Replace Gradle license analysis with jk1 for Groovy and Kotlin DSL#314
Open
woocheol-lge wants to merge 1 commit into
Open
Replace Gradle license analysis with jk1 for Groovy and Kotlin DSL#314woocheol-lge wants to merge 1 commit into
woocheol-lge wants to merge 1 commit into
Conversation
|
Warning Review limit reached
More reviews will be available in 12 minutes and 7 seconds. Learn how PR review limits work. Your organization has run out of usage credits. Purchase more credits in the billing tab to continue. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (11)
📝 WalkthroughWalkthroughAdds Kotlin DSL detection to ChangesGradle License Report Plugin Integration
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Possibly related PRs
Suggested reviewers
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (1)
src/fosslight_dependency/package_manager/Gradle.py (1)
258-259: 💤 Low valueConsider using SPDX identifiers for public domain/unlicense.
"Public-Domain" is not a standard SPDX identifier. Consider:
- Return
"Unlicense"when the URL containsunlicense- Return
"CC0-1.0"for public domain dedications where appropriateThis would improve consistency with the other SPDX-style license names returned by this function.
🔧 Suggested fix
- if 'publicdomain' in url_lower or 'unlicense' in url_lower: - return "Public-Domain" + if 'unlicense' in url_lower: + return "Unlicense" + + if 'publicdomain' in url_lower: + return "CC0-1.0"🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/fosslight_dependency/package_manager/Gradle.py` around lines 258 - 259, Update the URL-to-license mapping in Gradle.py so it returns SPDX identifiers: change the branch that checks url_lower for 'unlicense' and 'publicdomain' to return "Unlicense" for URLs containing 'unlicense' and "CC0-1.0" for URLs containing 'publicdomain' (replace the current "Public-Domain" return), ensuring the conditional using url_lower is updated accordingly and any callers that expect SPDX-style strings are left consistent.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@src/fosslight_dependency/_package_manager.py`:
- Around line 311-316: The Kotlin DSL branch currently sets
output_property_access = 'outputDir' for all plugin_version values; change the
logic so that when plugin_version is v3+ (e.g., >= '3' or specifically for
'3.1.2' and above) output_property_access is set to 'absoluteOutputDir'
(matching the Groovy branch) and update the comment to reflect that v3+ uses
absoluteOutputDir (e.g., replace the misleading "v3+ might use
absoluteOutputDir" comment). Locate and modify the code that checks
plugin_version and assigns output_property_access in the Kotlin DSL path (the
variables plugin_version and output_property_access) so both Kotlin and Groovy
align on using 'absoluteOutputDir' for v3+.
In `@tests/test_gradle/jib/build/reports/license/dependency-license.json`:
- Around line 471-479: The parser in
src/fosslight_dependency/package_manager/Gradle.py (parse_oss_information) is
keeping the raw lic_name when lic_url is null, so entries like
"\"Apache-2.0\";link=\"https://...\"" survive instead of normalizing; update
parse_oss_information to detect and normalize lic_name when lic_url is missing
by stripping surrounding quotes and removing any trailing ;link="..." segment
(e.g., split on ';link=' or a regex, then strip quotes/whitespace) before using
lic_name, and also deduplicate/join moduleLicenses so oss_item.license contains
only the clean "Apache-2.0" entry rather than the combined string.
