Skip to content

Add support for Gradle version catalog dependencies #4704

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Kaushik-Kumar-CEG wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Add support for Gradle version catalog dependencies #4704

Kaushik-Kumar-CEG wants to merge 1 commit into from
+249 −5

Conversation

@Kaushik-Kumar-CEG
Copy link

@Kaushik-Kumar-CEG Kaushik-Kumar-CEG commented Jan 26, 2026
edited
Loading

Fixes #4521

Issue

Gradle parser reports incomplete Maven PURLs (e.g., pkg:maven/androidx) when scanning build.gradle files that use version catalog references like libs.androidx.appcompat.

Approach

  • Parse gradle/libs.versions.toml to resolve version catalog aliases to full Maven coordinates
  • Add DEPENDENCY-VERSION-CATALOG grammar rule to match libs.x.y.z patterns in the existing pygmars parser
  • Resolve catalog references during dependency extraction to generate complete PURLs

Before Fix:

  • Input: implementation libs.androidx.appcompat
  • Output: pkg:maven/androidx ❌ (incomplete)

After Fix:

  • Input: implementation libs.androidx.appcompat
  • Output: pkg:maven/androidx.appcompat/appcompat@1.6.1 ✅ (complete)

Summary of Changes

Modified:

  • src/packagedcode/build_gradle.py

    • Added TOML import for parsing version catalogs
    • Added grammar rule for version catalog syntax
    • Added parse_version_catalog() function to read and parse libs.versions.toml
    • Updated get_dependencies() to resolve catalog references

  • tests/packagedcode/test_build_gradle.py

    • Added test case for version catalog resolution

Added:

  • tests/packagedcode/data/build_gradle/groovy/fdroid-version-catalog/
    • Test build.gradle with catalog references
    • Sample libs.versions.toml file
    • Expected output with resolved PURLs

Implementation Details

Studied existing gradle parser patterns and followed the codebase conventions:

  • Used existing grammar-based parsing approach (consistent with DEPENDENCY-1 through DEPENDENCY-4 patterns)
  • Matched code style, naming conventions, and error handling patterns from similar functions
  • Minimal comments following repo standards

Verification

All tests pass

  • Ran full test suite for gradle parser (22 tests)
  • Verified existing groovy and kotlin tests still work
  • Tested edge cases: missing catalog, unresolved references, mixed dependencies
  • Confirmed no syntax errors and code compiles cleanly

BEFORE FIX

image

AFTER FIX

Screenshot 2026-01-26 112038

Ready for review. Happy to address any feedback or make adjustments as needed

Tasks

  • Reviewed contribution guidelines
  • PR is descriptively titled 📑 and links the original issue above 🔗
  • Tests pass -- look for a green checkbox ✔️ a few minutes after opening your PR
  • Commits are in uniquely-named feature branch and has no merge conflicts 📁
  • Updated documentation pages (if applicable)
  • Updated CHANGELOG.rst (if applicable)

@Kaushik-Kumar-CEG
Add support for Gradle version catalog dependencies
e94ee2e 
Signed-off-by: Kaushik <kaushikrjpm10@gmail.com>
@Kaushik-Kumar-CEG Kaushik-Kumar-CEG mentioned this pull request Jan 26, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Incorrect Maven packages reported when scanning build.gradle for an Android app

1 participant

@Kaushik-Kumar-CEG