bimargulies-google commented on a change in pull request #92: URL: https://github.com/apache/maven-dependency-plugin/pull/92#discussion_r465139379
########## File path: src/it/projects/analyze-testDependencyWithNonTestScope/src/main/java/hello/Hello.java ########## @@ -0,0 +1,24 @@ +package hello; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +public class Hello Review comment: Comment why you have a an empty class? ########## File path: src/it/projects/tree-verbose-small/pom.xml ########## @@ -0,0 +1,64 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + ~ Licensed to the Apache Software Foundation (ASF) under one + ~ or more contributor license agreements. See the NOTICE file + ~ distributed with this work for additional information + ~ regarding copyright ownership. The ASF licenses this file + ~ to you under the Apache License, Version 2.0 (the + ~ "License"); you may not use this file except in compliance + ~ with the License. You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, + ~ software distributed under the License is distributed on an + ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + ~ KIND, either express or implied. See the License for the + ~ specific language governing permissions and limitations + ~ under the License. + --> + +<project xmlns="http://maven.apache.org/POM/4.0.0"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> + <modelVersion>4.0.0</modelVersion> + + <groupId>org.apache.maven.its.dependency</groupId> + <artifactId>tree-verbose2</artifactId> + <version>1.0-SNAPSHOT</version> + + <name>VerboseTest2</name> + <description> + Test2 verbose dependency:tree with actual Maven version. Review comment: Can you clarify this comment; what do we mean by 'actual maven version'? ########## File path: src/main/java/org/apache/maven/plugins/dependency/tree/verbose/RepositoryUtility.java ########## @@ -0,0 +1,221 @@ +package org.apache.maven.plugins.dependency.tree.verbose; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + +import org.apache.maven.repository.internal.MavenRepositorySystemUtils; +import org.eclipse.aether.DefaultRepositorySystemSession; +import org.eclipse.aether.RepositorySystem; +import org.eclipse.aether.RepositorySystemSession; +import org.eclipse.aether.artifact.Artifact; +import org.eclipse.aether.artifact.DefaultArtifact; +import org.eclipse.aether.collection.DependencySelector; +import org.eclipse.aether.repository.LocalRepository; +import org.eclipse.aether.repository.RemoteRepository; +import org.eclipse.aether.resolution.VersionRangeRequest; +import org.eclipse.aether.resolution.VersionRangeResolutionException; +import org.eclipse.aether.resolution.VersionRangeResult; +import org.eclipse.aether.util.graph.selector.AndDependencySelector; +import org.eclipse.aether.util.graph.selector.ExclusionDependencySelector; +import org.eclipse.aether.util.graph.selector.ScopeDependencySelector; +import org.eclipse.aether.util.graph.transformer.ChainedDependencyGraphTransformer; +import org.eclipse.aether.util.graph.transformer.JavaDependencyContextRefiner; +import org.eclipse.aether.version.Version; + +import java.io.File; +import java.io.IOException; +import java.net.URI; +import java.net.URISyntaxException; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.util.Arrays; +import java.util.HashSet; +import java.util.Set; + + +/** + * Aether initialization. This is based on Apache Maven Resolver 1.4.2 or later. There are many other versions of Aether Review comment: Does 'base on' means 'works with'? ########## File path: src/main/java/org/apache/maven/plugins/dependency/tree/verbose/VerboseDependencyGraphBuilder.java ########## @@ -0,0 +1,329 @@ +package org.apache.maven.plugins.dependency.tree.verbose; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import org.apache.maven.model.DependencyManagement; +import org.apache.maven.model.Model; +import org.apache.maven.model.Repository; +import org.apache.maven.plugin.MojoExecutionException; +import org.apache.maven.project.MavenProject; +import org.eclipse.aether.DefaultRepositorySystemSession; +import org.eclipse.aether.RepositorySystem; +import org.eclipse.aether.artifact.Artifact; +import org.eclipse.aether.artifact.DefaultArtifact; +import org.eclipse.aether.collection.CollectRequest; +import org.eclipse.aether.graph.DefaultDependencyNode; +import org.eclipse.aether.graph.Dependency; +import org.eclipse.aether.graph.DependencyNode; +import org.eclipse.aether.repository.RemoteRepository; +import org.eclipse.aether.resolution.DependencyRequest; +import org.eclipse.aether.resolution.DependencyResult; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import static org.apache.maven.plugins.dependency.tree.verbose.RepositoryUtility.mavenRepositoryFromUrl; + +/** + * Builds the VerboseDependencyGraph + */ + +public class VerboseDependencyGraphBuilder +{ + private RepositorySystem repositorySystem; + + /** + * Maven repositories to use when resolving dependencies. + */ + private final List<RemoteRepository> repositories; + + public static final RemoteRepository CENTRAL = new RemoteRepository.Builder( "central", "default", + "https://repo1.maven.org/maven2/"; ).build(); + + public VerboseDependencyGraphBuilder() + { + this( Collections.singletonList( CENTRAL.getUrl() ) ); + } + + static + { + for ( Map.Entry<String, String> entry : OsProperties.detectOsProperties().entrySet() ) + { + System.setProperty( entry.getKey(), entry.getValue() ); + } + } + + /** + * @param mavenRepositoryUrls remote Maven repositories to search for dependencies + * @throws IllegalArgumentException if a URL is malformed or does not have an allowed scheme + */ + public VerboseDependencyGraphBuilder( Iterable<String> mavenRepositoryUrls ) + { + List<RemoteRepository> repositoryList = new ArrayList<RemoteRepository>(); + for ( String mavenRepositoryUrl : mavenRepositoryUrls ) + { + RemoteRepository repository = mavenRepositoryFromUrl( mavenRepositoryUrl ); + repositoryList.add( repository ); + } + this.repositories = repositoryList; + } + + public VerboseDependencyGraphBuilder( List<Repository> repositories ) + { + List<RemoteRepository> repositoryList = new ArrayList<RemoteRepository>(); + for ( Repository repo : repositories ) + { + repositoryList.add( mavenRepositoryFromUrl( repo.getUrl() ) ); + } + this.repositories = repositoryList; + } + + public DependencyNode buildVerboseGraphNoManagement( MavenProject project, RepositorySystem system ) + throws MojoExecutionException + { + repositorySystem = system; + List<org.apache.maven.model.Dependency> dependencies = project.getDependencies(); + + DependencyNode rootNode = new DefaultDependencyNode( getProjectDependency( project ) ); + + + for ( org.apache.maven.model.Dependency dependency : dependencies ) + { + rootNode.getChildren().add( buildFullDependencyGraph( Collections.singletonList( dependency ), project ) ); + } + + // Don't want transitive test dependencies included in analysis + DependencyNode prunedRoot = pruneTransitiveTestDependencies( rootNode, project ); + applyDependencyManagement( project, prunedRoot ); + return prunedRoot; + } + + private void applyDependencyManagement( MavenProject project, DependencyNode root ) + { + Map<String, org.apache.maven.model.Dependency> dependencyManagementMap = createDependencyManagementMap( + project.getDependencyManagement() ); + + for ( DependencyNode child : root.getChildren() ) + { + for ( DependencyNode nonTransitiveDependencyNode : child.getChildren() ) + { + applyDependencyManagementDfs( dependencyManagementMap, nonTransitiveDependencyNode ); + } + } + } + + private void applyDependencyManagementDfs( Map<String, org.apache.maven.model.Dependency> dependencyManagementMap, + DependencyNode node ) + { + if ( dependencyManagementMap.containsKey( getDependencyManagementCoordinate( node.getArtifact() ) ) ) + { + org.apache.maven.model.Dependency manager = dependencyManagementMap.get( + getDependencyManagementCoordinate( node.getArtifact() ) ); + Map<String, String> artifactProperties = new HashMap<>(); + for ( Map.Entry<String, String> entry : node.getArtifact().getProperties().entrySet() ) + { + artifactProperties.put( entry.getKey(), entry.getValue() ); + } + + if ( !manager.getVersion().equals( node.getArtifact().getVersion() ) ) + { + artifactProperties.put( "preManagedVersion", node.getArtifact().getVersion() ); + node.setArtifact( node.getArtifact().setVersion( manager.getVersion() ) ); + } + + if ( !manager.getScope().equals( node.getDependency().getScope() ) ) + { + artifactProperties.put( "preManagedScope", node.getDependency().getScope() ); Review comment: Any temptation to constant-ize these strings? ########## File path: src/it/projects/analyze-testDependencyWithNonTestScope/invoker.properties ########## @@ -0,0 +1,21 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +invoker.goals = clean ${project.groupId}:${project.artifactId}:${project.version}:analyze-report +# don't know why it fails with Maven 2 on some weird java.lang.NoClassDefFoundError: org/apache/commons/logging/LogFactory Review comment: +1 ########## File path: src/main/java/org/apache/maven/plugins/dependency/tree/verbose/MavenRepositoryException.java ########## @@ -0,0 +1,34 @@ +package org.apache.maven.plugins.dependency.tree.verbose; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + +/** + * Error interacting with a remote or local Maven repository such as artifact not found. + */ +public class MavenRepositoryException extends Exception Review comment: Yea, either use an existing one or pick a more descriptive name. ########## File path: src/main/java/org/apache/maven/plugins/dependency/tree/verbose/VerboseGraphSerializer.java ########## @@ -0,0 +1,323 @@ +package org.apache.maven.plugins.dependency.tree.verbose; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import org.eclipse.aether.artifact.Artifact; +import org.eclipse.aether.graph.DependencyNode; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashMap; +import java.util.HashSet; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; +import java.util.Queue; +import java.util.Set; + +/** + * Parses dependency graph and outputs in text format for end user to review. + */ +public final class VerboseGraphSerializer +{ + private static final String LINE_START_LAST_CHILD = "\\- "; + private static final String LINE_START_CHILD = "+- "; + + public String serialize( DependencyNode root ) + { + Set<String> coordinateStrings = new HashSet<>(); + Map<String, String> coordinateVersionMap = new HashMap<>(); + StringBuilder builder = new StringBuilder(); + + // Use BFS to mirror how Maven resolves dependencies and use DFS to print the tree easily + Map<DependencyNode, String> nodeErrors = getNodeConflictMessagesBfs( root, coordinateStrings, + coordinateVersionMap ); + + // deal with root first + Artifact rootArtifact = root.getArtifact(); + builder.append( rootArtifact.getGroupId() ).append( ":" ).append( rootArtifact.getArtifactId() ).append( ":" ) + .append( rootArtifact.getExtension() ).append( ":" ).append( rootArtifact.getVersion() ).append( + System.lineSeparator() ); + + for ( int i = 0; i < root.getChildren().size(); i++ ) + { + if ( i == root.getChildren().size() - 1 ) + { + dfsPrint( root.getChildren().get( i ), LINE_START_LAST_CHILD, false, builder, nodeErrors ); + } + else + { + dfsPrint( root.getChildren().get( i ), LINE_START_CHILD, false, builder, nodeErrors ); + } + } + return builder.toString(); + } + + private static String getDependencyCoordinate( DependencyNode node ) + { + Artifact artifact = node.getArtifact(); + + if ( node.getDependency() == null ) + { + // should only get here if node is root + return artifact.getGroupId() + ":" + artifact.getArtifactId() + ":" + artifact.getExtension() + ":" + + artifact.getVersion(); + } + + String scope; + if ( artifact.getProperties().containsKey( "managedScope" ) ) + { + scope = artifact.getProperties().get( "managedScope" ); + } + else + { + scope = node.getDependency().getScope(); + } + + String coords = artifact.getGroupId() + ":" + artifact.getArtifactId() + ":" + artifact.getExtension() + ":" + + artifact.getVersion(); + + if ( scope != null && !scope.isEmpty() ) + { + coords = coords.concat( ":" + scope ); + } + return coords; + } + + private static String getVersionlessScopelessCoordinate( DependencyNode node ) + { + Artifact artifact = node.getArtifact(); + // scope not included because we check for scope conflicts separately + return artifact.getGroupId() + ":" + artifact.getArtifactId() + ":" + artifact.getExtension(); + } + + private static boolean isDuplicateDependencyCoordinate( DependencyNode node, Set<String> coordinateStrings ) + { + return coordinateStrings.contains( getDependencyCoordinate( node ) ); + } + + private static String versionConflict( DependencyNode node, Map<String, String> coordinateVersionMap ) + { + if ( coordinateVersionMap.containsKey( getVersionlessScopelessCoordinate( node ) ) ) + { + return coordinateVersionMap.get( getVersionlessScopelessCoordinate( node ) ); + } + return null; + } + + private static String scopeConflict( DependencyNode node, Set<String> coordinateStrings ) + { + Artifact artifact = node.getArtifact(); + List<String> scopes = Arrays.asList( "compile", "provided", "runtime", "test", "system" ); + + for ( String scope : scopes ) + { + String version; + if ( artifact.getProperties().containsKey( "version" ) ) + { + version = artifact.getProperties().get( "version" ); + } + else + { + version = artifact.getVersion(); + } + + String coordinate = artifact.getGroupId() + ":" + artifact.getArtifactId() + ":" + artifact.getExtension() + + ":" + version + ":" + scope; + if ( coordinateStrings.contains( coordinate ) ) + { + return scope; + } + } + return null; + } + + private Map<DependencyNode, String> getNodeConflictMessagesBfs( DependencyNode root, Set<String> coordinateStrings + , Map<String, String> coordinateVersionMap ) + { + Map<DependencyNode, String> nodeErrors = new HashMap<>(); + Set<DependencyNode> visitedNodes = new HashSet<>( 512 ); + Queue<DependencyNode> queue = new LinkedList<>(); + visitedNodes.add( root ); + queue.add( root ); + + while ( !queue.isEmpty() ) + { + DependencyNode node = queue.poll(); + + if ( node == null || node.getArtifact() == null ) + { + // Should never reach hit this condition with a proper graph sent in + nodeErrors.put( node, "Null Artifact Node" ); Review comment: Is this awful enough to warrant just throwing? ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
