[
https://issues.apache.org/jira/browse/MDEP-808?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17771282#comment-17771282
]
ASF GitHub Bot commented on MDEP-808:
-------------------------------------
chadwick00 commented on code in PR #218:
URL:
https://github.com/apache/maven-dependency-plugin/pull/218#discussion_r1343212367
##########
src/it/projects/analyze-include-dependency/pom.xml:
##########
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/xsd/maven-4.0.0.xsd";>
+ <modelVersion>4.0.0</modelVersion>
+
+ <groupId>org.apache.maven.its.dependency</groupId>
+ <artifactId>test</artifactId>
+ <version>1.0-SNAPSHOT</version>
+
+ <name>Test</name>
+ <description>
+ Test dependency:analyze with includeDependencies
+ </description>
+
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ </properties>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.maven</groupId>
+ <artifactId>maven-project</artifactId>
Review Comment:
I've tried to update the version of the all the dependencies @mavenVersion@,
but at least one of the dependencies doesn't like it. I can try harder by
choosing alternative dependencies, but I suppose the benefit of keeping these
at an old version is that the referenced classes within dependency won't
deprecated, as [has been done
elsewhere](https://github.com/apache/maven-dependency-plugin/blob/master/src/it/projects/analyze-ignore-unused-declared-dependency/pom.xml#L43).
> Restrict dependency analysis by group id
> ----------------------------------------
>
> Key: MDEP-808
> URL: https://issues.apache.org/jira/browse/MDEP-808
> Project: Maven Dependency Plugin
> Issue Type: New Feature
> Components: analyze
> Affects Versions: 3.3.0
> Reporter: Francis
> Assignee: Elliotte Rusty Harold
> Priority: Major
>
> On our project we have elected to run the dependency analysis only over our
> inhouse authored dependencies. We want to run it for our groupId only.
> Unfortunately the project is too mature and the poms would become too bloated
> to run dependency analysis over all the dependencies. Even if this were
> feasible, the real value in our project is having minimally declared
> dependencies over the dependencies we author.
> In order to achieve running the dependency analysis over our {{groupId}}
> only,
> we've excluded third party dependencies by generous use of
> {{ignoredUsedUndeclaredDependencies}} and
> {{ignoredUnusedDeclaredDependencies}}, effectively only building a path to
> our groupId. If the {{groupId}} is {{com.artic}} then we've got a long list
> of exclusions, for example:
> {noformat}
> ...
> <ignoredUsedUndeclaredDependencies>
>
> <ignoredUsedUndeclaredDependency>a*:*:*</ignoredUsedUndeclaredDependency>
> <ignoredUsedUndeclaredDependency>b*:*:*
> <!-- allow "c" as the first part of com -->
> </ignoredUsedUndeclaredDependency>
>
> <ignoredUsedUndeclaredDependency>d*:*:*</ignoredUsedUndeclaredDependency>
> ...
>
> <ignoredUsedUndeclaredDependency>cm*:*:*</ignoredUsedUndeclaredDependency>
>
> <ignoredUsedUndeclaredDependency>cn*:*:*</ignoredUsedUndeclaredDependency>
> <!-- Ignore everything beginning c* excluding co* -->
>
> <ignoredUsedUndeclaredDependency>cp*:*:*</ignoredUsedUndeclaredDependency>
>
> <ignoredUsedUndeclaredDependency>cq*:*:*</ignoredUsedUndeclaredDependency>
> {noformat}
> While this works, it's pretty ugly, and because it sits high up on our pom
> hierarchy it makes it harder to re-use the
> {{ignoredUsedUndeclaredDependencies}} and
> {{ignoredUnusedDeclaredDependencies}} for having to restate all the third
> party dependencies.
> Ideally it would be possible to specify running the dependency analyze for a
> specific groupId only.
> Suggestion is to introduce a new allow list whereby the dependency analysis
> is only run for the groupIds listed. Could also include the artifactId as
> well.
> Suggested name for new parameter is:
> {noformat}
> analyzeDependencies, String[], List of dependencies that will be analysed.
> The filter syntax is:
> [groupId]:[artifactId]
> where each pattern segment is optional and supports full and partial *
> wildcards. An empty pattern segment is treated as an implicit wildcard.
> Omitting this parameter will result in the analysis being run for all
> dependencies.
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
