[
https://issues.apache.org/jira/browse/MDEP-808?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17771651#comment-17771651
]
Francis commented on MDEP-808:
------------------------------
Hmmmm, not able to run the IT tests any longer since merging master into the
clone. Now getting:
{noformat}
$ mvn -Prun-its verify
.....
[ERROR] Failed to execute goal
com.diffplug.spotless:spotless-maven-plugin:2.37.0:check (default) on project
maven-dependency-plugin: The following files had format violations:
[ERROR]
src\main\java\org\apache\maven\plugins\dependency\AbstractDependencyMojo.java
[ERROR] @@ -1,224 +1,224 @@
[ERROR] -/*\n
[ERROR] - * Licensed to the Apache Software Foundation (ASF) under one\n
[ERROR] - * or more contributor license agreements. See the NOTICE
file\n
[ERROR] - * distributed with this work for additional information\n
[ERROR] - * regarding copyright ownership. The ASF licenses this file\n
[ERROR] - * to you under the Apache License, Version 2.0 (the\n
[ERROR] - * "License"); you may not use this file except in compliance\n
[ERROR] - * with the License. You may obtain a copy of the License at\n
[ERROR] - *\n
[ERROR] - * http://www.apache.org/licenses/LICENSE-2.0\n
[ERROR] - *\n
[ERROR] - * Unless required by applicable law or agreed to in writing,\n
[ERROR] - * software distributed under the License is distributed on
an\n
[ERROR] - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n
[ERROR] - * KIND, either express or implied. See the License for the\n
[ERROR] - * specific language governing permissions and limitations\n
[ERROR] - * under the License.\n
[ERROR] - */\n
[ERROR] -package org.apache.maven.plugins.dependency;\n
[ERROR] -\n
[ERROR] -import java.io.File;\n
[ERROR] -import java.io.IOException;\n
[ERROR] -import java.util.List;\n
[ERROR] -\n
[ERROR] -import
org.apache.maven.artifact.repository.ArtifactRepository;\n
[ERROR] -import org.apache.maven.execution.MavenSession;\n
[ERROR] -import org.apache.maven.plugin.AbstractMojo;\n
[ERROR] -import org.apache.maven.plugin.MojoExecutionException;\n
[ERROR] -import org.apache.maven.plugin.MojoFailureException;\n
[ERROR] -import org.apache.maven.plugins.annotations.Component;\n
[ERROR] -import org.apache.maven.plugins.annotations.Parameter;\n
[ERROR] -import
org.apache.maven.plugins.dependency.utils.DependencySilentLog;\n
[ERROR] -import
org.apache.maven.project.DefaultProjectBuildingRequest;\n
[ERROR] -import org.apache.maven.project.MavenProject;\n
[ERROR] -import org.apache.maven.project.ProjectBuildingRequest;\n
[ERROR] -import org.codehaus.plexus.util.FileUtils;\n
[ERROR] -import org.sonatype.plexus.build.incremental.BuildContext;\n
[ERROR] -\n
[ERROR] -/**\n
[ERROR] - * @author <a href="mailto:bri...@apache.org";>Brian Fox</a>\n
[ERROR] - */\n
[ERROR] -public abstract class AbstractDependencyMojo extends
AbstractMojo {\n
[ERROR] -\n
[ERROR] - /**\n
[ERROR] - * For IDE build support\n
[ERROR] - */\n
[ERROR] - @Component\n
[ERROR] - private BuildContext buildContext;\n
[ERROR] ... (400 more lines that didn't fit)
[ERROR] Violations also present in 95 other files.
[ERROR] Run 'mvn spotless:apply' to fix these violations.
{noformat}
> Restrict dependency analysis by group id
> ----------------------------------------
>
> Key: MDEP-808
> URL: https://issues.apache.org/jira/browse/MDEP-808
> Project: Maven Dependency Plugin
> Issue Type: New Feature
> Components: analyze
> Affects Versions: 3.3.0
> Reporter: Francis
> Assignee: Elliotte Rusty Harold
> Priority: Major
>
> On our project we have elected to run the dependency analysis only over our
> inhouse authored dependencies. We want to run it for our groupId only.
> Unfortunately the project is too mature and the poms would become too bloated
> to run dependency analysis over all the dependencies. Even if this were
> feasible, the real value in our project is having minimally declared
> dependencies over the dependencies we author.
> In order to achieve running the dependency analysis over our {{groupId}}
> only,
> we've excluded third party dependencies by generous use of
> {{ignoredUsedUndeclaredDependencies}} and
> {{ignoredUnusedDeclaredDependencies}}, effectively only building a path to
> our groupId. If the {{groupId}} is {{com.artic}} then we've got a long list
> of exclusions, for example:
> {noformat}
> ...
> <ignoredUsedUndeclaredDependencies>
>
> <ignoredUsedUndeclaredDependency>a*:*:*</ignoredUsedUndeclaredDependency>
> <ignoredUsedUndeclaredDependency>b*:*:*
> <!-- allow "c" as the first part of com -->
> </ignoredUsedUndeclaredDependency>
>
> <ignoredUsedUndeclaredDependency>d*:*:*</ignoredUsedUndeclaredDependency>
> ...
>
> <ignoredUsedUndeclaredDependency>cm*:*:*</ignoredUsedUndeclaredDependency>
>
> <ignoredUsedUndeclaredDependency>cn*:*:*</ignoredUsedUndeclaredDependency>
> <!-- Ignore everything beginning c* excluding co* -->
>
> <ignoredUsedUndeclaredDependency>cp*:*:*</ignoredUsedUndeclaredDependency>
>
> <ignoredUsedUndeclaredDependency>cq*:*:*</ignoredUsedUndeclaredDependency>
> {noformat}
> While this works, it's pretty ugly, and because it sits high up on our pom
> hierarchy it makes it harder to re-use the
> {{ignoredUsedUndeclaredDependencies}} and
> {{ignoredUnusedDeclaredDependencies}} for having to restate all the third
> party dependencies.
> Ideally it would be possible to specify running the dependency analyze for a
> specific groupId only.
> Suggestion is to introduce a new allow list whereby the dependency analysis
> is only run for the groupIds listed. Could also include the artifactId as
> well.
> Suggested name for new parameter is:
> {noformat}
> analyzeDependencies, String[], List of dependencies that will be analysed.
> The filter syntax is:
> [groupId]:[artifactId]
> where each pattern segment is optional and supports full and partial *
> wildcards. An empty pattern segment is treated as an implicit wildcard.
> Omitting this parameter will result in the analysis being run for all
> dependencies.
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
