use requiresDependencyCollection for multi-modules resolution
What does this MR do?
Change the mojo dependency requirement attribute to avoid requirement of at least compilation in case of multi-modules.
Related issues
gitlab-org/gitlab#432921 (closed)
This feature will allow to go further in removing requirements of the dependency scanning on the code compilation : gemnasium!610 (merged)
Developer checklist
-
Update CHANGELOG.md -
Update pom.xml with new plugin's version -
Update mentions of the new version in README.md
Tests
Tested with the multi-module fixture case of the gemnasium security analyzer : https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium/-/tree/master/qa/fixtures/java-maven/multimodules/default?ref_type=heads
with version 0.5.1 :
$ mvn com.gemnasium:gemnasium-maven-plugin:0.5.1:dump-dependencies
[INFO] Scanning for projects...
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] java-maven-multi-modules [pom]
[INFO] model [jar]
[INFO] api [jar]
[INFO] web [jar]
[INFO]
[INFO] ----< com.gitlab.security_products.tests:java-maven-multi-modules >-----
[INFO] Building java-maven-multi-modules 1.0-SNAPSHOT [1/4]
[INFO] from pom.xml
[INFO] --------------------------------[ pom ]---------------------------------
[INFO]
[INFO] --- gemnasium:0.5.1:dump-dependencies (default-cli) @ java-maven-multi-modules ---
[INFO] Gemnasium Maven Plugin
[INFO]
[INFO] Project's dependencies have been succesfully dumped into: /Users/jlamande/dev/oss/gitlab/gemnasium/gemnasium/qa/fixtures/java-maven/multimodules/default/gemnasium-maven-plugin.json
[INFO]
[INFO] --------------< com.gitlab.security_products.tests:model >--------------
[INFO] Building model 1.0-SNAPSHOT [2/4]
[INFO] from model/pom.xml
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- gemnasium:0.5.1:dump-dependencies (default-cli) @ model ---
[INFO] Gemnasium Maven Plugin
[INFO]
[INFO] Project's dependencies have been succesfully dumped into: /Users/jlamande/dev/oss/gitlab/gemnasium/gemnasium/qa/fixtures/java-maven/multimodules/default/model/gemnasium-maven-plugin.json
[INFO]
[INFO] ---------------< com.gitlab.security_products.tests:api >---------------
[INFO] Building api 1.0-SNAPSHOT [3/4]
[INFO] from api/pom.xml
[INFO] --------------------------------[ jar ]---------------------------------
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for java-maven-multi-modules 1.0-SNAPSHOT:
[INFO]
[INFO] java-maven-multi-modules ........................... SUCCESS [ 0.279 s]
[INFO] model .............................................. SUCCESS [ 0.012 s]
[INFO] api ................................................ FAILURE [ 0.037 s]
[INFO] web ................................................ SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 0.403 s
[INFO] Finished at: 2023-11-26T14:30:45+01:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal on project api: Could not resolve dependencies for project com.gitlab.security_products.tests:api:jar:1.0-SNAPSHOT: The following artifacts could not be resolved: com.gitlab.security_products.tests:model:jar:1.0-SNAPSHOT (absent): Could not find artifact com.gitlab.security_products.tests:model:jar:1.0-SNAPSHOT -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :api
with locally installed version 0.6.0 :
$ mvn com.gemnasium:gemnasium-maven-plugin:0.6.0:dump-dependencies
[INFO] Scanning for projects...
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] java-maven-multi-modules [pom]
[INFO] model [jar]
[INFO] api [jar]
[INFO] web [jar]
[INFO]
[INFO] ----< com.gitlab.security_products.tests:java-maven-multi-modules >-----
[INFO] Building java-maven-multi-modules 1.0-SNAPSHOT [1/4]
[INFO] from pom.xml
[INFO] --------------------------------[ pom ]---------------------------------
[INFO]
[INFO] --- gemnasium:0.6.0:dump-dependencies (default-cli) @ java-maven-multi-modules ---
[INFO] Gemnasium Maven Plugin
[INFO]
[INFO] Project's dependencies have been succesfully dumped into: /Users/jlamande/dev/oss/gitlab/gemnasium/gemnasium/qa/fixtures/java-maven/multimodules/default/gemnasium-maven-plugin.json
[INFO]
[INFO] --------------< com.gitlab.security_products.tests:model >--------------
[INFO] Building model 1.0-SNAPSHOT [2/4]
[INFO] from model/pom.xml
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- gemnasium:0.6.0:dump-dependencies (default-cli) @ model ---
[INFO] Gemnasium Maven Plugin
[INFO]
[INFO] Project's dependencies have been succesfully dumped into: /Users/jlamande/dev/oss/gitlab/gemnasium/gemnasium/qa/fixtures/java-maven/multimodules/default/model/gemnasium-maven-plugin.json
[INFO]
[INFO] ---------------< com.gitlab.security_products.tests:api >---------------
[INFO] Building api 1.0-SNAPSHOT [3/4]
[INFO] from api/pom.xml
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- gemnasium:0.6.0:dump-dependencies (default-cli) @ api ---
[INFO] Gemnasium Maven Plugin
[INFO]
[INFO] Project's dependencies have been succesfully dumped into: /Users/jlamande/dev/oss/gitlab/gemnasium/gemnasium/qa/fixtures/java-maven/multimodules/default/api/gemnasium-maven-plugin.json
[INFO]
[INFO] ---------------< com.gitlab.security_products.tests:web >---------------
[INFO] Building web 1.0-SNAPSHOT [4/4]
[INFO] from web/pom.xml
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- gemnasium:0.6.0:dump-dependencies (default-cli) @ web ---
[INFO] Gemnasium Maven Plugin
[INFO]
[INFO] Project's dependencies have been succesfully dumped into: /Users/jlamande/dev/oss/gitlab/gemnasium/gemnasium/qa/fixtures/java-maven/multimodules/default/web/gemnasium-maven-plugin.json
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for java-maven-multi-modules 1.0-SNAPSHOT:
[INFO]
[INFO] java-maven-multi-modules ........................... SUCCESS [ 0.318 s]
[INFO] model .............................................. SUCCESS [ 0.012 s]
[INFO] api ................................................ SUCCESS [ 0.033 s]
[INFO] web ................................................ SUCCESS [ 0.011 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 0.452 s
[INFO] Finished at: 2023-11-26T14:31:38+01:00
[INFO] ------------------------------------------------------------------------
The generated gemnasium-maven-plugin.json
files for all modules are strictly identical to these generated with mvn compile mvn com.gemnasium:gemnasium-maven-plugin:0.5.1:dump-dependencies
.