All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.apache.maven.plugins.dependency.analyze.AnalyzeDepMgt Maven / Gradle / Ivy

There is a newer version: 3.8.1
Show newest version
/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.apache.maven.plugins.dependency.analyze;

import java.util.Collections;
import java.util.HashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;

import org.apache.maven.artifact.Artifact;
import org.apache.maven.model.Dependency;
import org.apache.maven.model.DependencyManagement;
import org.apache.maven.model.Exclusion;
import org.apache.maven.plugin.AbstractMojo;
import org.apache.maven.plugin.MojoExecutionException;
import org.apache.maven.plugin.MojoFailureException;
import org.apache.maven.plugins.annotations.Component;
import org.apache.maven.plugins.annotations.Mojo;
import org.apache.maven.plugins.annotations.Parameter;
import org.apache.maven.plugins.annotations.ResolutionScope;
import org.apache.maven.project.MavenProject;

/**
 * This mojo looks at the dependencies after final resolution and looks for mismatches in your dependencyManagement
 * section. This mojo is also useful for detecting projects that override the dependencyManagement directly.
 * Set ignoreDirect to false to detect these otherwise normal conditions.
 *
 * @author Brian Fox
 * @since 2.0-alpha-3
 */
@Mojo(name = "analyze-dep-mgt", requiresDependencyResolution = ResolutionScope.TEST, threadSafe = true)
public class AnalyzeDepMgt extends AbstractMojo {
    // fields -----------------------------------------------------------------

    /**
     *
     */
    @Component
    private MavenProject project;

    /**
     * Fail the build if a problem is detected.
     */
    @Parameter(property = "mdep.analyze.failBuild", defaultValue = "false")
    private boolean failBuild = false;

    /**
     * Ignore Direct Dependency Overrides of dependencyManagement section.
     */
    @Parameter(property = "mdep.analyze.ignore.direct", defaultValue = "true")
    private boolean ignoreDirect = true;

    /**
     * Skip plugin execution completely.
     *
     * @since 2.7
     */
    @Parameter(property = "mdep.analyze.skip", defaultValue = "false")
    private boolean skip;

    // Mojo methods -----------------------------------------------------------

    /*
     * @see org.apache.maven.plugin.Mojo#execute()
     */
    @Override
    public void execute() throws MojoExecutionException, MojoFailureException {
        if (skip) {
            getLog().info("Skipping plugin execution");
            return;
        }

        boolean result = checkDependencyManagement();
        if (result) {
            if (this.failBuild) {

                throw new MojoExecutionException("Found Dependency errors.");
            } else {
                getLog().warn("Potential problems found in Dependency Management ");
            }
        }
    }

    /**
     * Does the work of checking the DependencyManagement Section.
     *
     * @return true if errors are found.
     * @throws MojoExecutionException
     */
    private boolean checkDependencyManagement() throws MojoExecutionException {
        boolean foundError = false;

        getLog().info("Found Resolved Dependency/DependencyManagement mismatches:");

        List depMgtDependencies = null;

        DependencyManagement depMgt = project.getDependencyManagement();
        if (depMgt != null) {
            depMgtDependencies = depMgt.getDependencies();
        }

        if (depMgtDependencies != null && !depMgtDependencies.isEmpty()) {
            // put all the dependencies from depMgt into a map for quick lookup
            Map depMgtMap = new HashMap<>();
            Map exclusions = new HashMap<>();
            for (Dependency depMgtDependency : depMgtDependencies) {
                depMgtMap.put(depMgtDependency.getManagementKey(), depMgtDependency);

                // now put all the exclusions into a map for quick lookup
                exclusions.putAll(addExclusions(depMgtDependency.getExclusions()));
            }

            // get dependencies for the project (including transitive)
            Set allDependencyArtifacts = new LinkedHashSet<>(project.getArtifacts());

            // don't warn if a dependency that is directly listed overrides
            // depMgt. That's ok.
            if (this.ignoreDirect) {
                getLog().info("\tIgnoring Direct Dependencies.");
                Set directDependencies = project.getDependencyArtifacts();
                allDependencyArtifacts.removeAll(directDependencies);
            }

            // log exclusion errors
            List exclusionErrors = getExclusionErrors(exclusions, allDependencyArtifacts);
            for (Artifact exclusion : exclusionErrors) {
                String artifactManagementKey = getArtifactManagementKey(exclusion);
                getLog().info(artifactManagementKey.substring(artifactManagementKey.lastIndexOf(":"))
                        + " was excluded in DepMgt, but version " + exclusion.getVersion()
                        + " has been found in the dependency tree.");
                foundError = true;
            }

