Kotlin task in 8.8 suddenly fails due to wrong directory

Hi there.

We use the snyk gradle plugin in gitlab-ci along with a java-17 container and gradle-wrapper.

The config in build.gradle.kts is:

snyk {
	println("using rootDir : $rootDir")
	println("using buildDir : $buildDir")
	println("using projectDir : $projectDir")
	setArguments("--org=myorg --project-environment=backend --project-tags=team=myteam")
	setSeverity("medium")
	setApi(System.getenv("SNYK_TOKEN"))
	setAutoUpdate(true)

}

and used to work fine up to gradle 8.7.

Neither the java 17 build container, nor the snyk gradle plugin, not the downloaded snyk executable changed since then, but all of a sudden, with gradle 8.8, the task fails with the following output:

[...]
Welcome to Gradle 8.8!

Here are the highlights of this release:
 - Running Gradle on Java 22
 - Configurable Gradle daemon JVM
 - Improved IDE performance for large projects

For more details see https://docs.gradle.org/8.8/release-notes.html

Starting a Gradle Daemon (subsequent builds will be faster)

> Configure project :
using rootDir : /builds/team/project
using buildDir : /builds/team/project/build
using projectDir : /builds/team/project


> Task :snyk-check-binary
look for standalone binary
no snyk standalone found
auto update snyk binary: 1.1289.0 -> 1.1291.1
Download version 1.1291.1 of snyk-linux
Downloading: https://static.snyk.io/cli/v1.1291.1/snyk-linux
Downloading finished
Using Snyk CLI version: 1.1291.1

> Task :snyk-test FAILED


Testing /builds/team/project/.gradle/daemon/8.8...

Could not detect supported target files in /builds/team/project/.gradle/daemon/8.8.
Please see our documentation for supported languages and target files: https://snyk.co/udVgQ and make sure you are in the right directory.

FAILURE: Build failed with an exception.

* What went wrong:
Execution failed for task ':snyk-test'.
> Snyk Test failed

Apparently, the snyk plgin seems to run from /builds/team/project/.gradle/daemon/8.8 instead of /builds/team/project. We verified this by checking that the binary has indeed been downloaded to that location. The snyk plugin cannot be configured to use a different path (and up to 8.8 never had to be).

Does anyone have any advice or suggestions as to how we could fix this?

Otherwise we have no choice as to pin to 8.7

Thanks a lot,
Sven

That actually has nothing to do with the Gradle version, you just were lucky it worked so far.

The Synk Gradle plugin is misbehaving here.
It assumes that the Project directory is the current user working directory.
This was never guaranteed and also is not always the case even before 8.8.

It often is the case, but it can be the daemon directory, it can be the IDE installation directory, …

There is no guarantee what the current user working directory is, and any Gradle plugin that assumes this has a bug that just waits for blowing off.

It is the same problem like if you use the File constructor with a relative path in any Java application.
The only case where this is appropriate is, if that relative path is coming from an argument the user gave on the commandline, as you can then assume he means it relative to his current working directory.

From a quick look I’d say this PR would fix it on-the-fly: Re-implement plugin using Kotlin and Gradle incremental build APIs by adam-dpg · Pull Request #17 · snyk/gradle-plugin · GitHub
It just seems to be stale

OK, thanks for the clarification. I have added some comments to the PR you mentioned.

Great, but please edit your comment.
I’m not affiliated to Gradle in any way.
I’m just a user like you, not a Gradle developer.