Building ZAP weekly from source - question about the addons
69 views
Skip to first unread message
Thomas Spear
Nov 22, 2023, 11:33:07 PM11/22/23
to ZAP User Group
Hi all,
I'm building ZAP weekly release from source in a docker container in my CI pipeline, and for a long time, it's been working without any issues.
This evening, I wanted to make some tweaks. Originally, we cloned the github repo to the container and built it with the gradle wrapper as per the docs.
The tweak I wanted to make was to remove git as a dependency for the build by using the docker feature `ADD <https git repo URL> /zapsrc` instead of doing `RUN apt-get update && apt-get install git && git clone -q --depth 1 <https git repo URL> /zapsrc`
So far so good, I was able to build ZAP itself with the above changes being implemented, however once gradle finishes building ZAP, it appears to try to clone a couple of other repos to install the addons. Since I'm no longer installing git to the container, I thought I would reach out to find out if there's a way to short-circuit the logic in gradle by pre-cloning the extensions somewhere, so that when the gradle wrapper gets to the point of trying to build the extensions, it will see they are already present, and not try to clone them.
If it helps, the relevant build command I'm running is:
RUN export JAVA_HOME='/opt/java/openjdk' \
ZAP_WEEKLY_ADDONS_NO_TEST=true \
GRADLE_OPTS="-Dorg.gradle.daemon=false -Dorg.gradle.logging.level=info" \
&& ./gradlew :zap:distWeekly
ZAP_WEEKLY_ADDONS_NO_TEST=true \
GRADLE_OPTS="-Dorg.gradle.daemon=false -Dorg.gradle.logging.level=info" \
&& ./gradlew :zap:distWeekly
And the error I get during build with the above changes:
#22 187.8 All projects evaluated.
1180#22 187.8 Task path ':zap:distWeekly' matched project ':zap'
1181#22 187.8 Task name matched 'distWeekly'
1182#22 187.8 Selected primary task 'distWeekly' from project :zap
1183#22 187.9 The configuration :zap:coverageDataElementsForTest is both consumable and declarable. This combination is incorrect, only one of these flags should be set.
1184#22 187.9 The configuration :zap:mainSourceElements is both consumable and declarable. This combination is incorrect, only one of these flags should be set.
1185#22 187.9 The configuration :zap:signatures is both resolvable and consumable. This is considered a legacy configuration and it will eventually only be possible to be one of these.
1186#22 187.9 The configuration :zap:signatures is both consumable and declarable. This combination is incorrect, only one of these flags should be set.
1187#22 187.9 Tasks to be executed: [task ':zap:buildWeeklyAddOns', task ':zap:cyclonedxRuntimeBom', task ':zap:compileJava', task ':zap:processResources', task ':zap:classes', task ':zap:jar', task ':zap:jarWithBom', task ':zap:distFiles', task ':zap:jarDaily', task ':zap:prepareDistWeekly', task ':zap:distWeekly']
1188#22 187.9 Tasks that were excluded: []
1189#22 187.9 Resolve mutations for :zap:buildWeeklyAddOns (Thread[Execution worker,5,main]) started.
1190#22 187.9 :zap:buildWeeklyAddOns (Thread[Execution worker,5,main]) started.
1191#22 188.4
1192#22 188.4 > Task :zap:buildWeeklyAddOns FAILED
1193#22 188.4 Custom actions are attached to task ':zap:buildWeeklyAddOns'.
1194#22 188.4 Caching disabled for task ':zap:buildWeeklyAddOns' because:
1195#22 188.4 Caching has not been enabled for the task
1196#22 188.4 Task ':zap:buildWeeklyAddOns' is not up-to-date because:
1197#22 188.4 Task has not declared any outputs despite executing actions.
1198#22 188.4 Starting process 'command 'git''. Working directory: /home/zapbuild/zaproxy/zap/build/tmp/buildWeeklyAddOns Command: git clone -q --depth 1 https://github.com/zaproxy/zap-extensions.git zap-extensions
1199#22 188.5
1200#22 188.5 FAILURE: Build failed with an exception.
1201#22 188.5
1202#22 188.5 * What went wrong:
1203#22 188.5 Execution failed for task ':zap:buildWeeklyAddOns'.
1204#22 188.5 > A problem occurred starting process 'command 'git''
1205#22 188.5
1206#22 188.5 * Try:
1207#22 188.5 > Run with --stacktrace option to get the stack trace.
1208#22 188.5 > Run with --debug option to get more log output.
1209#22 188.5 > Run with --scan to get full insights.
1210#22 188.5 > Get more help at https://help.gradle.org.
1211#22 188.5
1212#22 188.5 BUILD FAILED12 actionable tasks: 12 executed
1213#22 188.5 in 3m 8s
1214#22 ERROR: process "/bin/sh -c export JAVA_HOME='/opt/java/openjdk' ZAP_WEEKLY_ADDONS_NO_TEST=true GRADLE_OPTS=\"-Dorg.gradle.daemon=false -Dorg.gradle.logging.level=info\" && ./gradlew :zap:distWeekly && cd .. && unzip -qq zaproxy/zap/build/distributions/*.zip && rm -rf zaproxy" did not complete successfully: exit code: 1
thc...@gmail.com
Nov 23, 2023, 2:17:52 AM11/23/23
to zaprox...@googlegroups.com
Hi,
There's a dedicate group to dev related questions:
https://groups.google.com/group/zaproxy-develop
The build will use the repos that are already cloned under:
zaproxy/zap/build/tmp/buildWeeklyAddOns/
It will need the ones that are listed in:
https://github.com/zaproxy/zaproxy/blob/b35fcb487dab70ff6cba3c47be26c8b8d12909f9/zap/src/main/weekly-add-ons.json
Best regards.
There's a dedicate group to dev related questions:
https://groups.google.com/group/zaproxy-develop
The build will use the repos that are already cloned under:
zaproxy/zap/build/tmp/buildWeeklyAddOns/
It will need the ones that are listed in:
https://github.com/zaproxy/zaproxy/blob/b35fcb487dab70ff6cba3c47be26c8b8d12909f9/zap/src/main/weekly-add-ons.json
Best regards.
thc...@gmail.com
Nov 27, 2023, 11:52:58 AM11/27/23
to zaprox...@googlegroups.com
For the record, the build of the weekly no longer needs Git to clone the
repos.
Best regards.
repos.
Best regards.
Reply all
Reply to author
Forward
0 new messages