Pasquale Congiusti created CAMEL-22967:
------------------------------------------
Summary: [build] Add the dependency analyze maven feature
Key: CAMEL-22967
URL: https://issues.apache.org/jira/browse/CAMEL-22967
Project: Camel
Issue Type: Task
Reporter: Pasquale Congiusti
We are not executing this plugin which may turns very useful to help in
dependency management in long term. As an example taken from a random component:
{code}
[INFO] --- dependency:3.9.0:analyze (default-cli) @ camel-jetty ---
[WARNING] Used undeclared dependencies found:
[WARNING] org.apache.camel:camel-attachments:jar:4.18.0-SNAPSHOT:compile
[WARNING] org.apache.camel:camel-mock:jar:4.18.0-SNAPSHOT:test
[WARNING] org.hamcrest:hamcrest:jar:2.2:test
[WARNING] jakarta.xml.bind:jakarta.xml.bind-api:jar:4.0.4:compile
[WARNING] org.apache.camel:camel-core-model:jar:4.18.0-SNAPSHOT:compile
[WARNING] jakarta.activation:jakarta.activation-api:jar:2.1.4:compile
[WARNING] org.apache.camel:camel-test-junit5:jar:4.18.0-SNAPSHOT:test
[WARNING] org.apache.camel:camel-api:jar:4.18.0-SNAPSHOT:compile
[WARNING] org.junit.jupiter:junit-jupiter-api:jar:5.13.4:test
[WARNING] org.apache.httpcomponents.core5:httpcore5:jar:5.3.6:test
[WARNING] org.eclipse.jetty:jetty-io:jar:12.1.6:compile
[WARNING] org.apache.camel:camel-util:jar:4.18.0-SNAPSHOT:compile
[WARNING] org.slf4j:slf4j-api:jar:2.0.17:compile
[WARNING] org.apache.logging.log4j:log4j-api:jar:2.25.3:test
[WARNING] com.fasterxml.jackson.core:jackson-annotations:jar:2.19.4:test
[WARNING] org.mockito:mockito-core:jar:5.21.0:test
[WARNING] org.apache.camel:camel-core-engine:jar:4.18.0-SNAPSHOT:test
[WARNING] org.apache.camel:camel-http-base:jar:4.18.0-SNAPSHOT:compile
[WARNING] jakarta.servlet:jakarta.servlet-api:jar:6.1.0:compile
[WARNING] org.springframework:spring-context:jar:6.2.15:test
[WARNING] org.eclipse.jetty:jetty-http:jar:12.1.6:compile
[WARNING] Unused declared dependencies found:
[WARNING] org.eclipse.jetty.ee10:jetty-ee10-servlets:jar:12.1.6:compile
[WARNING] org.eclipse.jetty:jetty-client:jar:12.1.6:compile
[WARNING] org.apache.camel:camel-management:jar:4.18.0-SNAPSHOT:test
[WARNING] org.apache.camel:camel-spring-xml:jar:4.18.0-SNAPSHOT:test
[WARNING] org.apache.camel:camel-xpath:jar:4.18.0-SNAPSHOT:test
[WARNING] org.assertj:assertj-core:jar:3.27.7:test
[WARNING] org.apache.camel:camel-openapi-java:jar:4.18.0-SNAPSHOT:test
[WARNING] org.apache.camel:camel-jackson:jar:4.18.0-SNAPSHOT:test
[WARNING] org.apache.camel:camel-jacksonxml:jar:4.18.0-SNAPSHOT:test
[WARNING] org.junit.jupiter:junit-jupiter:jar:5.13.4:test
[WARNING] org.apache.logging.log4j:log4j-slf4j2-impl:jar:2.25.3:test
[WARNING] Non-test scoped test only dependencies found:
[WARNING] jakarta.xml.bind:jakarta.xml.bind-api:jar:4.0.4:compile
[WARNING] org.eclipse.jetty:jetty-security:jar:12.1.6:compile
[WARNING] org.eclipse.jetty.ee10:jetty-ee10-servlet:jar:12.1.6:compile
[WARNING] org.apache.camel:camel-core-model:jar:4.18.0-SNAPSHOT:compile
[WARNING] org.apache.camel:camel-util:jar:4.18.0-SNAPSHOT:compile
[WARNING] org.eclipse.jetty:jetty-http:jar:12.1.6:compile
{code}
This example shows we have grown a chaotic dependency management which is not
really declaring what each component directly use and instead leverage the
transitive dependencies which may disappear at any point in time during the
evolution of the software.
I advocate to introduce this plugin as a warning only during our regular build
(which will also show up locally, so, each dev can clean and fix the problems
he discovers). Additionally we can introduce a github action which fails the PR
that introduces any change which is not compliant. The latter can be a parallel
action to run during each PR and be not enforced at the beginning (while we
need time to clean older tech debt). In the long run (when all the project is
clean) it may turn into a policy enforncement rule.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
