Uploaded image for project: 'Maven Dependency Plugin'
  1. Maven Dependency Plugin
  2. MDEP-808

Restrict dependency analysis by group id

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • 3.3.0
    • None
    • analyze
    • None

    Description

      On our project we have elected to run the dependency analysis only over our inhouse authored dependencies. We want to run it for our groupId only. Unfortunately the project is too mature and the poms would become too bloated to run dependency analysis over all the dependencies. Even if this were feasible, the real value in our project is having minimally declared dependencies over the dependencies we author.

      In order to achieve running the dependency analysis over our groupId only,
      we've excluded third party dependencies by generous use of ignoredUsedUndeclaredDependencies and ignoredUnusedDeclaredDependencies, effectively only building a path to our groupId. If the groupId is com.artic then we've got a long list of exclusions, for example:

      ...
           <ignoredUsedUndeclaredDependencies>
              <ignoredUsedUndeclaredDependency>a*:*:*</ignoredUsedUndeclaredDependency>
              <ignoredUsedUndeclaredDependency>b*:*:*

<!-- allow "c" as the first part of com -->

</ignoredUsedUndeclaredDependency>
              <ignoredUsedUndeclaredDependency>d*:*:*</ignoredUsedUndeclaredDependency>

...

              <ignoredUsedUndeclaredDependency>cm*:*:*</ignoredUsedUndeclaredDependency>
              <ignoredUsedUndeclaredDependency>cn*:*:*</ignoredUsedUndeclaredDependency>

<!-- Ignore everything beginning c* excluding co* -->

              <ignoredUsedUndeclaredDependency>cp*:*:*</ignoredUsedUndeclaredDependency>
              <ignoredUsedUndeclaredDependency>cq*:*:*</ignoredUsedUndeclaredDependency>

      While this works, it's pretty ugly, and because it sits high up on our pom hierarchy it makes it harder to re-use the ignoredUsedUndeclaredDependencies and ignoredUnusedDeclaredDependencies for having to restate all the third party dependencies.

      Ideally it would be possible to specify running the dependency analyze for a specific groupId only.

      Suggestion is to introduce a new allow list whereby the dependency analysis is only run for the groupIds listed. Could also include the artifactId as well.

      Suggested name for new parameter is:

      analyzeDependencies, String[], List of dependencies that will be analysed. The filter syntax is:
[groupId]:[artifactId]
where each pattern segment is optional and supports full and partial * wildcards. An empty pattern segment is treated as an implicit wildcard. Omitting this parameter will result in the analysis being run for all dependencies.

      Attachments

        1. pluginManagementPostMDEP-808.txt
          1 kB
          Francis
        2. pluginManagementPreMDEP-808.txt
          21 kB
          Francis

        Activity

          People

            elharo Elliotte Rusty Harold
            chadwick00 Francis
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated: