From 26490e607ed875b6594262b0f550bb36cfa8c721 Mon Sep 17 00:00:00 2001
From: shicong <shicong@google.com>
Date: Thu, 21 Feb 2019 11:10:29 -0800
Subject: [PATCH] Copy dependency BOMs to our GoB vomit repo

We currently deploy metadata files for vulnerability scanning
to a GoB repo. The Vomit team has requested that we provide
the .pom and .jar files for each dependency in the GoB repo
for their new manifest approach of scanning.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=235029408
---
 gradle/build.gradle      | 82 ++++++++++++++++++----------------------
 gradle/gradle.properties |  1 +
 2 files changed, 38 insertions(+), 45 deletions(-)

diff --git a/gradle/build.gradle b/gradle/build.gradle
index 6313237a2..83ece6ce7 100644
--- a/gradle/build.gradle
+++ b/gradle/build.gradle
@@ -127,6 +127,20 @@ ext.processDependencies = { Set<ResolvedDependency> deps ->
   }
 }
 
+ext.constructMavenCoordinate = { deps, distinctMetadata ->
+  if (deps.isEmpty()) {
+    return
+  }
+  deps.each { ResolvedDependency dep ->
+    if (dep.moduleGroup == "nomulus") {
+      return
+    }
+    def artifactId = "${dep.moduleGroup}:${dep.moduleName}:${dep.moduleVersion}"
+    distinctMetadata.add(artifactId)
+    rootProject.constructMavenCoordinate(dep.children, distinctMetadata)
+  }
+}
+
 allprojects {
   // Skip no-op project
   if (project.name == 'services') return
@@ -157,54 +171,32 @@ allprojects {
     }
   }
 
-  ext.urlExists = { url ->
-    def connection = (HttpURLConnection) url.openConnection()
-    connection.setRequestMethod("HEAD")
-    connection.connect()
-    if (connection.getResponseCode() == HttpURLConnection.HTTP_OK) {
-      return true
-    } else {
-      return false
-    }
-  }
-
-  ext.writeMetadata = { resolvedArtifact, url, gitRepositoryPath ->
-    def groupId = resolvedArtifact.moduleVersion.id.group
-    def artifactId = resolvedArtifact.moduleVersion.id.name
-    def version = resolvedArtifact.moduleVersion.id.version
-    def relativeFileName =
-        [groupId, artifactId, 'README.domainregistry'].join('/')
-    def metadataFile = new File(gitRepositoryPath, relativeFileName)
-    metadataFile.parentFile.mkdirs()
-    def writer = metadataFile.newWriter()
-    writer << "Name: ${artifactId}\n"
-    writer << "Url: ${url}\n"
-    writer << "Version: ${version}\n"
-    writer.close()
-  }
-
-// This task generates a metadata file for each resolved dependency artifact.
-// The file contains the name, url and version for the artifact.
-  task generateDependencyMetadata {
+  // This task generates a Maven coordinate for each resolved dependency and
+  // stores them in the given file.
+  task generateMavenCoordinateForDependency {
     doLast {
-      def distinctResolvedArtifacts = project.ext.getDistinctResolvedArtifacts()
-      def defaultLayout = new org.sonatype.aether.util.layout.MavenDefaultLayout()
+      def allconfigs = []
+      def distinctMetadata = [] as Set
+      if (!rootProject.mavenCoordinateFile) {
+        throw new IllegalArgumentException("mavenCoordinateFile must be set")
+      }
+      def outputFile = new File(rootProject.mavenCoordinateFile)
 
-      distinctResolvedArtifacts.values().each { resolvedArtifact ->
-        def artifact = new org.sonatype.aether.util.artifact.DefaultArtifact(
-            resolvedArtifact.id.componentIdentifier.toString())
-        for (repository in project.repositories) {
-          def mavenRepository = (MavenArtifactRepository) repository
-          def repositoryUri = URI.create(mavenRepository.url.toString())
-          def artifactUri = repositoryUri.resolve(defaultLayout.getPath(artifact))
-          if (project.ext.urlExists(artifactUri.toURL())) {
-            project.ext.writeMetadata(
-                resolvedArtifact,
-                artifactUri.toURL(),
-                project.findProperty('privateRepository') + "/${project.name}")
-            break
-          }
+      allconfigs.addAll(configurations)
+      // This only adds buildscript dependencies declare in this project.
+      allconfigs.addAll(buildscript.configurations)
+
+      allconfigs.each {
+        if (!it.isCanBeResolved()) {
+          return
         }
+        rootProject.constructMavenCoordinate(
+          it.resolvedConfiguration.firstLevelModuleDependencies,
+          distinctMetadata)
+      }
+
+      distinctMetadata.each { metadata ->
+        outputFile.append("${metadata}\n")
       }
     }
   }
diff --git a/gradle/gradle.properties b/gradle/gradle.properties
index ded949e07..6b9caf68d 100644
--- a/gradle/gradle.properties
+++ b/gradle/gradle.properties
@@ -3,3 +3,4 @@ publishUrl=
 gcsBucket=
 gcsCredentialsFile=
 gcsMultithreadedUpload=
+mavenCoordinateFile=