---
Nitpick comments:
In `@src/fosslight_dependency/package_manager/Gradle.py`:
- Around line 258-259: Update the URL-to-license mapping in Gradle.py so it
returns SPDX identifiers: change the branch that checks url_lower for
'unlicense' and 'publicdomain' to return "Unlicense" for URLs containing
'unlicense' and "CC0-1.0" for URLs containing 'publicdomain' (replace the
current "Public-Domain" return), ensuring the conditional using url_lower is
updated accordingly and any callers that expect SPDX-style strings are left
consistent.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: d0301754-7050-4992-84cc-d74016d42204
📒 Files selected for processing (10)
src/fosslight_dependency/_package_manager.pysrc/fosslight_dependency/constant.pysrc/fosslight_dependency/package_manager/Gradle.pysrc/fosslight_dependency/run_dependency_scanner.pytests/test_gradle/jib/build/reports/license/dependency-license.htmltests/test_gradle/jib/build/reports/license/dependency-license.jsontests/test_gradle/jib/build/reports/license/dependency-license.xmltests/test_gradle/jib/build/reports/license/license-dependency.htmltests/test_gradle/jib/build/reports/license/license-dependency.jsontests/test_gradle/jib/build/reports/license/license-dependency.xml
💤 Files with no reviewable changes (5)
- tests/test_gradle/jib/build/reports/license/license-dependency.html
- tests/test_gradle/jib/build/reports/license/license-dependency.xml
- tests/test_gradle/jib/build/reports/license/license-dependency.json
- tests/test_gradle/jib/build/reports/license/dependency-license.xml
- tests/test_gradle/jib/build/reports/license/dependency-license.html
woocheol-lge
force-pushed
the
g_test
branch
3 times, most recently
from
36a12ac to
f8ddbe8
Compare
There was a problem hiding this comment.
🧹 Nitpick comments (4)
src/fosslight_dependency/_package_manager.py (1)
517-530: 💤 Low valueConsider adding debug logging for parse failures.
The
try-except-passpattern works correctly as a fallback, but adding debug-level logging would help troubleshoot version detection issues without affecting functionality.♻️ Proposed improvement
try: with open(props_path, 'r', encoding='utf-8') as f: content = f.read() m = re.search(r'gradle-(\d+\.\d+(?:\.\d+)?)-', content) if m: return tuple(int(x) for x in m.group(1).split('.')) - except Exception: - pass + except Exception as e: + logger.debug(f"Failed to parse Gradle version from wrapper: {e}") return None🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/fosslight_dependency/_package_manager.py` around lines 517 - 530, The function get_gradle_version_from_wrapper swallows all exceptions and silent parse failures; add debug logging to capture why parsing failed by obtaining a logger (e.g., logger = logging.getLogger(__name__)) and logging both exceptions (use logger.debug(..., exc_info=True) inside the except block) and unsuccessful regex matches (log the props_path and a snippet or the whole content at debug level when m is None) so you can troubleshoot version detection without changing behavior.src/fosslight_dependency/package_manager/Gradle.py (3)
159-163: 💤 Low valueConsider narrowing the exception catch.
The
inoperator on line 160 should not raise exceptions ifrelation_treeis a valid dict. The broadExceptioncatch could mask unexpected issues likerelation_treebeingNoneor a non-dict type.♻️ Suggested refinement
try: if dep_key in self.relation_tree: dep_item.depends_on_raw = self.relation_tree[dep_key] - except Exception as e: + except (KeyError, TypeError) as e: logger.error(f"Fail to find dependency tree: {e}")🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/fosslight_dependency/package_manager/Gradle.py` around lines 159 - 163, The broad except around checking "if dep_key in self.relation_tree" should be narrowed and the root cause handled: ensure self.relation_tree is a mapping before using "in" (e.g., check "if isinstance(self.relation_tree, dict)" or "if self.relation_tree is not None and hasattr(self.relation_tree, '__contains__')"), then set dep_item.depends_on_raw = self.relation_tree[dep_key] only when present; replace the generic "except Exception as e" with a specific guard or catch (e.g., TypeError or KeyError) and update logger.error to log that specific condition referencing self.relation_tree and dep_key so unexpected None/non-dict values aren’t silently swallowed.Source: Linters/SAST tools
235-239: 💤 Low valueMinor: GPL version matching could have edge cases.
The substring check
'gplv3' in url_lowercould match unintended URLs likegplv32orlegplv3. Consider using word-boundary patterns or checking the full version string.This is unlikely to cause real issues given typical license URL formats.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/fosslight_dependency/package_manager/Gradle.py` around lines 235 - 239, The current substring checks in Gradle.py (the conditions using 'gplv3' and 'gplv2' against url_lower) can produce false positives; change these to precise matches by using a word-boundary regex or explicit URL/version patterns instead of plain substring checks (e.g., use re.search(r'\bgplv3\b', url_lower) or match '/gpl-3.0' and '/gpl-2.0' segments) when resolving the license in the method that inspects url_lower so that only true GPL-3.0 and GPL-2.0 references return "GPL-3.0" and "GPL-2.0" respectively.
