gradle 如何在Flutter项目中创建BOM表文件

eoigrqb6  于 2023-06-23  发布在  Flutter
关注(0)|答案(2)|浏览(183)

我试图为Flutter项目的Android部分创建一个BOM文件,用于安全扫描。
我添加了org.cyclonedx.bom(gradle插件)到gradle,我正在运行cyclonedxBom gradle任务,但我得到一个错误:

> Could not resolve all dependencies for configuration ':app:apiDependenciesMetadata'.
   > Could not resolve project :flutter_udid.
     Required by:
         project :app
      > The consumer was configured to find a usage of 'kotlin-metadata'Execution failed for task ':app:cyclonedxBom'. of a library, as well as attribute 'org.jetbrains.kotlin.platform.type' with value 'common'. However we cannot choose between the following variants of project :flutter_udid:
          - debugApiElements
          - profileApiElements
          - releaseApiElements
        All of them match the consumer attributes:
          - Variant 'debugApiElements' capability de.gigadroid.flutterudid:flutter_udid:1.0-SNAPSHOT declares an API of a library, as well as attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
              - Unmatched attributes:
                  - Provides attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug' but the consumer didn't ask for it
                  - Provides attribute 'com.android.build.api.attributes.VariantAttr' with value 'debug' but the consumer didn't ask for it
                  - Provides attribute 'org.gradle.jvm.environment' with value 'android' but the consumer didn't ask for it
          - Variant 'profileApiElements' capability de.gigadroid.flutterudid:flutter_udid:1.0-SNAPSHOT declares an API of a library, as well as attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
              - Unmatched attributes:
                  - Provides attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'profile' but the consumer didn't ask for it
                  - Provides attribute 'com.android.build.api.attributes.VariantAttr' with value 'profile' but the consumer didn't ask for it
                  - Provides attribute 'org.gradle.jvm.environment' with value 'android' but the consumer didn't ask for it
          - Variant 'releaseApiElements' capability de.gigadroid.flutterudid:flutter_udid:1.0-SNAPSHOT declares an API of a library, as well as attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
              - Unmatched attributes:
                  - Provides attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'release' but the consumer didn't ask for it
                  - Provides attribute 'com.android.build.api.attributes.VariantAttr' with value 'release' but the consumer didn't ask for it
                  - Provides attribute 'org.gradle.jvm.environment' with value 'android' but the consumer didn't ask for it

gradle中的依赖项看起来像

dependencies {
        classpath 'com.android.tools.build:gradle:4.2.0'
        classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:$kotlin_version"
        // Firebase
        classpath 'com.google.gms:google-services:4.3.15'
        classpath 'org.cyclonedx.bom:org.cyclonedx.bom.gradle.plugin:1.7.4'
    }
apply plugin: 'com.android.application'
apply plugin: 'kotlin-android'
// Firebase
apply plugin: 'com.google.gms.google-services'
// BOM generation https://github.com/CycloneDX/cyclonedx-gradle-plugin
apply plugin: 'org.cyclonedx.bom'
apply from: "$flutterRoot/packages/flutter_tools/gradle/flutter.gradle"

如何配置项目以生成发布版本的BOM?

pprl5pva

pprl5pva1#

错误消息表明消费者(您的项目)无法解析:app:apiDependenciesMetadata配置的依赖项,特别是:flutter_udid模块。似乎org.cyclonedx.bom插件在确定要使用的flutter_udid模块的适当变体时遇到了困难。
要配置项目以生成发布版本的BOM表(BOM),可以在Gradle配置中指定所需的变体。将以下代码添加到应用的build.gradle文件中:

configurations {
    // Configure the BOM generation for the release variant
    releaseBomMetadata.extendsFrom(apiElements.get().withVariantConstraints {
        // Constrain the variant to release
        it.attributes {
            attribute(org.jetbrains.kotlin.platform.type, 'androidJvm')
            attribute(com.android.build.api.attributes.BuildTypeAttr, 'release')
        }
    })
}

这个配置创建了一个名为releaseBomMetadata的新配置,它扩展了现有的apiElements配置。它对变体属性设置约束,以匹配flutter_udid模块的发布变体。
添加此配置后,您可以再次运行cyclonedxBom Gradle任务,它应该会生成发布版本的BOM。
注意:如果您希望使用不同的配置名称,请确保使用您选择的名称替换releaseBomMetadata。

33qvvth1

33qvvth12#

configurations {
    // Configure the BOM generation for the release variant
    releaseBomMetadata.extendsFrom(getConfigurations().getByName('apiElements').withVariantConstraints {
        // Constrain the variant to release
        it.attributes {
            attribute(org.jetbrains.kotlin.platform.type, 'androidJvm')
            attribute(com.android.build.api.attributes.BuildTypeAttr, 'release')
        }
    })
}

如果您喜欢不同的名称,请将'releaseBomMetadata'替换为所需的配置名称。
在进行这些更改之后,尝试再次运行cyclonedxBom Gradle任务,它应该会生成发布版本的BOM,而不会出现之前的错误。

相关问题