Problem
When the plugin resolves POM files for license extraction, failures are silently swallowed:
-
Network/resolution failures: createArtifactResolutionQuery() returns UnresolvedArtifactResult for POMs that can't be fetched. The plugin filters these out silently — the dependency just gets no license entry in the output.
-
Missing POM files: addLicensesFromPom() logs an error (POM file $pomFile for $group:$name does not exist) but continues. The build succeeds with incomplete license data.
-
No completeness validation: There's no check that every dependency in AGP's METADATA_LIBRARY_DEPENDENCIES_REPORT actually ended up with a license entry in the final output. Missing licenses are invisible to the user.
Impact
A build can produce third_party_licenses / third_party_license_metadata files that are silently missing license entries for some dependencies. This could be a compliance issue.
Considerations
- Some POMs legitimately have no
<licenses> block — should that be a warning vs. an error?
- Should there be a strict mode (fail on missing) vs. lenient mode (warn only)?
- Google Play Services artifacts bundle their own license data in the AAR, so missing POMs for those are less critical
Relevant code
OssLicensesPlugin.groovy — POM resolution query filters out UnresolvedArtifactResult silentlyLicensesTask.groovy:addLicensesFromPom() — logs error but doesn't failLicensesTask.groovy:addGooglePlayServiceLicenses() — logs warn but doesn't fail
Problem
When the plugin resolves POM files for license extraction, failures are silently swallowed:
Network/resolution failures:
createArtifactResolutionQuery()returnsUnresolvedArtifactResultfor POMs that can't be fetched. The plugin filters these out silently — the dependency just gets no license entry in the output.Missing POM files:
addLicensesFromPom()logs an error (POM file $pomFile for $group:$name does not exist) but continues. The build succeeds with incomplete license data.No completeness validation: There's no check that every dependency in AGP's
METADATA_LIBRARY_DEPENDENCIES_REPORTactually ended up with a license entry in the final output. Missing licenses are invisible to the user.Impact
A build can produce
third_party_licenses/third_party_license_metadatafiles that are silently missing license entries for some dependencies. This could be a compliance issue.Considerations
<licenses>block — should that be a warning vs. an error?Relevant code
OssLicensesPlugin.groovy— POM resolution query filters outUnresolvedArtifactResultsilentlyLicensesTask.groovy:addLicensesFromPom()— logs error but doesn't failLicensesTask.groovy:addGooglePlayServiceLicenses()— logs warn but doesn't fail