271-272: Use SPDX license identifiers instead of "Public-Domain".
"Public-Domain"appears only insrc/fosslight_dependency/package_manager/Gradle.py, so there’s no established convention to rely on."Public-Domain"isn’t a standard SPDX identifier; map the cases separately (e.g., return"Unlicense"when the URL containsunlicense, and mappublicdomainto an appropriate SPDX identifier such as"CC0-1.0"or document a justified non-SPDX custom value).🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/fosslight_dependency/package_manager/Gradle.py` around lines 271 - 272, Replace the non-SPDX "Public-Domain" return in the Gradle.py URL-to-license mapping: locate the conditional that checks url_lower for 'publicdomain' or 'unlicense' and instead return SPDX identifiers—return "Unlicense" when 'unlicense' is present and return "CC0-1.0" (or another justified SPDX ID) when 'publicdomain' is present; update the conditional logic to check these cases separately and adjust any tests/comments to reflect the SPDX identifiers.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@src/fosslight_dependency/_package_manager.py`:
- Around line 517-530: The function get_gradle_version_from_wrapper swallows all
exceptions and silent parse failures; add debug logging to capture why parsing
failed by obtaining a logger (e.g., logger = logging.getLogger(__name__)) and
logging both exceptions (use logger.debug(..., exc_info=True) inside the except
block) and unsuccessful regex matches (log the props_path and a snippet or the
whole content at debug level when m is None) so you can troubleshoot version
detection without changing behavior.
In `@src/fosslight_dependency/package_manager/Gradle.py`:
- Around line 159-163: The broad except around checking "if dep_key in
self.relation_tree" should be narrowed and the root cause handled: ensure
self.relation_tree is a mapping before using "in" (e.g., check "if
isinstance(self.relation_tree, dict)" or "if self.relation_tree is not None and
hasattr(self.relation_tree, '__contains__')"), then set dep_item.depends_on_raw
= self.relation_tree[dep_key] only when present; replace the generic "except
Exception as e" with a specific guard or catch (e.g., TypeError or KeyError) and
update logger.error to log that specific condition referencing
self.relation_tree and dep_key so unexpected None/non-dict values aren’t
silently swallowed.
- Around line 235-239: The current substring checks in Gradle.py (the conditions
using 'gplv3' and 'gplv2' against url_lower) can produce false positives; change
these to precise matches by using a word-boundary regex or explicit URL/version
patterns instead of plain substring checks (e.g., use re.search(r'\bgplv3\b',
url_lower) or match '/gpl-3.0' and '/gpl-2.0' segments) when resolving the
license in the method that inspects url_lower so that only true GPL-3.0 and
GPL-2.0 references return "GPL-3.0" and "GPL-2.0" respectively.
- Around line 271-272: Replace the non-SPDX "Public-Domain" return in the
Gradle.py URL-to-license mapping: locate the conditional that checks url_lower
for 'publicdomain' or 'unlicense' and instead return SPDX identifiers—return
"Unlicense" when 'unlicense' is present and return "CC0-1.0" (or another
justified SPDX ID) when 'publicdomain' is present; update the conditional logic
to check these cases separately and adjust any tests/comments to reflect the
SPDX identifiers.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: d3f57318-b816-4e92-994f-109f0a77527e
📒 Files selected for processing (10)
src/fosslight_dependency/_package_manager.pysrc/fosslight_dependency/constant.pysrc/fosslight_dependency/package_manager/Gradle.pysrc/fosslight_dependency/run_dependency_scanner.pytests/test_gradle/jib/build/reports/license/dependency-license.htmltests/test_gradle/jib/build/reports/license/dependency-license.jsontests/test_gradle/jib/build/reports/license/dependency-license.xmltests/test_gradle/jib/build/reports/license/license-dependency.htmltests/test_gradle/jib/build/reports/license/license-dependency.jsontests/test_gradle/jib/build/reports/license/license-dependency.xml
💤 Files with no reviewable changes (5)
- tests/test_gradle/jib/build/reports/license/license-dependency.xml
- tests/test_gradle/jib/build/reports/license/license-dependency.json
- tests/test_gradle/jib/build/reports/license/license-dependency.html
- tests/test_gradle/jib/build/reports/license/dependency-license.xml
- tests/test_gradle/jib/build/reports/license/dependency-license.html
✅ Files skipped from review due to trivial changes (1)
- src/fosslight_dependency/constant.py
🚧 Files skipped from review as they are similar to previous changes (1)
- tests/test_gradle/jib/build/reports/license/dependency-license.json
dd-jy
requested changes
Jun 12, 2026
dd-jy
left a comment
dd-jy
left a comment
Contributor
There was a problem hiding this comment.
