feat(Gradle): Use the correctly initialized DependencyGraphBuilder

Obtain the DependencyGraphBuilder via the function provided by
PackageManager to make sure that the exclusions are correctly
initialized. Add a fun test to verify this.

Signed-off-by: Oliver Heger <[email protected]>

Author: oheger-bosch

analyzer/src/funTest/assets/projects/synthetic/gradle-expected-output-scopes-excludes.yml

@@ -0,0 +1,185 @@
+---
+project:
+  id: "Gradle:org.ossreviewtoolkit.gradle.example:app:1.0.0"
+  definition_file_path: "analyzer/src/funTest/assets/projects/synthetic/gradle/app/build.gradle"
+  declared_licenses: []
+  declared_licenses_processed: {}
+  vcs:
+    type: ""
+    url: ""
+    revision: ""
+    path: ""
+  vcs_processed:
+    type: "Git"
+    url: "<REPLACE_URL>"
+    revision: "<REPLACE_REVISION>"
+    path: "analyzer/src/funTest/assets/projects/synthetic/gradle/app"
+  homepage_url: ""
+  scopes:
+  - name: "compileClasspath"
+    dependencies:
+    - id: "Gradle:org.ossreviewtoolkit.gradle.example:lib:1.0.0"
+      linkage: "PROJECT_DYNAMIC"
+  - name: "runtimeClasspath"
+    dependencies:
+    - id: "Gradle:org.ossreviewtoolkit.gradle.example:lib:1.0.0"
+      linkage: "PROJECT_DYNAMIC"
+      dependencies:
+      - id: "Maven:org.apache.commons:commons-text:1.1"
+        dependencies:
+        - id: "Maven:org.apache.commons:commons-lang3:3.5"
+      - id: "Maven:org.apache.struts:struts2-assembly:2.5.14.1"
+packages:
+- id: "Maven:org.apache.commons:commons-lang3:3.5"
+  purl: "pkg:maven/org.apache.commons/[email protected]"
+  authors:
+  - "Benedikt Ritter"
+  - "Carman Consulting, Inc."
+  - "CollabNet, Inc."
+  - "Duncan Jones"
+  - "Fredrik Westermarck"
+  - "Gary D. Gregory"
+  - "Henri Yandell"
+  - "Joerg Schaible"
+  - "Loic Guibert"
+  - "Matt Benson"
+  - "Niall Pemberton"
+  - "Oliver Heger"
+  - "Paul Benedict"
+  - "Rob Tompkins"
+  - "Robert Burrell Donkin"
+  - "SITA ATS Ltd"
+  - "Steven Caswell"
+  - "The Apache Software Foundation"
+  declared_licenses:
+  - "Apache License, Version 2.0"
+  declared_licenses_processed:
+    spdx_expression: "Apache-2.0"
+    mapped:
+      Apache License, Version 2.0: "Apache-2.0"
+  description: "Apache Commons Lang, a package of Java utility classes for the\n \
+    \ classes that are in java.lang's hierarchy, or are considered to be so\n  standard\
+    \ as to justify existence in java.lang."
+  homepage_url: "http://commons.apache.org/proper/commons-lang/"
+  binary_artifact:
+    url: "https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.5/commons-lang3-3.5.jar"
+    hash:
+      value: "6c6c702c89bfff3cd9e80b04d668c5e190d588c6"
+      algorithm: "SHA-1"
+  source_artifact:
+    url: "https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.5/commons-lang3-3.5-sources.jar"
+    hash:
+      value: "f7d878153e86a1cdddf6b37850e00a9f8bff726f"
+      algorithm: "SHA-1"
+  vcs:
+    type: "Git"
+    url: "http://git-wip-us.apache.org/repos/asf/commons-lang.git"
+    revision: "LANG_3_5"
+    path: ""
+  vcs_processed:
+    type: "Git"
+    url: "http://git-wip-us.apache.org/repos/asf/commons-lang.git"
