[
https://issues.apache.org/jira/browse/MDEP-808?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17766818#comment-17766818
]
Francis commented on MDEP-808:
------------------------------
[~delany] - Sorry I've been really lazy on this one, given the PR is ready and
only review comments on the test pending.
I can make the review changes tomorrow. In the meantime there were no review
comments on the API, consider that stable. You can integrate against the API on
the branch ahead of the presumed merge to main.
> Restrict dependency analysis by group id
> ----------------------------------------
>
> Key: MDEP-808
> URL: https://issues.apache.org/jira/browse/MDEP-808
> Project: Maven Dependency Plugin
> Issue Type: New Feature
> Components: analyze
> Affects Versions: 3.3.0
> Reporter: Francis
> Priority: Major
>
> On our project we have elected to run the dependency analysis only over our
> inhouse authored dependencies. We want to run it for our groupId only.
> Unfortunately the project is too mature and the poms would become too bloated
> to run dependency analysis over all the dependencies. Even if this were
> feasible, the real value in our project is having minimally declared
> dependencies over the dependencies we author.
> In order to achieve running the dependency analysis over our {{groupId}}
> only,
> we've excluded third party dependencies by generous use of
> {{ignoredUsedUndeclaredDependencies}} and
> {{ignoredUnusedDeclaredDependencies}}, effectively only building a path to
> our groupId. If the {{groupId}} is {{com.artic}} then we've got a long list
> of exclusions, for example:
> {noformat}
> ...
> <ignoredUsedUndeclaredDependencies>
>
> <ignoredUsedUndeclaredDependency>a*:*:*</ignoredUsedUndeclaredDependency>
> <ignoredUsedUndeclaredDependency>b*:*:*
> <!-- allow "c" as the first part of com -->
> </ignoredUsedUndeclaredDependency>
>
> <ignoredUsedUndeclaredDependency>d*:*:*</ignoredUsedUndeclaredDependency>
> ...
>
> <ignoredUsedUndeclaredDependency>cm*:*:*</ignoredUsedUndeclaredDependency>
>
> <ignoredUsedUndeclaredDependency>cn*:*:*</ignoredUsedUndeclaredDependency>
> <!-- Ignore everything beginning c* excluding co* -->
>
> <ignoredUsedUndeclaredDependency>cp*:*:*</ignoredUsedUndeclaredDependency>
>
> <ignoredUsedUndeclaredDependency>cq*:*:*</ignoredUsedUndeclaredDependency>
> {noformat}
> While this works, it's pretty ugly, and because it sits high up on our pom
> hierarchy it makes it harder to re-use the
> {{ignoredUsedUndeclaredDependencies}} and
> {{ignoredUnusedDeclaredDependencies}} for having to restate all the third
> party dependencies.
> Ideally it would be possible to specify running the dependency analyze for a
> specific groupId only.
> Suggestion is to introduce a new allow list whereby the dependency analysis
> is only run for the groupIds listed. Could also include the artifactId as
> well.
> Suggested name for new parameter is:
> {noformat}
> analyzeDependencies, String[], List of dependencies that will be analysed.
> The filter syntax is:
> [groupId]:[artifactId]
> where each pattern segment is optional and supports full and partial *
> wildcards. An empty pattern segment is treated as an implicit wildcard.
> Omitting this parameter will result in the analysis being run for all
> dependencies.
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
