor" : "CycloneDX",
"name" : "cyclonedx-gradle-plugin",
"version" : "1.7.4"
}
],
"component" : {
"group" : "infoappandroid",
"name" : "app",
"version" : "unspecified",
"purl" : "pkg:maven/infoappandroid/app@unspecified?type=jar",
"type" : "application",
"bom-ref" : "pkg:maven/infoappandroid/app@unspecified?type=jar"
}
},
"dependencies" : [
{
"ref" : "pkg:maven/infoappandroid/app@unspecified?type=jar",
"dependsOn" : [ ]
}
]
}

i really don't know what to do, can someone help me?
@eazyenno
Copy link
Author

Fixed it

skipConfigs = [
        "debugCompileClasspath",
        "debugAndroidTestCompileClasspath",
        "debugUnitTestCompileClasspath",
        "releaseUnitTestCompileClasspath",
        "debugUnitTestRuntimeClasspath",
        "releaseUnitTestRuntimeClasspath"
]

This was my Problem

@github-actions GitHub Actions
Copy link

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jul 31, 2024
@skhokhlov
Copy link
Member

Main issue: #478

@skhokhlov skhokhlov added duplicate This issue or pull request already exists android Android related issues labels Jul 31, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
android Android related issues duplicate This issue or pull request already exists
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@skhokhlov @eazyenno