Run flake8 directly instead of pytest-flake8

[woocheol-lge]

Description

Run flake8 directly instead of pytest-flake8

Summary by CodeRabbit

• New Features

  • Added support for Kotlin DSL Gradle build files (build.gradle.kts) alongside Groovy (build.gradle).

• Improvements

  • Enhanced detection for Android vs pure Gradle projects when both Groovy and Kotlin build files are present.
  • Improved parsing of Gradle license report outputs, including normalization and handling of varying JSON shapes.
  • Refined warning/error messages when the Gradle wrapper is not available.

• Chores

  • Updated development/testing dependencies and tox flake8 execution.
  • Refreshed Gradle license report test fixtures (including updated/removal report artifacts).

[coderabbitai]

Warning

Review limit reached

@woocheol-lge, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 57 minutes and 57 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more credits in the billing tab to continue.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: d2a7647f-e064-4ea8-93bc-fba1296a4752

📥 Commits

Reviewing files that changed from the base of the PR and between 191a3b2 and ca6eac1.

📒 Files selected for processing (2)

• requirements-dev.txt
• tox.ini

📝 Walkthrough

Walkthrough

Adds Kotlin DSL (build.gradle.kts) support throughout the Gradle scanning pipeline, introduces a new add_gradle_plugin_in_gradle method that injects the com.github.jk1.dependency-license-report plugin into Gradle build files with DSL-aware configuration, refactors parse_oss_information to handle both list and dict JSON schemas from the plugin output, updates scanner detection logic, replaces test fixtures, and migrates flake8 invocation from pytest-flake8 to standalone flake8 src.

Changes

Gradle Kotlin DSL and License Plugin Injection

Layer / File(s)	Summary
SUPPORT_PACKAGE expansion and Gradle wrapper version helper src/fosslight_dependency/constant.py, src/fosslight_dependency/_package_manager.py	SUPPORT_PACKAGE[GRADLE] changed to a list containing both build.gradle and build.gradle.kts. get_gradle_version_from_wrapper added to read wrapper properties and return a numeric version tuple.
add_gradle_plugin_in_gradle: DSL-aware plugin injection src/fosslight_dependency/_package_manager.py	New method selects dependency-license-report plugin version based on wrapper Gradle version, builds DSL-specific imports and licenseReport config with a custom JSON renderer, and inserts or prepends a plugins {} block into the build file.
run_gradle_task orchestration: plugin execution and cleanup src/fosslight_dependency/_package_manager.py	Plugin injection now runs before allDeps addition. Branches plugin auto-run between Android generateLicenseTxt and Gradle generateLicenseReport. Emits plugin-specific warnings when gradlew is missing. Restores module-level build.gradle backup defensively in finally. Fixes add_allDeps_in_gradle to use logger.warning.
Dual-schema JSON parsing and license normalization src/fosslight_dependency/package_manager/Gradle.py	Adds normalize_license_name_from_name to sanitize license strings. parse_oss_information branches on list vs dict JSON shapes, extracts module* fields, skips POM lookup for Gradle plugins, sets No_License_Detected fallback, and rebuilds purl/download-location generation.
Scanner detection update and JSON fixture replacement src/fosslight_dependency/run_dependency_scanner.py, tests/test_gradle/jib/build/reports/license/dependency-license.json	find_package_manager iterates both Groovy and Kotlin DSL build files with broadened keyword sets and case-insensitive checks. Test JSON fixture rewritten to the array-of-modules schema produced by the jk1 plugin. Old HTML/XML report fixtures removed.

Dev Tooling: flake8 and tox cleanup

Layer / File(s)	Summary
tox.ini and dev dependency flake8 migration tox.ini, requirements-dev.txt	testenv:test_run and testenv:release_flake8 run flake8 src directly instead of pytest -v --flake8 src. allowlist_externals trailing whitespace removed. pytest-flake8 removed from requirements-dev.txt.

