[
https://issues.apache.org/jira/browse/MDEP-808?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Francis updated MDEP-808:
-------------------------
Description:
On our project we have elected to run the dependency analysis only over our
inhouse authored dependencies. We want to run it for our groupId only.
Unfortunately the project is too mature and the poms would become too bloated
to run dependency analysis over all the dependencies. Even if this were
feasible, the real value in our project is having minimally declared
dependencies over the dependencies we author.
In order to achieve running the dependency analysis over our {{groupId}} only,
we've excluded third party dependencies by generous use of
{{ignoredUsedUndeclaredDependencies}} and
{{ignoredUnusedDeclaredDependencies}}, effectively only building a path to our
groupId. If the {{groupId}} is {{com.artic}} then we've got a long list of
exclusions, for example:
{noformat}
...
<ignoredUsedUndeclaredDependencies>
<ignoredUsedUndeclaredDependency>a*:*:*</ignoredUsedUndeclaredDependency>
<ignoredUsedUndeclaredDependency>b*:*:*
<!-- allow "c" as the first part of com -->
</ignoredUsedUndeclaredDependency>
<ignoredUsedUndeclaredDependency>d*:*:*</ignoredUsedUndeclaredDependency>
...
<ignoredUsedUndeclaredDependency>cm*:*:*</ignoredUsedUndeclaredDependency>
<ignoredUsedUndeclaredDependency>cn*:*:*</ignoredUsedUndeclaredDependency>
<!-- Ignore everything beginning c* excluding co* -->
<ignoredUsedUndeclaredDependency>cp*:*:*</ignoredUsedUndeclaredDependency>
<ignoredUsedUndeclaredDependency>cq*:*:*</ignoredUsedUndeclaredDependency>
{{noformat}}
While this works, it's pretty ugly, and because it sits high up on our pom
hierarchy it makes it harder to re-use the
{{ignoredUsedUndeclaredDependencies}} and {{ignoredUnusedDeclaredDependencies}}
for having to restate all the third party dependencies.
Ideally it would be possible to specify running the dependency analyze for a
specific groupId only.
Suggestion is to introduce a new allow list whereby the dependency analysis is
only run for the groupIds listed. Could also include the artifactId as well.
Suggested name for new parameter is:
{{noformat}}
analyzeDependencies, String[], List of dependencies that will be analysed if
they are declared but unused. The filter syntax is:
[groupId]:[artifactId]
where each pattern segment is optional and supports full and partial *
wildcards. An empty pattern segment is treated as an implicit wildcard.
Omitting this parameter will result in the analysis being run for all
dependencies.
{{noformat}}
was:
On our project we have elected to run the dependency analysis only over our
inhouse authored dependencies. We want to run it for our groupId only.
Unfortunately the project is too mature and the poms would become too bloated
to run dependency analysis over all the dependencies. Even if this were
feasible, the real value in our project is having minimally declared
dependencies over the dependencies we author.
In order to achieve running the dependency analysis over our {{groupId}} only,
we've excluded third party dependencies by generous use of
{{ignoredUsedUndeclaredDependencies}} and
{{ignoredUnusedDeclaredDependencies}}, effectively only building a path to our
groupId. If the {{groupId}} is {{com.artic}} then we've got a long list of
exclusions, for example:
{noformat}
...
<ignoredUsedUndeclaredDependencies>
<ignoredUsedUndeclaredDependency>a*:*:*</ignoredUsedUndeclaredDependency>
<ignoredUsedUndeclaredDependency>b*:*:*
<!-- allow "c" as the first part of com -->
</ignoredUsedUndeclaredDependency>
<ignoredUsedUndeclaredDependency>d*:*:*</ignoredUsedUndeclaredDependency>
...
