Skip to content

use requiresDependencyCollection for multi-modules resolution

Julien Lamandé requested to merge jlm-works/gemnasium-maven-plugin:feat/dependency-collection into master

What does this MR do?

Change the mojo dependency requirement attribute to avoid requirement of at least compilation in case of multi-modules.

Related issues

gitlab-org/gitlab#432921 (closed)

This feature will allow to go further in removing requirements of the dependency scanning on the code compilation : gemnasium!610 (merged)

Developer checklist

  • Update CHANGELOG.md
  • Update pom.xml with new plugin's version
  • Update mentions of the new version in README.md

Tests

Tested with the multi-module fixture case of the gemnasium security analyzer : https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium/-/tree/master/qa/fixtures/java-maven/multimodules/default?ref_type=heads

with version 0.5.1 :

$ mvn com.gemnasium:gemnasium-maven-plugin:0.5.1:dump-dependencies        
[INFO] Scanning for projects...
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO] 
[INFO] java-maven-multi-modules                                           [pom]
[INFO] model                                                              [jar]
[INFO] api                                                                [jar]
[INFO] web                                                                [jar]
[INFO] 
[INFO] ----< com.gitlab.security_products.tests:java-maven-multi-modules >-----
[INFO] Building java-maven-multi-modules 1.0-SNAPSHOT                     [1/4]
[INFO]   from pom.xml
[INFO] --------------------------------[ pom ]---------------------------------
[INFO] 
[INFO] --- gemnasium:0.5.1:dump-dependencies (default-cli) @ java-maven-multi-modules ---
[INFO] Gemnasium Maven Plugin
[INFO] 
[INFO] Project's dependencies have been succesfully dumped into: /Users/jlamande/dev/oss/gitlab/gemnasium/gemnasium/qa/fixtures/java-maven/multimodules/default/gemnasium-maven-plugin.json
[INFO] 
[INFO] --------------< com.gitlab.security_products.tests:model >--------------
[INFO] Building model 1.0-SNAPSHOT                                        [2/4]
[INFO]   from model/pom.xml
[INFO] --------------------------------[ jar ]---------------------------------
[INFO] 
[INFO] --- gemnasium:0.5.1:dump-dependencies (default-cli) @ model ---
[INFO] Gemnasium Maven Plugin
[INFO] 
[INFO] Project's dependencies have been succesfully dumped into: /Users/jlamande/dev/oss/gitlab/gemnasium/gemnasium/qa/fixtures/java-maven/multimodules/default/model/gemnasium-maven-plugin.json
[INFO] 
[INFO] ---------------< com.gitlab.security_products.tests:api >---------------
[INFO] Building api 1.0-SNAPSHOT                                          [3/4]
[INFO]   from api/pom.xml
[INFO] --------------------------------[ jar ]---------------------------------
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for java-maven-multi-modules 1.0-SNAPSHOT:
[INFO] 
[INFO] java-maven-multi-modules ........................... SUCCESS [  0.279 s]
[INFO] model .............................................. SUCCESS [  0.012 s]
[INFO] api ................................................ FAILURE [  0.037 s]
[INFO] web ................................................ SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  0.403 s
[INFO] Finished at: 2023-11-26T14:30:45+01:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal on project api: Could not resolve dependencies for project com.gitlab.security_products.tests:api:jar:1.0-SNAPSHOT: The following artifacts could not be resolved: com.gitlab.security_products.tests:model:jar:1.0-SNAPSHOT (absent): Could not find artifact com.gitlab.security_products.tests:model:jar:1.0-SNAPSHOT -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException
[ERROR] 
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR]   mvn <args> -rf :api

with locally installed version 0.6.0 :

$ mvn com.gemnasium:gemnasium-maven-plugin:0.6.0:dump-dependencies
[INFO] Scanning for projects...
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO] 
[INFO] java-maven-multi-modules                                           [pom]
[INFO] model                                                              [jar]
[INFO] api                                                                [jar]
[INFO] web                                                                [jar]
[INFO] 
[INFO] ----< com.gitlab.security_products.tests:java-maven-multi-modules >-----
[INFO] Building java-maven-multi-modules 1.0-SNAPSHOT                     [1/4]
[INFO]   from pom.xml
[INFO] --------------------------------[ pom ]---------------------------------
[INFO] 
[INFO] --- gemnasium:0.6.0:dump-dependencies (default-cli) @ java-maven-multi-modules ---
[INFO] Gemnasium Maven Plugin
[INFO] 
[INFO] Project's dependencies have been succesfully dumped into: /Users/jlamande/dev/oss/gitlab/gemnasium/gemnasium/qa/fixtures/java-maven/multimodules/default/gemnasium-maven-plugin.json
[INFO] 
[INFO] --------------< com.gitlab.security_products.tests:model >--------------
[INFO] Building model 1.0-SNAPSHOT                                        [2/4]
[INFO]   from model/pom.xml
[INFO] --------------------------------[ jar ]---------------------------------
[INFO] 
[INFO] --- gemnasium:0.6.0:dump-dependencies (default-cli) @ model ---
[INFO] Gemnasium Maven Plugin
[INFO] 
[INFO] Project's dependencies have been succesfully dumped into: /Users/jlamande/dev/oss/gitlab/gemnasium/gemnasium/qa/fixtures/java-maven/multimodules/default/model/gemnasium-maven-plugin.json
[INFO] 
[INFO] ---------------< com.gitlab.security_products.tests:api >---------------
[INFO] Building api 1.0-SNAPSHOT                                          [3/4]
[INFO]   from api/pom.xml
[INFO] --------------------------------[ jar ]---------------------------------
[INFO] 
[INFO] --- gemnasium:0.6.0:dump-dependencies (default-cli) @ api ---
[INFO] Gemnasium Maven Plugin
[INFO] 
[INFO] Project's dependencies have been succesfully dumped into: /Users/jlamande/dev/oss/gitlab/gemnasium/gemnasium/qa/fixtures/java-maven/multimodules/default/api/gemnasium-maven-plugin.json
[INFO] 
[INFO] ---------------< com.gitlab.security_products.tests:web >---------------
[INFO] Building web 1.0-SNAPSHOT                                          [4/4]
[INFO]   from web/pom.xml
[INFO] --------------------------------[ jar ]---------------------------------
[INFO] 
[INFO] --- gemnasium:0.6.0:dump-dependencies (default-cli) @ web ---
[INFO] Gemnasium Maven Plugin
[INFO] 
[INFO] Project's dependencies have been succesfully dumped into: /Users/jlamande/dev/oss/gitlab/gemnasium/gemnasium/qa/fixtures/java-maven/multimodules/default/web/gemnasium-maven-plugin.json
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for java-maven-multi-modules 1.0-SNAPSHOT:
[INFO] 
[INFO] java-maven-multi-modules ........................... SUCCESS [  0.318 s]
[INFO] model .............................................. SUCCESS [  0.012 s]
[INFO] api ................................................ SUCCESS [  0.033 s]
[INFO] web ................................................ SUCCESS [  0.011 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  0.452 s
[INFO] Finished at: 2023-11-26T14:31:38+01:00
[INFO] ------------------------------------------------------------------------

The generated gemnasium-maven-plugin.json files for all modules are strictly identical to these generated with mvn compile mvn com.gemnasium:gemnasium-maven-plugin:0.5.1:dump-dependencies.

Edited by Julien Lamandé

Merge request reports