+    revision: "LANG_3_5"
+    path: ""
+- id: "Maven:org.apache.commons:commons-text:1.1"
+  purl: "pkg:maven/org.apache.commons/[email protected]"
+  authors:
+  - "Benedikt Ritter"
+  - "Bruno P. Kinoshita"
+  - "Gary Gregory"
+  - "Rob Tompkins"
+  - "The Apache Software Foundation"
+  declared_licenses:
+  - "Apache License, Version 2.0"
+  declared_licenses_processed:
+    spdx_expression: "Apache-2.0"
+    mapped:
+      Apache License, Version 2.0: "Apache-2.0"
+  description: "Apache Commons Text is a library focused on algorithms working on\
+    \ strings."
+  homepage_url: "http://commons.apache.org/proper/commons-text/"
+  binary_artifact:
+    url: "https://repo.maven.apache.org/maven2/org/apache/commons/commons-text/1.1/commons-text-1.1.jar"
+    hash:
+      value: "c336bf600f44b88af356c8a85eef4af822b06a4d"
+      algorithm: "SHA-1"
+  source_artifact:
+    url: "https://repo.maven.apache.org/maven2/org/apache/commons/commons-text/1.1/commons-text-1.1-sources.jar"
+    hash:
+      value: "f0770f7f0472bf120ada47beecadce4056fbd20a"
+      algorithm: "SHA-1"
+  vcs:
+    type: "Git"
+    url: "http://git-wip-us.apache.org/repos/asf/commons-text.git"
+    revision: ""
+    path: ""
+  vcs_processed:
+    type: "Git"
+    url: "http://git-wip-us.apache.org/repos/asf/commons-text.git"
+    revision: ""
+    path: ""
+- id: "Maven:org.apache.struts:struts2-assembly:2.5.14.1"
+  purl: "pkg:maven/org.apache.struts/[email protected]"
+  authors:
+  - "Aleksandr Mashchenko"
+  - "Alexandru Popescu"
+  - "Apache Software Foundation"
+  - "Bob Lee"
+  - "Bruce A. Phillips"
+  - "Cedric Dumoulin"
+  - "Christian Grobmeier"
+  - "Christoph Nenning"
+  - "Dave Newton"
+  - "David H. DeWolf"
+  - "Don Brown"
+  - "Greg Huber"
+  - "James Holmes"
+  - "James Mitchell"
+  - "Jeromy Evans"
+  - "Johannes Geppert"
+  - "John Lindal"
+  - "Laurie Harper"
+  - "Lukasz Lenart"
+  - "Martin Cooper"
+  - "Mathias Bogaert"
+  - "Matt Raible"
+  - "Maurizio Cucchiara"
+  - "Michael Jouravlev"
+  - "Niall Pemberton"
+  - "Nils-Helge Garli Hegvik"
+  - "Paul Benedict"
+  - "Rainer Hermanns"
+  - "Rene Gielen"
+  - "Ted Husted"
+  - "Toby Jee"
+  - "Wendy Smoak"
+  - "Wes Wannemacher"
+  declared_licenses:
+  - "The Apache Software License, Version 2.0"
+  declared_licenses_processed:
+    spdx_expression: "Apache-2.0"
+    mapped:
+      The Apache Software License, Version 2.0: "Apache-2.0"
+  description: "Apache Struts 2"
+  homepage_url: "http://struts.apache.org/struts2-assembly/"
+  binary_artifact:
+    url: "https://repo.maven.apache.org/maven2/org/apache/struts/struts2-assembly/2.5.14.1/struts2-assembly-2.5.14.1-min-lib.zip"
+    hash:
+      value: "8e75a38e3b8ceb01e007c5899d8d29e7a075cb7d"
+      algorithm: "SHA-1"
+  source_artifact:
+    url: ""
+    hash:
+      value: ""
+      algorithm: ""
+  vcs:
+    type: "Git"
+    url: "https://gitbox.apache.org/repos/asf/struts.git"
+    revision: "STRUTS_2_5_14_1"
+    path: ""
+  vcs_processed:
+    type: "Git"
+    url: "https://gitbox.apache.org/repos/asf/struts.git"
+    revision: "STRUTS_2_5_14_1"
+    path: ""
+  is_metadata_only: true

