Copy dependency BOMs to our GoB vomit repo

We currently deploy metadata files for vulnerability scanning
to a GoB repo. The Vomit team has requested that we provide
the .pom and .jar files for each dependency in the GoB repo
for their new manifest approach of scanning.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=235029408

gradle/build.gradle

@@ -127,6 +127,20 @@ ext.processDependencies = { Set<ResolvedDependency> deps ->
   }
 }
 
+ext.constructMavenCoordinate = { deps, distinctMetadata ->
+  if (deps.isEmpty()) {
+    return
+  }
+  deps.each { ResolvedDependency dep ->
+    if (dep.moduleGroup == "nomulus") {
+      return
+    }
+    def artifactId = "${dep.moduleGroup}:${dep.moduleName}:${dep.moduleVersion}"
+    distinctMetadata.add(artifactId)
+    rootProject.constructMavenCoordinate(dep.children, distinctMetadata)
+  }
+}
+
 allprojects {
   // Skip no-op project
   if (project.name == 'services') return
@@ -157,54 +171,32 @@ allprojects {
     }
   }
 
-  ext.urlExists = { url ->
+  // This task generates a Maven coordinate for each resolved dependency and
-    def connection = (HttpURLConnection) url.openConnection()
+  // stores them in the given file.
-    connection.setRequestMethod("HEAD")
+  task generateMavenCoordinateForDependency {
-    connection.connect()
-    if (connection.getResponseCode() == HttpURLConnection.HTTP_OK) {
-      return true
-    } else {
-      return false
-    }
-  }
-
-  ext.writeMetadata = { resolvedArtifact, url, gitRepositoryPath ->
-    def groupId = resolvedArtifact.moduleVersion.id.group
-    def artifactId = resolvedArtifact.moduleVersion.id.name
-    def version = resolvedArtifact.moduleVersion.id.version
-    def relativeFileName =
-        [groupId, artifactId, 'README.domainregistry'].join('/')
-    def metadataFile = new File(gitRepositoryPath, relativeFileName)
-    metadataFile.parentFile.mkdirs()
-    def writer = metadataFile.newWriter()
-    writer << "Name: ${artifactId}\n"
-    writer << "Url: ${url}\n"
-    writer << "Version: ${version}\n"
-    writer.close()
-  }
-
-// This task generates a metadata file for each resolved dependency artifact.
-// The file contains the name, url and version for the artifact.
-  task generateDependencyMetadata {
     doLast {
-      def distinctResolvedArtifacts = project.ext.getDistinctResolvedArtifacts()
+      def allconfigs = []
-      def defaultLayout = new org.sonatype.aether.util.layout.MavenDefaultLayout()
+      def distinctMetadata = [] as Set
+      if (!rootProject.mavenCoordinateFile) {
+        throw new IllegalArgumentException("mavenCoordinateFile must be set")
+      }
+      def outputFile = new File(rootProject.mavenCoordinateFile)
 
-      distinctResolvedArtifacts.values().each { resolvedArtifact ->
+      allconfigs.addAll(configurations)
-        def artifact = new org.sonatype.aether.util.artifact.DefaultArtifact(
+      // This only adds buildscript dependencies declare in this project.
-            resolvedArtifact.id.componentIdentifier.toString())
+      allconfigs.addAll(buildscript.configurations)
-        for (repository in project.repositories) {
+
-          def mavenRepository = (MavenArtifactRepository) repository
+      allconfigs.each {
-          def repositoryUri = URI.create(mavenRepository.url.toString())
+        if (!it.isCanBeResolved()) {
-          def artifactUri = repositoryUri.resolve(defaultLayout.getPath(artifact))
+          return
-          if (project.ext.urlExists(artifactUri.toURL())) {
-            project.ext.writeMetadata(
-                resolvedArtifact,
-                artifactUri.toURL(),
-                project.findProperty('privateRepository') + "/${project.name}")
-            break
-          }
         }
+        rootProject.constructMavenCoordinate(
+          it.resolvedConfiguration.firstLevelModuleDependencies,
+          distinctMetadata)
+      }
+
+      distinctMetadata.each { metadata ->
+        outputFile.append("${metadata}\n")
       }
     }
   }

gradle/gradle.properties

@@ -3,3 +3,4 @@ publishUrl=
 gcsBucket=
 gcsCredentialsFile=
 gcsMultithreadedUpload=
+mavenCoordinateFile=