@woocheol-lge
license명 url 대신 name을 보거나, normalize_license_name_from_url에 들어있는 url 타입이 아닌 경우 name 보도록 수정해주시기 바랍니다.
There was a problem hiding this comment.
Actionable comments posted: 4
♻️ Duplicate comments (1)
src/fosslight_dependency/_package_manager.py (1)
301-307:⚠️ Potential issue | 🟠 Major | ⚡ Quick winKeep Kotlin DSL renderer output access aligned with Groovy for jk1 v3+.
The Kotlin branch still uses
data.project.licenseReport.outputDirfor every plugin version, while the Groovy branch switches toabsoluteOutputDirfor v3+. This appears to be the same jk1 v3+ output-directory mismatch flagged previously.🐛 Proposed fix
plugin_id_line = f' id("com.github.jk1.dependency-license-report") version "{plugin_version}"\n' output_config = ' outputDir = "$buildDir/reports/license"' - output_property_access = 'outputDir' + output_property_access = 'outputDir' if plugin_version in ('1.9', '2.9') else 'absoluteOutputDir'Please verify against the jk1 version used by this branch:
For jk1 Gradle-License-Report 3.1.2, should custom renderers access LicenseReportExtension.outputDir or absoluteOutputDir when writing report files?🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/fosslight_dependency/_package_manager.py` around lines 301 - 307, The Kotlin DSL renderer (when is_kts is true) uses a hardcoded output_property_access variable set to 'outputDir' for all jk1 plugin versions, but should conditionally use 'absoluteOutputDir' for jk1 v3+ to match the behavior already implemented in the Groovy branch. Update the assignment of output_property_access in the is_kts block to check the plugin_version and set it to 'absoluteOutputDir' when the version is 3 or higher, using the same version-checking logic that the Groovy branch uses to determine when to switch output directory access patterns.
🧹 Nitpick comments (1)
src/fosslight_dependency/package_manager/Gradle.py (1)
158-162: 💤 Low valueConsider narrowing the exception type.
The broad
Exceptioncatch (flagged by static analysis BLE001) could hide unexpected errors. Since this block only accessesself.relation_tree[dep_key], the expected failure modes areKeyErrororTypeError(ifrelation_treeisNone).- except Exception as e: + except (KeyError, TypeError) as e:Alternatively, if broader defensive catching is intentional, this is acceptable as-is given it's non-critical logging.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/fosslight_dependency/package_manager/Gradle.py` around lines 158 - 162, The broad Exception catch in the try-except block around the relation_tree access is flagged for being too general and could mask unexpected errors. Replace the generic Exception with more specific exception types that match the actual failure modes: catch KeyError for missing keys in the dictionary or TypeError if relation_tree is None, by changing the except clause to catch these specific exceptions instead of the blanket Exception type.Source: Linters/SAST tools
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@src/fosslight_dependency/_package_manager.py`:
- Around line 115-118: When the Gradle plugin is added via the
add_gradle_plugin_in_gradle method and the required dependency-license.json file
is still not created afterward, the scan should be marked as failed by setting
ret_task to False instead of allowing analysis to continue. Check the return
value from add_gradle_plugin_in_gradle (in file
src/fosslight_dependency/_package_manager.py at lines 115-118, 178-184, and
190-193) and when the file still does not exist after the method executes, set
ret_task = False to properly fail the scan, since Gradle.parse_oss_information()
requires this file to exist to function correctly.