Sequence Diagram(s)

sequenceDiagram
  participant Scanner as find_package_manager
  participant PackageManager as run_gradle_task
  participant Injector as add_gradle_plugin_in_gradle
  participant WrapperParser as get_gradle_version_from_wrapper
  participant Parser as parse_oss_information

  Scanner->>Scanner: detect build.gradle / build.gradle.kts
  Scanner->>PackageManager: run with detected build file
  PackageManager->>Injector: inject plugin into gradle_file
  Injector->>WrapperParser: read gradle-wrapper.properties
  WrapperParser-->>Injector: Gradle version tuple
  Injector->>Injector: select plugin version, build DSL-specific config
  Injector-->>PackageManager: plugin_injected=True
  PackageManager->>PackageManager: run generateLicenseReport or generateLicenseTxt
  PackageManager->>Parser: dependency-license.json path
  Parser->>Parser: branch on list vs dict schema, normalize licenses
  Parser-->>PackageManager: OssItem list

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• fosslight/fosslight_dependency_scanner#298: Directly overlaps with run_dependency_scanner.py's Gradle vs Android build file classification and mismatch-removal logic in find_package_manager.

Suggested labels

chore

Suggested reviewers

• dd-jy

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the primary change: replacing pytest-flake8 with direct flake8 execution. This is reflected in requirements-dev.txt and tox.ini modifications.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch flask_test

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/fosslight_dependency/_package_manager.py`:
- Around line 154-186: The subprocess.run calls for Gradle plugin execution lack
timeout parameters, which can cause dependency scanning to hang indefinitely if
Gradle dependency resolution stalls. Add a timeout parameter to both
subprocess.run calls: the first one in the const.ANDROID conditional block
running generateLicenseTxt command and the second one in the const.GRADLE
conditional block running generateLicenseReport command. This ensures that if
the Gradle process takes too long, it will be terminated rather than blocking
indefinitely.
- Around line 386-412: When an existing plugins block is found, imports are
prepended at line 387 before all data. However, when creating a new plugins
block in the else clause (around line 410-412), the new block is prepended
before data without accounting for the imports that were already added at line
387, causing inconsistent ordering where the new plugins block appears before
imports instead of after. To fix this, modify the line that prepends the new
plugins block so that imports remain at the top of the file. Instead of
prepending the new_plugins_block directly to data (which includes the imports),
insert the new block after the imports portion by reconstructing the data string
to maintain the order: imports first, then the new plugins block, then the
remaining data.

In `@src/fosslight_dependency/package_manager/Gradle.py`:
- Around line 55-56: The code currently reads moduleUrl (singular) from the
dictionary, but the new fixture schema provides moduleUrls (plural array).
Update the dictionary key lookup from moduleUrl to moduleUrls when retrieving
the module URL value on line 55. This change will ensure that homepage metadata
is correctly read from the new schema format and prevent the fallback to Maven
URL in the subsequent logic at lines 130-133, allowing the proper homepage URL
to be used when available.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 175d281f-2169-44f4-b041-98d0ee1b7ebf

📥 Commits

Reviewing files that changed from the base of the PR and between fa6c0d5 and c4ad535.

📒 Files selected for processing (12)

• requirements-dev.txt
• src/fosslight_dependency/_package_manager.py
• src/fosslight_dependency/constant.py
• src/fosslight_dependency/package_manager/Gradle.py
• src/fosslight_dependency/run_dependency_scanner.py
• tests/test_gradle/jib/build/reports/license/dependency-license.html
• tests/test_gradle/jib/build/reports/license/dependency-license.json
• tests/test_gradle/jib/build/reports/license/dependency-license.xml
• tests/test_gradle/jib/build/reports/license/license-dependency.html
• tests/test_gradle/jib/build/reports/license/license-dependency.json
• tests/test_gradle/jib/build/reports/license/license-dependency.xml
• tox.ini

💤 Files with no reviewable changes (6)

• tests/test_gradle/jib/build/reports/license/license-dependency.xml
• tests/test_gradle/jib/build/reports/license/dependency-license.xml
• tests/test_gradle/jib/build/reports/license/license-dependency.html
• tests/test_gradle/jib/build/reports/license/dependency-license.html
• tests/test_gradle/jib/build/reports/license/license-dependency.json
• requirements-dev.txt