Augment pom dependencies information with custom ones

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Augment pom dependencies information with custom ones

Francois MAROT
Hello again (I'm active there today ;) ),

this time I'd like to tell you about a feature I would like, and maybe some
of you will have something to advise me.
I have to generate a report listing all my dependencies (and I have tooooooo
many !) and for each one I have to provide a little text telling why I chose
this library.
The best way I could imagine would be to have an optional < rationale /> tag
in the < dependency /> block in order to document this directly in the pom.
But to my knowledge this is not possible (maybe for the next version of the
pom format ?!). Then a simple plugin could generate directly a report.

For the moment, I have used the license-maven-plugin which lists all the
dependencies in an html file that I have manually edited to add the info.
But it is not future proof and I will have to do it again next time ! Is
there any plugin that would take as input both your dependencies and a file
containing the choice rationale (for each dependency GAV) and would generate
an html listing dependencies and their rationale ?

Have a good day !
François



--
Sent from: http://maven.40175.n5.nabble.com/Maven-Users-f40176.html

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Augment pom dependencies information with custom ones

Anthony Whitford
Hi François,

I would start with the Dependency Analyze Report: http://maven.apache.org/plugins/maven-dependency-plugin/analyze-mojo.html <http://maven.apache.org/plugins/maven-dependency-plugin/analyze-mojo.html>
It offers valuable insight because it can often tell you whether your dependencies are used or unused.

Simply ensure that this plugin is part of your <reporting><plugins> section, and then when you build your site, you will have this report.  You can see a simple example here:  http://anthonywhitford.com/lombok.maven/test-maven-lombok/dependency-analysis.html <http://anthonywhitford.com/lombok.maven/test-maven-lombok/dependency-analysis.html>

Note that this report does have 1 major flaw — it does not recognize dynamically loaded dependencies, so it can false alert in the “Unused but declared dependencies” section.  In my example, it reports logback-classic is unused, however it is the runtime implementation dynamically loaded by slf4j-api.  My dependency declaration has the `runtime` scope, which is a clue that this is intentional.  I have seen more examples with the Spring Framework.

You mentioned that you have “tooooooo many” dependencies.  I hope you are leveraging Maven correctly such that you are declaring your direct dependencies only, and allowing Maven to calculate the transitive dependencies.  This can dramatically cut down your direct dependency management overhead.  If you are doing this incorrectly, the Dependency Analyze Report may offer some insight into opportunities to cull dependencies.

Finally, the Dependency Tree, found in the Project Dependencies report, is also useful to understand transitive dependencies.  Similar functionality is available from the command-line using:  mvn dependency:tree

Note that these reports have a bunch of configuration options.  For example, dependencies may be forced as being marked as Used, or skipped from being analyzed.  Perhaps you can leverage that functionality along with POM comments to help document your dependency chain.

Hope this helps,

Anthony


> On Dec 5, 2019, at 9:56 AM, Francois MAROT <[hidden email]> wrote:
>
> Hello again (I'm active there today ;) ),
>
> this time I'd like to tell you about a feature I would like, and maybe some
> of you will have something to advise me.
> I have to generate a report listing all my dependencies (and I have tooooooo
> many !) and for each one I have to provide a little text telling why I chose
> this library.
> The best way I could imagine would be to have an optional < rationale /> tag
> in the < dependency /> block in order to document this directly in the pom.
> But to my knowledge this is not possible (maybe for the next version of the
> pom format ?!). Then a simple plugin could generate directly a report.
>
> For the moment, I have used the license-maven-plugin which lists all the
> dependencies in an html file that I have manually edited to add the info.
> But it is not future proof and I will have to do it again next time ! Is
> there any plugin that would take as input both your dependencies and a file
> containing the choice rationale (for each dependency GAV) and would generate
> an html listing dependencies and their rationale ?
>
> Have a good day !
> François
>
>
>
> --
> Sent from: http://maven.40175.n5.nabble.com/Maven-Users-f40176.html
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>

Reply | Threaded
Open this post in threaded view
|

Re: Augment pom dependencies information with custom ones

Anton Tanasenko
Hi François,

If you have control over report generation, what you can do is add xml
processing instructions into your pom files that your plugin can later
parse out of the xml without interfering with existing pom model.
M2Eclipse uses that approach to add some metadata to plugin executions.
Here's [1] the code pointer that performs the parsing from maven model.

[1]
https://github.com/eclipse/m2e-core/blob/master/org.eclipse.m2e.core/src/org/eclipse/m2e/core/internal/lifecyclemapping/AnnotationMappingMetadataSource.java#L168

чт, 5 дек. 2019 г. в 20:44, Anthony Whitford <[hidden email]>:

> Hi François,
>
> I would start with the Dependency Analyze Report:
> http://maven.apache.org/plugins/maven-dependency-plugin/analyze-mojo.html
> <http://maven.apache.org/plugins/maven-dependency-plugin/analyze-mojo.html
> >
> It offers valuable insight because it can often tell you whether your
> dependencies are used or unused.
>
> Simply ensure that this plugin is part of your <reporting><plugins>
> section, and then when you build your site, you will have this report.  You
> can see a simple example here:
> http://anthonywhitford.com/lombok.maven/test-maven-lombok/dependency-analysis.html
> <
> http://anthonywhitford.com/lombok.maven/test-maven-lombok/dependency-analysis.html
> >
>
> Note that this report does have 1 major flaw — it does not recognize
> dynamically loaded dependencies, so it can false alert in the “Unused but
> declared dependencies” section.  In my example, it reports logback-classic
> is unused, however it is the runtime implementation dynamically loaded by
> slf4j-api.  My dependency declaration has the `runtime` scope, which is a
> clue that this is intentional.  I have seen more examples with the Spring
> Framework.
>
> You mentioned that you have “tooooooo many” dependencies.  I hope you are
> leveraging Maven correctly such that you are declaring your direct
> dependencies only, and allowing Maven to calculate the transitive
> dependencies.  This can dramatically cut down your direct dependency
> management overhead.  If you are doing this incorrectly, the Dependency
> Analyze Report may offer some insight into opportunities to cull
> dependencies.
>
> Finally, the Dependency Tree, found in the Project Dependencies report, is
> also useful to understand transitive dependencies.  Similar functionality
> is available from the command-line using:  mvn dependency:tree
>
> Note that these reports have a bunch of configuration options.  For
> example, dependencies may be forced as being marked as Used, or skipped
> from being analyzed.  Perhaps you can leverage that functionality along
> with POM comments to help document your dependency chain.
>
> Hope this helps,
>
> Anthony
>
>
> > On Dec 5, 2019, at 9:56 AM, Francois MAROT <[hidden email]>
> wrote:
> >
> > Hello again (I'm active there today ;) ),
> >
> > this time I'd like to tell you about a feature I would like, and maybe
> some
> > of you will have something to advise me.
> > I have to generate a report listing all my dependencies (and I have
> tooooooo
> > many !) and for each one I have to provide a little text telling why I
> chose
> > this library.
> > The best way I could imagine would be to have an optional < rationale />
> tag
> > in the < dependency /> block in order to document this directly in the
> pom.
> > But to my knowledge this is not possible (maybe for the next version of
> the
> > pom format ?!). Then a simple plugin could generate directly a report.
> >
> > For the moment, I have used the license-maven-plugin which lists all the
> > dependencies in an html file that I have manually edited to add the info.
> > But it is not future proof and I will have to do it again next time ! Is
> > there any plugin that would take as input both your dependencies and a
> file
> > containing the choice rationale (for each dependency GAV) and would
> generate
> > an html listing dependencies and their rationale ?
> >
> > Have a good day !
> > François
> >
> >
> >
> > --
> > Sent from: http://maven.40175.n5.nabble.com/Maven-Users-f40176.html
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [hidden email]
> > For additional commands, e-mail: [hidden email]
> >
>
>

--
Regards,
Anton.
Reply | Threaded
Open this post in threaded view
|

Re: Augment pom dependencies information with custom ones

Dirk Olmes-4
In reply to this post by Francois MAROT
On 12/5/19 6:56 PM, Francois MAROT wrote:
> I have to generate a report listing all my dependencies (and I have tooooooo
> many !) and for each one I have to provide a little text telling why I chose
> this library.

This was discussed a long time ago, see
https://lists.apache.org/thread.html/e3aef69ba147ddcd27e65a9869d7cc6df741b5be7f1a560f19b8082a%401409137401%40<users.maven.apache.org>

I never tried the approach of putting additional elements with a
different namespace in the POM but it may be worth a try ...

-dirk


signature.asc (201 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Augment pom dependencies information with custom ones

Mark H. Wood
In reply to this post by Anton Tanasenko
On Thu, Dec 05, 2019 at 09:04:17PM +0200, Anton Tanasenko wrote:
> If you have control over report generation, what you can do is add xml
> processing instructions into your pom files that your plugin can later
> parse out of the xml without interfering with existing pom model.
> M2Eclipse uses that approach to add some metadata to plugin executions.
> Here's [1] the code pointer that performs the parsing from maven model.
>
> [1]
> https://github.com/eclipse/m2e-core/blob/master/org.eclipse.m2e.core/src/org/eclipse/m2e/core/internal/lifecyclemapping/AnnotationMappingMetadataSource.java#L168

It might be even easier than that.  Could one not write an XSL
transform to combine the POM with a document containing named
dependencies and your rationales, to produce such a report?

But it would be nicer if the schema and the dependency plugin were
extended to permit the documentation that was requested.  And it does
seem in line with Maven's purpose as a "project...comprehension tool."

Another approach, which wouldn't require releasing a new version of
the POM schema, would be if Maven had an option to politely ignore
elements in other namespaces instead of killing the build with an
ERROR.  Then a POM document could be augmented for processing by other
tools (such as a slightly different XSL transform).

--
Mark H. Wood
Lead Technology Analyst

University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu

signature.asc (201 bytes) Download Attachment