- Line 157: The subprocess.run() calls in the Gradle plugin subprocess execution
can block indefinitely due to dependency resolution, daemon startup, or network
issues. Add timeout=600 parameter to the subprocess.run() calls and implement a
separate exception handler for subprocess.TimeoutExpired to provide an
actionable error message, following the established timeout pattern already
present elsewhere in the file. Apply this same timeout and exception handling
approach to all subprocess.run() calls in the Gradle plugin section to ensure
consistent timeout protection across all dependency resolution operations.
In `@src/fosslight_dependency/package_manager/Gradle.py`:
- Around line 232-233: The string literal 'opensource.org/licenses/CDDL-1.0'
contains uppercase characters but is being compared against url_lower, which is
a lowercased URL string. Change the string literal in the condition to use
lowercase 'cddl-1.0' instead so the comparison will match correctly when the URL
contains this license pattern.
- Around line 66-70: The membership test on line 67 in the Gradle.py file uses
incorrect syntax `not lic_name.lower() in multi_license_keywords` which should
be `lic_name.lower() not in multi_license_keywords` per Python style guidelines
(E713). Additionally, the current logic only matches exact keyword strings, so
it would match "dual" but not "Dual License". To properly detect multi-license
indicators within license names, change the logic to check if any of the
keywords in multi_license_keywords appear as a substring within the lowercased
lic_name, so that longer license name strings containing these keywords are
properly identified and skipped from URL-based normalization.
---
Duplicate comments:
In `@src/fosslight_dependency/_package_manager.py`:
- Around line 301-307: The Kotlin DSL renderer (when is_kts is true) uses a
hardcoded output_property_access variable set to 'outputDir' for all jk1 plugin
versions, but should conditionally use 'absoluteOutputDir' for jk1 v3+ to match
the behavior already implemented in the Groovy branch. Update the assignment of
output_property_access in the is_kts block to check the plugin_version and set
it to 'absoluteOutputDir' when the version is 3 or higher, using the same
version-checking logic that the Groovy branch uses to determine when to switch
output directory access patterns.
---
Nitpick comments:
In `@src/fosslight_dependency/package_manager/Gradle.py`:
- Around line 158-162: The broad Exception catch in the try-except block around
the relation_tree access is flagged for being too general and could mask
unexpected errors. Replace the generic Exception with more specific exception
types that match the actual failure modes: catch KeyError for missing keys in
the dictionary or TypeError if relation_tree is None, by changing the except
clause to catch these specific exceptions instead of the blanket Exception type.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 8aabba40-7160-46ee-b141-ac23fbbdf13f
📒 Files selected for processing (10)
src/fosslight_dependency/_package_manager.pysrc/fosslight_dependency/constant.pysrc/fosslight_dependency/package_manager/Gradle.pysrc/fosslight_dependency/run_dependency_scanner.pytests/test_gradle/jib/build/reports/license/dependency-license.htmltests/test_gradle/jib/build/reports/license/dependency-license.jsontests/test_gradle/jib/build/reports/license/dependency-license.xmltests/test_gradle/jib/build/reports/license/license-dependency.htmltests/test_gradle/jib/build/reports/license/license-dependency.jsontests/test_gradle/jib/build/reports/license/license-dependency.xml
💤 Files with no reviewable changes (5)
- tests/test_gradle/jib/build/reports/license/dependency-license.html
- tests/test_gradle/jib/build/reports/license/license-dependency.json
- tests/test_gradle/jib/build/reports/license/dependency-license.xml
- tests/test_gradle/jib/build/reports/license/license-dependency.xml
- tests/test_gradle/jib/build/reports/license/license-dependency.html
✅ Files skipped from review due to trivial changes (1)
- tests/test_gradle/jib/build/reports/license/dependency-license.json
🚧 Files skipped from review as they are similar to previous changes (1)
- src/fosslight_dependency/constant.py
woocheol-lge
force-pushed
the
g_test
branch
2 times, most recently
from
9661ab0 to
d6fecb5
Compare
dd-jy
reviewed
Jun 16, 2026
dd-jy
requested changes
Jun 16, 2026
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
src/fosslight_dependency/package_manager/Gradle.py (1)
149-153: 💤 Low valueConsider more specific exception handling or a pre-check.