<ignoredUsedUndeclaredDependency>cm*:*:*</ignoredUsedUndeclaredDependency>
<ignoredUsedUndeclaredDependency>cn*:*:*</ignoredUsedUndeclaredDependency>
<!-- Ignore everything beginning c* excluding co* -->
<ignoredUsedUndeclaredDependency>cp*:*:*</ignoredUsedUndeclaredDependency>
<ignoredUsedUndeclaredDependency>cq*:*:*</ignoredUsedUndeclaredDependency>
{noformat}
While this works, it's pretty ugly, and because it sits high up on our pom
hierarchy it makes it harder to re-use the
{{ignoredUsedUndeclaredDependencies}} and {{ignoredUnusedDeclaredDependencies}}
for having to restate all the third party dependencies.
Ideally it would be possible to specify running the dependency analyze for a
specific groupId only.
Suggestion is to introduce a new allow list whereby the dependency analysis is
only run for the groupIds listed. Could also include the artifactId as well.
Suggested name for new parameter is:
{{noformat}}
analyzeDependencies, String[], List of dependencies that will be analysed if
they are declared but unused. The filter syntax is:
[groupId]:[artifactId]
where each pattern segment is optional and supports full and partial *
wildcards. An empty pattern segment is treated as an implicit wildcard.
Omitting this parameter will result in the analysis being run for all
dependencies.
{{noformat}}
> Restrict dependency analysis by group id
> ----------------------------------------
>
> Key: MDEP-808
> URL: https://issues.apache.org/jira/browse/MDEP-808
> Project: Maven Dependency Plugin
> Issue Type: New Feature
> Components: analyze
> Affects Versions: 3.3.0
> Reporter: Francis
> Priority: Major
>
> On our project we have elected to run the dependency analysis only over our
> inhouse authored dependencies. We want to run it for our groupId only.
> Unfortunately the project is too mature and the poms would become too bloated
> to run dependency analysis over all the dependencies. Even if this were
> feasible, the real value in our project is having minimally declared
> dependencies over the dependencies we author.
> In order to achieve running the dependency analysis over our {{groupId}}
> only,
> we've excluded third party dependencies by generous use of
> {{ignoredUsedUndeclaredDependencies}} and
> {{ignoredUnusedDeclaredDependencies}}, effectively only building a path to
> our groupId. If the {{groupId}} is {{com.artic}} then we've got a long list
> of exclusions, for example:
> {noformat}
> ...
> <ignoredUsedUndeclaredDependencies>
>
> <ignoredUsedUndeclaredDependency>a*:*:*</ignoredUsedUndeclaredDependency>
> <ignoredUsedUndeclaredDependency>b*:*:*
> <!-- allow "c" as the first part of com -->
> </ignoredUsedUndeclaredDependency>
>
> <ignoredUsedUndeclaredDependency>d*:*:*</ignoredUsedUndeclaredDependency>
> ...
>
> <ignoredUsedUndeclaredDependency>cm*:*:*</ignoredUsedUndeclaredDependency>
>
> <ignoredUsedUndeclaredDependency>cn*:*:*</ignoredUsedUndeclaredDependency>
> <!-- Ignore everything beginning c* excluding co* -->
>
> <ignoredUsedUndeclaredDependency>cp*:*:*</ignoredUsedUndeclaredDependency>
>
> <ignoredUsedUndeclaredDependency>cq*:*:*</ignoredUsedUndeclaredDependency>
> {{noformat}}
> While this works, it's pretty ugly, and because it sits high up on our pom
> hierarchy it makes it harder to re-use the
> {{ignoredUsedUndeclaredDependencies}} and
> {{ignoredUnusedDeclaredDependencies}} for having to restate all the third
> party dependencies.
> Ideally it would be possible to specify running the dependency analyze for a
> specific groupId only.
> Suggestion is to introduce a new allow list whereby the dependency analysis
> is only run for the groupIds listed. Could also include the artifactId as
> well.
> Suggested name for new parameter is:
> {{noformat}}
> analyzeDependencies, String[], List of dependencies that will be analysed if
> they are declared but unused. The filter syntax is:
> [groupId]:[artifactId]
> where each pattern segment is optional and supports full and partial *
> wildcards. An empty pattern segment is treated as an implicit wildcard.
> Omitting this parameter will result in the analysis being run for all
> dependencies.
> {{noformat}}
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
