Gradle Build fails resolving io.sqreen:libsqreen:15.0.0 (403 Forbidden from sqreen-ci-java S3) when building dd-trace-java agent with AppSec

[karthsil]

###Describe the bug

Building a dd-trace-java agent that includes AppSec code paths fails during dependency resolution for io.sqreen:libsqreen:15.0.0. Gradle attempts to fetch artifact metadata from an S3 location and receives HTTP 403 Forbidden, which completely breaks the build. The failing request is to: https://sqreen-ci-java.s3.amazonaws.com/jars/io.sqreen/libsqreen-15.0.0.xml

###To Reproduce

In a repository that builds dd-trace-java and the shaded agent that includes AppSec modules, run:

./gradlew clean :indeed:indeed-dd-java-agent:shadowJar

###Expected behavior

Dependency resolution for io.sqreen:libsqreen:15.0.0 should succeed (or use a supported public/mirrored repository or updated coordinates), allowing a clean build of the shaded agent with AppSec enabled.

###Actual behavior

Downloading https://services.gradle.org/distributions/gradle-8.5-all.zip

....................10%.....................20%.....................30%.....................40%.....................50%.....................60%....................70%.....................80%.....................90%.....................100%

Welcome to Gradle 8.5!

Here are the highlights of this release:

 - Support for running on Java 21

 - Faster first use with Kotlin DSL

 - Improved error and warning messages

For more details see https://docs.gradle.org/8.5/release-notes.html

Starting a Gradle Daemon (subsequent builds will be faster)

> Task :buildSrc:checkKotlinGradlePluginConfigurationErrors

> Task :buildSrc:call-site-instrumentation-plugin:copyCallSiteSources

> Task :buildSrc:call-site-instrumentation-plugin:compileJava

> Task :buildSrc:call-site-instrumentation-plugin:compileGroovy NO-SOURCE

> Task :buildSrc:call-site-instrumentation-plugin:processResources

> Task :buildSrc:call-site-instrumentation-plugin:classes

> Task :buildSrc:call-site-instrumentation-plugin:jar

> Task :buildSrc:call-site-instrumentation-plugin:assemble

> Task :buildSrc:call-site-instrumentation-plugin:shadowJar

> Task :buildSrc:generateExternalPluginSpecBuilders

> Task :buildSrc:extractPrecompiledScriptPluginPlugins

> Task :buildSrc:compilePluginsBlocks

> Task :buildSrc:call-site-instrumentation-plugin:compileTestJava

> Task :buildSrc:generatePrecompiledScriptPluginAccessors

> Task :buildSrc:generateScriptPluginAdapters

> Task :buildSrc:spotlessInternalRegisterDependencies

> Task :buildSrc:pluginDescriptors

> Task :buildSrc:processResources

> Task :buildSrc:call-site-instrumentation-plugin:compileTestGroovy

> Task :buildSrc:call-site-instrumentation-plugin:spotlessJava

> Task :buildSrc:call-site-instrumentation-plugin:spotlessJavaCheck

> Task :buildSrc:call-site-instrumentation-plugin:spotlessCheck

> Task :buildSrc:call-site-instrumentation-plugin:processTestResources NO-SOURCE

> Task :buildSrc:call-site-instrumentation-plugin:testClasses

> Task :buildSrc:call-site-instrumentation-plugin:test SKIPPED

> Task :buildSrc:call-site-instrumentation-plugin:check

> Task :buildSrc:call-site-instrumentation-plugin:build

> Task :buildSrc:compileKotlin

> Task :buildSrc:compileJava NO-SOURCE

> Task :buildSrc:compileGroovy

> Task :buildSrc:classes

> Task :buildSrc:jar

FAILURE: Build failed with an exception.

* What went wrong:

A problem occurred configuring project ':dd-java-agent:instrumentation:commons-codec-1'.

> Could not resolve all files for configuration ':dd-java-agent:instrumentation:commons-codec-1:testRuntimeClasspath'.

 > Could not resolve io.sqreen:libsqreen:15.0.0.

 Required by:

 project :dd-java-agent:instrumentation:commons-codec-1

 > Could not resolve io.sqreen:libsqreen:15.0.0.

 > Could not get resource 'https://sqreen-ci-java.s3.amazonaws.com/jars/io.sqreen/libsqreen-15.0.0.xml'.

 > Could not GET 'https://sqreen-ci-java.s3.amazonaws.com/jars/io.sqreen/libsqreen-15.0.0.xml'. Received status code 403 from server: Forbidden

 > Could not resolve io.sqreen:libsqreen:15.0.0.

 Required by:

 project :dd-java-agent:instrumentation:commons-codec-1 > project :dd-java-agent:testing > project :dd-java-agent:appsec

 > Could not resolve io.sqreen:libsqreen:15.0.0.

 > Could not get resource 'https://sqreen-ci-java.s3.amazonaws.com/jars/io.sqreen/libsqreen-15.0.0.xml'.

 > Could not GET 'https://sqreen-ci-java.s3.amazonaws.com/jars/io.sqreen/libsqreen-15.0.0.xml'. Received status code 403 from server: Forbidden

* Try:

> Run with --stacktrace option to get the stack trace.

> Run with --info or --debug option to get more log output.

> Get more help at https://help.gradle.org/.

Deprecated Gradle features were used in this build, making it incompatible with Gradle 9.0.

You can use '--warning-mode all' to show the individual deprecation warnings and determine if they come from your own scripts or plugins.

For more on this, please refer to https://docs.gradle.org/8.5/userguide/command_line_interface.html#sec:command_line_warnings in the Gradle documentation.

BUILD FAILED in 2m 42s

###Environment and Versions
Version of the library: io.sqreen:libsqreen:15.0.0
DataDog Java tracer version that uses the library: dd-trace-java v1.51.2 (AppSec module)
JVM version: Java 17/11/8 (OpenJDK)
Operating System: Linux

###Additional context
Build command: ./gradlew clean :indeed:indeed-dd-java-agent:shadowJar

Failure occurs while configuring project :dd-java-agent:instrumentation:commons-codec-1 resolving testRuntimeClasspath; Gradle attempts to fetch https://sqreen-ci-java.s3.amazonaws.com/jars/io.sqreen/libsqreen-15.0.0.xml and receives HTTP 403 Forbidden

Repository reference for AppSec deps context: https://github.com/DataDog/dd-trace-java/blob/v1.51.2/dd-java-agent/appsec/build.gradle

CC: @sezen-datadog @manuel-alvarez-alvarez