The broad
Exceptioncatch could mask unexpected errors. Since the code already checksdep_key in self.relation_tree, aKeyErroris unlikely. The main risk isAttributeErrorifself.relation_treeisNone.Suggested improvement
- try: - if dep_key in self.relation_tree: - dep_item.depends_on_raw = self.relation_tree[dep_key] - except Exception as e: - logger.error(f"Fail to find dependency tree: {e}") + if self.relation_tree and dep_key in self.relation_tree: + dep_item.depends_on_raw = self.relation_tree[dep_key]🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/fosslight_dependency/package_manager/Gradle.py` around lines 149 - 153, The broad Exception catch in the dependency tree lookup could mask unexpected errors. Since the code already checks if dep_key exists in self.relation_tree, the main risk is AttributeError if self.relation_tree is None. Add a pre-check to verify self.relation_tree is not None before attempting the dictionary check, or replace the generic Exception catch with a specific AttributeError catch to handle the case where self.relation_tree could be None, while still allowing unexpected errors to surface for debugging.Source: Linters/SAST tools
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@src/fosslight_dependency/_package_manager.py`:
- Around line 301-309: The Kotlin DSL path unconditionally sets
output_property_access to 'outputDir', but it should conditionally select
between 'outputDir' (for plugin versions 1.9 and 2.9) and 'absoluteOutputDir'
(for v3+), matching the logic already implemented in the Groovy DSL path.
Replace the unconditional assignment of output_property_access = 'outputDir' in
the if is_kts block with conditional logic that checks the plugin_version and
assigns 'outputDir' if plugin_version is in ('1.9', '2.9'), otherwise assigns
'absoluteOutputDir', so that Kotlin DSL correctly resolves the output directory
for all plugin versions.
---
Nitpick comments:
In `@src/fosslight_dependency/package_manager/Gradle.py`:
- Around line 149-153: The broad Exception catch in the dependency tree lookup
could mask unexpected errors. Since the code already checks if dep_key exists in
self.relation_tree, the main risk is AttributeError if self.relation_tree is
None. Add a pre-check to verify self.relation_tree is not None before attempting
the dictionary check, or replace the generic Exception catch with a specific
AttributeError catch to handle the case where self.relation_tree could be None,
while still allowing unexpected errors to surface for debugging.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: e654cc50-04df-4268-93f1-bfcfd11558fb
📒 Files selected for processing (10)
src/fosslight_dependency/_package_manager.pysrc/fosslight_dependency/constant.pysrc/fosslight_dependency/package_manager/Gradle.pysrc/fosslight_dependency/run_dependency_scanner.pytests/test_gradle/jib/build/reports/license/dependency-license.htmltests/test_gradle/jib/build/reports/license/dependency-license.jsontests/test_gradle/jib/build/reports/license/dependency-license.xmltests/test_gradle/jib/build/reports/license/license-dependency.htmltests/test_gradle/jib/build/reports/license/license-dependency.jsontests/test_gradle/jib/build/reports/license/license-dependency.xml
💤 Files with no reviewable changes (5)
- tests/test_gradle/jib/build/reports/license/license-dependency.json
- tests/test_gradle/jib/build/reports/license/dependency-license.html
- tests/test_gradle/jib/build/reports/license/dependency-license.xml
- tests/test_gradle/jib/build/reports/license/license-dependency.xml
- tests/test_gradle/jib/build/reports/license/license-dependency.html
✅ Files skipped from review due to trivial changes (1)
- tests/test_gradle/jib/build/reports/license/dependency-license.json
🚧 Files skipped from review as they are similar to previous changes (1)
- src/fosslight_dependency/constant.py
… and Kotlin DSL Signed-off-by: woocheol <jayden6659@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Replace Gradle license analysis with jk1 for Groovy and Kotlin DSL
Summary by CodeRabbit
build.gradleandbuild.gradle.ktsduring detection and processing.