Francis created MDEP-808:
----------------------------
Summary: Restrict dependency analysis by group id
Key: MDEP-808
URL: https://issues.apache.org/jira/browse/MDEP-808
Project: Maven Dependency Plugin
Issue Type: New Feature
Components: analyze
Affects Versions: 3.3.0
Reporter: Francis
On our project we have elected to run the dependency analysis only over our
inhouse authored dependencies. We want to run it for our groupId only.
Unfortunately the project is too mature and the poms would become too bloated
to run dependency analysis over all the dependencies. Even if this were
feasible, the real value in our project is having minimally declared
dependencies over the dependencies we author.
In order to achieve running the dependency analysis over our {{groupId}} only,
we've excluded third party dependencies by generous use of
{{ignoredUsedUndeclaredDependencies}} and
{{ignoredUnusedDeclaredDependencies}}, effectively only building a path to our
groupId. If the {{groupId}} is {{com.artic}} then we've got a long list of
exclusions, for example:
{noformat}
...
<ignoredUsedUndeclaredDependencies>
<ignoredUsedUndeclaredDependency>a*:*:*</ignoredUsedUndeclaredDependency>
<ignoredUsedUndeclaredDependency>b*:*:*
<!-- allow "c" as the first part of com -->
</ignoredUsedUndeclaredDependency>
<ignoredUsedUndeclaredDependency>d*:*:*</ignoredUsedUndeclaredDependency>
...
<ignoredUsedUndeclaredDependency>cm*:*:*</ignoredUsedUndeclaredDependency>
<ignoredUsedUndeclaredDependency>cn*:*:*</ignoredUsedUndeclaredDependency>
<!-- Ignore everything beginning c* excluding co* -->
<ignoredUsedUndeclaredDependency>cp*:*:*</ignoredUsedUndeclaredDependency>
<ignoredUsedUndeclaredDependency>cq*:*:*</ignoredUsedUndeclaredDependency>
{noformat}
While this works, it's pretty ugly, and because it sits high up on our pom
hierarchy it makes it harder to re-use the
{{ignoredUsedUndeclaredDependencies}} and {{ignoredUnusedDeclaredDependencies}}
for having to restate all the third party dependencies.
Ideally it would be possible to specify running the dependency analyze for a
specific groupId only.
Suggestion is to introduce a new allow list whereby the dependency analysis is
only run for the groupIds listed. Could also include the artifactId as well.
Suggested name for new parameter is:
{{noformat}}
analyzeDependencies, String[], List of dependencies that will be analysed if
they are declared but unused. The filter syntax is:
[groupId]:[artifactId]
where each pattern segment is optional and supports full and partial *
wildcards. An empty pattern segment is treated as an implicit wildcard.
Omitting this parameter will result in the analysis being run for all
dependencies.
{{noformat}}
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