analyzer/src/funTest/kotlin/managers/GradleFunTest.kt

@@ -32,7 +32,10 @@ import java.io.File
 import org.ossreviewtoolkit.downloader.VersionControlSystem
 import org.ossreviewtoolkit.downloader.vcs.Git
 import org.ossreviewtoolkit.model.config.AnalyzerConfiguration
+import org.ossreviewtoolkit.model.config.Excludes
 import org.ossreviewtoolkit.model.config.RepositoryConfiguration
+import org.ossreviewtoolkit.model.config.ScopeExclude
+import org.ossreviewtoolkit.model.config.ScopeExcludeReason
 import org.ossreviewtoolkit.utils.common.Os
 import org.ossreviewtoolkit.utils.common.ProcessCapture
 import org.ossreviewtoolkit.utils.ort.normalizeVcsUrl
@@ -107,6 +110,24 @@ class GradleFunTest : StringSpec() {
             patchActualResult(result.toYaml()) shouldBe expectedResult
         }
 
+        "Scopes are correctly excluded from the dependency graph" {
+            val definitionFile = projectDir.resolve("app/build.gradle")
+            val expectedResult = patchExpectedResult(
+                projectDir.resolveSibling("gradle-expected-output-scopes-excludes.yml"),
+                url = normalizeVcsUrl(vcsUrl),
+                revision = vcsRevision
+            )
+
+            val analyzerConfig = AnalyzerConfiguration(skipExcludedScopesInDependencyGraph = true)
+            val scopeExclude = ScopeExclude("test.*", ScopeExcludeReason.TEST_DEPENDENCY_OF)
+            val repoConfig = RepositoryConfiguration(excludes = Excludes(scopes = listOf(scopeExclude)))
+
+            val result = createGradle(analyzerConfig, repoConfig)
+                .resolveSingleProject(definitionFile, resolveScopes = true)
+
+            result.toYaml() shouldBe expectedResult
+        }
+
         // Disabled because despite following the example at [1] Gradle says there is "No service of type
         // ToolingModelBuilderRegistry available in GradleScopeServices".
         //
@@ -199,6 +220,8 @@ class GradleFunTest : StringSpec() {
             .requireSuccess()
     }
 
-    private fun createGradle() =
-        Gradle("Gradle", USER_DIR, AnalyzerConfiguration(), RepositoryConfiguration())
+    private fun createGradle(
+        analyzerConfig: AnalyzerConfiguration = AnalyzerConfiguration(),
+        repoConfig: RepositoryConfiguration = RepositoryConfiguration()
+    ) = Gradle("Gradle", USER_DIR, analyzerConfig, repoConfig)
 }

analyzer/src/main/kotlin/managers/Gradle.kt

@@ -54,7 +54,6 @@ import org.ossreviewtoolkit.model.VcsInfo
 import org.ossreviewtoolkit.model.config.AnalyzerConfiguration
 import org.ossreviewtoolkit.model.config.RepositoryConfiguration
 import org.ossreviewtoolkit.model.createAndLogIssue
-import org.ossreviewtoolkit.model.utils.DependencyGraphBuilder
 import org.ossreviewtoolkit.utils.common.Os
 import org.ossreviewtoolkit.utils.common.splitOnWhitespace
 import org.ossreviewtoolkit.utils.common.temporaryProperties
@@ -135,7 +134,7 @@ class Gradle(
 
     private val maven = MavenSupport(GradleCacheReader())
     private val dependencyHandler = GradleDependencyHandler(managerName, maven)
-    private val graphBuilder = DependencyGraphBuilder(dependencyHandler)
+    private val graphBuilder = createDependencyGraphBuilder(dependencyHandler)
 
     // The path to the root project. In a single-project, just points to the project path.
     private lateinit var rootProjectDir: File