[ANE-695] gradle: check if configuration is deprecated (#1457)

jagonalez · web-flow · commit 855b7cdc4939 · 2024-08-16T15:54:39.000-06:00
* gradle: check if configuration is deprecated

* update changelog

* update gradle strategy

* polish
diff --git a/Changelog.md b/Changelog.md
@@ -1,5 +1,9 @@
 # FOSSA CLI Changelog
 
+## Unreleased
+
+- Gradle: ignore deprecated configurations ([#1457](https://github.com/fossas/fossa-cli/pull/1457))
+
 ## 3.9.30
 
 - Vendored Dependencies: add support for metadata (description, and homepage) for dependencies. ([#1455](https://github.com/fossas/fossa-cli/pull/1455))
diff --git a/docs/references/strategies/languages/gradle/gradle.md b/docs/references/strategies/languages/gradle/gradle.md
@@ -221,6 +221,13 @@ experimental:
 
 ## Reference
 
+### Deprecated Configurations
+
+> [!Note]
+> FOSSA CLI excludes deprecated configurations from analysis.
+
+With newer versions of gradle, some configurations are no longer supported (`compile` for example). Before the configurations are removed, gradle deprecates the configuration with a warning. These configurations should not declare dependencies and resolution will be incorrect ([see here](https://github.com/gradle/gradle/issues/8585)).
+
 ### Development and Test Configurations
 
 > [!NOTE]
diff --git a/scripts/jsondeps.gradle b/scripts/jsondeps.gradle
@@ -151,17 +151,17 @@ allprojects {
                 def jsonConfigs = []
                 // project.configurations returns a `ConfigurationContainer`, which iteself implements the `DomainObjectCollection` interface.
                 // This interface provides two additional ways of configuring elements in the collection in addition to Groovy's `each`:
-                // `all`, a method that eagerly executes the provided `Action` or `Closure` against the current elements of the collection 
+                // `all`, a method that eagerly executes the provided `Action` or `Closure` against the current elements of the collection
                 // **and** any subsequent additions
-                // and `configureEach`, a method that lazily executes the provied `Closure` against the current elements of the collection 
+                // and `configureEach`, a method that lazily executes the provied `Closure` against the current elements of the collection
                 // and anay additions on an as-needed basis.
                 //
                 // While theoretically the use of `each` should produce similar results to the use of `all` or `configureEach`, that cannot be
                 // guaranteed as other plugins or even gradle build authors also have the ability to access and modify the configurations during
                 // the Gradle configuration phase (eg, via dependency substitution). This is a particular risk for this script plugin, as it is
-                // highly likely that the jsonDepstask will be configured early in the configuration phase (because it is added as an init 
+                // highly likely that the jsonDepstask will be configured early in the configuration phase (because it is added as an init
                 // script). The solution here is to use `all` or `configureEach` for enhanced laziness; `all` seems most prudent given the
-                // functionaliy that this task attempts to achieve. 
+                // functionaliy that this task attempts to achieve.
                 //
                 // links:
                 // ConfiguationContainer: https://docs.gradle.org/current/javadoc/org/gradle/api/artifacts/ConfigurationContainer.html
@@ -174,7 +174,13 @@ allprojects {
                         // If we are in gradle v3.3 or greater (isCanBeResolved method should exists)
                         // And if configuration is not resolvable, disregard current config for dependency resolution.
                         if (config.respondsTo("isCanBeResolved") && !config.isCanBeResolved()) {
-                            printDebugToFossa ("Configuration is not resolvable: ${config}!", "projectToJsonWithResolutionApi")
+                            printDebugToFossa("Configuration is not resolvable: ${config}!", "projectToJsonWithResolutionApi")
+                            return null
+                        }
+                        // If we are in grade v6.0 we need to check `isFullyDeprecated` to ensure we ignore deprecated
+                        // configurations like `runtime`.
+                        if (config.respondsTo("isFullyDeprecated") && config.isFullyDeprecated()) {
+                            printDebugToFossa("Configuration is deprecated: ${config}", "projectToJsonWithResolutionApi")
                             return null
                         }
                         result = resolvedConfigToJSON (config)