            // find and log version mismatches
            Map mismatch = getMismatch(depMgtMap, allDependencyArtifacts);
            for (Map.Entry entry : mismatch.entrySet()) {
                logMismatch(entry.getKey(), entry.getValue());
                foundError = true;
            }
            if (!foundError) {
                getLog().info("\tNone");
            }
        } else {
            getLog().info("\tNothing in DepMgt.");
        }

        return foundError;
    }

    /**
     * Returns a map of the exclusions using the Dependency ManagementKey as the keyset.
     *
     * @param exclusionList to be added to the map.
     * @return a map of the exclusions using the Dependency ManagementKey as the keyset.
     */
    public Map addExclusions(List exclusionList) {
        if (exclusionList != null) {
            return exclusionList.stream().collect(Collectors.toMap(this::getExclusionKey, exclusion -> exclusion));
        }
        return Collections.emptyMap();
    }

    /**
     * Returns a List of the artifacts that should have been excluded, but were found in the dependency tree.
     *
     * @param exclusions a map of the DependencyManagement exclusions, with the ManagementKey as the key and Dependency
     *            as the value.
     * @param allDependencyArtifacts resolved artifacts to be compared.
     * @return list of artifacts that should have been excluded.
     */
    public List getExclusionErrors(Map exclusions, Set allDependencyArtifacts) {
        return allDependencyArtifacts.stream()
                .filter(artifact -> exclusions.containsKey(getExclusionKey(artifact)))
                .collect(Collectors.toList());
    }

    /**
     * @param artifact {@link Artifact}
     * @return The resulting GA.
     */
    public String getExclusionKey(Artifact artifact) {
        return artifact.getGroupId() + ":" + artifact.getArtifactId();
    }

    /**
     * @param ex The exclusion key.
     * @return The resulting combination of groupId+artifactId.
     */
    public String getExclusionKey(Exclusion ex) {
        return ex.getGroupId() + ":" + ex.getArtifactId();
    }

    /**
     * Calculate the mismatches between the DependencyManagement and resolved artifacts
     *
     * @param depMgtMap contains the Dependency.GetManagementKey as the keyset for quick lookup.
     * @param allDependencyArtifacts contains the set of all artifacts to compare.
     * @return a map containing the resolved artifact as the key and the listed dependency as the value.
     */
    public Map getMismatch(
            Map depMgtMap, Set allDependencyArtifacts) {
        Map mismatchMap = new HashMap<>();

        for (Artifact dependencyArtifact : allDependencyArtifacts) {
            Dependency depFromDepMgt = depMgtMap.get(getArtifactManagementKey(dependencyArtifact));
            if (depFromDepMgt != null) {
                // workaround for MNG-2961
                dependencyArtifact.isSnapshot();

                if (depFromDepMgt.getVersion() != null
                        && !depFromDepMgt.getVersion().equals(dependencyArtifact.getBaseVersion())) {
                    mismatchMap.put(dependencyArtifact, depFromDepMgt);
                }
            }
        }
        return mismatchMap;
    }

    /**
     * This function displays the log to the screen showing the versions and information about the artifacts that don't
     * match.
     *
     * @param dependencyArtifact the artifact that was resolved.
     * @param dependencyFromDepMgt the dependency listed in the DependencyManagement section.
     * @throws MojoExecutionException in case of errors.
     */
    public void logMismatch(Artifact dependencyArtifact, Dependency dependencyFromDepMgt)
            throws MojoExecutionException {
        if (dependencyArtifact == null || dependencyFromDepMgt == null) {
            throw new MojoExecutionException(
                    "Invalid params: Artifact: " + dependencyArtifact + " Dependency: " + dependencyFromDepMgt);
        }

        String managementKey = dependencyFromDepMgt.getManagementKey();
        getLog().info("\tDependency: " + managementKey.substring(managementKey.lastIndexOf(":")));
        getLog().info("\t\tDepMgt  : " + dependencyFromDepMgt.getVersion());
        getLog().info("\t\tResolved: " + dependencyArtifact.getBaseVersion());
    }

    /**
     * This function returns a string comparable with Dependency.GetManagementKey.
     *
     * @param artifact to gen the key for
     * @return a string in the form: groupId:ArtifactId:Type[:Classifier]
     */
    public String getArtifactManagementKey(Artifact artifact) {
        return artifact.getGroupId() + ":" + artifact.getArtifactId() + ":" + artifact.getType()
                + ((artifact.getClassifier() != null) ? ":" + artifact.getClassifier() : "");
    }

    /**
     * @return the failBuild
     */
    protected final boolean isFailBuild() {
        return this.failBuild;
    }

    /**
     * @param theFailBuild the failBuild to set
     */
    public void setFailBuild(boolean theFailBuild) {
        this.failBuild = theFailBuild;
    }

    /**
     * @return the project
     */
    protected final MavenProject getProject() {
        return this.project;
    }

    /**
     * @param theProject the project to set
     */
    public void setProject(MavenProject theProject) {
        this.project = theProject;
    }

    /**
     * @return the ignoreDirect
     */
    protected final boolean isIgnoreDirect() {
        return this.ignoreDirect;
    }

    /**
     * @param theIgnoreDirect the ignoreDirect to set
     */
    public void setIgnoreDirect(boolean theIgnoreDirect) {
        this.ignoreDirect = theIgnoreDirect;
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy