Maven Plugin - how to add a dependency to an existing MavenProject object - maven

I am writing a Maven plugin. Within the plugin I would like to extend my primary MavenProject with and additional dependency and get all dependencies copied to my local project.
Based on some "internet research" I started with the following code:
//to add the dependency
Artifact poi = artifactFactory.createArtifact("org.apache.poi", "poi", "5.1.0",Artifact.SCOPE_COMPILE, "jar");
Set set = new HashSet(project.getDependencyArtifacts() );
set.add( poi );
project.setDependencyArtifacts( set );
//to get the dependencies "copied"
executeMojo(plugin(groupId("org.apache.maven.plugins"), artifactId("maven-dependency-plugin"), version("2.8")),goal("copy-dependencies"),
configuration(element(name("outputDirectory"), unpackDependenciesDirectory.getAbsolutePath()),
element(name("includeTypes"), "jar"),
element(name("includeScope"), "compile")),
executionEnvironment(project, session, buildPluginManager));
However only the original dependencies are downloaded - not the new one.
What do I miss? What do I need to do to extend the list of dependencies?
(would expect something like updating my project? but there is no such "method")
Further I have see that setDependencyArtifacts is set to deprected. But I haven't found any documentation why - so any insights are also welcome.
Thanks in advance!

First of all thanks Fabian an Karl-Heinz for your feedback and input.
And yes you are right it is
not a good idea at all and
not possible to change / update the dependencies within a Maven Plugin.
(at least in the current maven version; not sure if it was possible in earlier times, as I have see some code snippets that at least suggest it).
Thus I ended up with the solution suggested by Fabian above - to simply define a dependency (of type pom) in the parent project.
Anyhow: if anybody has the requirement to resolve and download additional maven (or ivy) dependencies I could now also recommend Jeka ;-) . See:
Download maven dependencies programmatically
https://github.com/jeka-dev

You cannot add dependencies to the projects during the build. The dependencies are resolved before any plugin runs.
You can update or change dependencies with separate Maven goals, like those of the maven dependency plugin.

Related

Comparing Maven project dependencies

Is there a simple way to list the differences between the artefacts added to the classpath by one version of a Maven project and another?
Here is the problem I'm trying to solve. If I change the version of an artefact declared in a Maven project, the list of transitive dependencies added to the classpath by the dependency may change. I want know what those changes are before I commit a change to a dependency version. The primary reason I want to know what transitive dependencies will change on the classpath when I change the version number of declared dependency is concern that changing the version number of a declared dependency may cause the version of a transitive dependency to change to one that has a security vulnerability in it.
At the moment, I'm using the dependencies plugin tree goal to produce a before and after change dependency tree and then comparing the two by eye. This is not ideal.
I also know of a way to achieve my goal using the OWASP dependency check Maven plugin but this also seem not ideal.
Can anyone suggest a better solution to my problem that using the dependencies plugin or the OWASP dependency check plugin? Is there a Maven plugin to produce what I need?
Thanks
Please try
mvn dependency:list
It will list all the dependencies with version information.
now you can see the difference using any diff checker tool online.

Prevent usage of unmanaged dependencies in modules of maven project

For my project, I would like to prevent in maven modules the usage of dependencies that would not be declared in the dependencyManagement in the parent pom, is there a way to achieve this ?
Thanks
First, you will never be able to completely block the user to add dependency.
User can still add the jar manualy in his code.
Secondly yo can also decompres a module jar and put it in your project.
(actually the same as with a ant build)
It's a good start to maintain a central place with all the version of your dependencies. In a kind of "corporate parent pom".
If your company have a nexus/artifactory, you can "close the door" at that point.
I think that's utopic to have the same version of your dependencies for all your applications. You always want to be able to use the latest feature of the latest version of the dependency.

How can I find out hidden versions of dependencies and plugins in Maven?

We do not need to specify the versions and other parameters of Maven dependencies and plugins we use. We can do it only once in parent POM or may be in some other way and inherit that properties in our children POMs.
Unfortunately for many times I have met the projects where I cannot find the real parameters of dependencies and plugins that easily. I.e. the versions of dependencies are empty, but in parent POM there is no information about this.
So my questions are:
What are all the possible ways to specify the parameters of dependency and plugin in Maven? I.e. where can I look for version number if it is not present neither in plugin in child POM nor in plugin management in parent pom?
Is there any Maven command to find out where Maven takes these parameters from? For example, I may use the dependency:tree command. It will print a list of dependencies which will help me to understand the version dependency I am stuck about. But this is a hack, and it cannot help me with plugins. May be there is something better?
Before executing any command, Maven builds the "effective POM", see this stackoverflow answer for more details. You may view the effective POM for any project by running mvn help:effective-pom. Typically when I run this command I redirect the output into a file so I can view and search it in a text editor.
You asked about specific parts of the POM, dependencies and plugins. You're on the right track, the maven-dependency-plugin helps. The goals I use most often are dependency:tree, dependency:resolve, and dependency:resolve-plugins. The first two assist with project dependencies, the last one with plugins. Add the -U option to force Maven to update dependencies regardless of the update policies/repository metadata values.
It is also helpful when troubleshooting to start with an empty local repository.
Last but certainly not least, Maven will give warnings when a build uses a plugin without a specific version. ALWAYS specify an explicit version to fix the warning and avoid issues like this one.

gradle resolve the dependencies if the artifact is not found then build the dependent and upload the artifact

During configuration cycle of gradle where it tries to resolve the dependencies is there a way where I can add custom task/plugin such as to build the dependent project(details of svn path of the dependent project is provide thru ext properties) if the artifact is not found.
Thank you.
There isn't currently a built-in feature for this. It may be possible to implement this yourself, but it won't be easy. To get started, have a look at https://github.com/pniederw/elastic-deps, which is a proof-of-concept to replace project dependencies with external dependencies if they aren't available locally.
PS: Configurations are resolved when their artifacts are first requested, which typically happens in the execution phase (not configuration phase).
I had a need for the same feature. Getting it to work with gradle was a cinch. The hard part was figuring out how Android Studio syncs the gradle files. Without a successful sync, the IDE will complain it can't find any dependencies. At any rate, I figured it out, here is my solution to make it work with gradle and Android Studio.
https://gist.github.com/vangorra/c1383c355ce8fe56adf8
It essentially boils down to defining the project in settings.gradle:
include 'library'
project(':library').projectDir = file('../Library/library')
Then you have to use a one-liner with options closure for your dependency:
compile ( project(':library').projectDir.exists() ? project(':library'): 'Library:library:unspecified#aar') {
transitive = true
}

Add a Maven dependency to a Eclipse Plugin project

just a simple question: I need to add a Maven dependency to a Eclipse Plugin project.
The project has not a POM file, so I converted it to a Maven one.
Now I have plugin.xml file and pom.xml file. POM contains the dependency I need to satisfy, but it's ignored; I mean, I can't resolve an import in source code referring to that import.
Can you help me?
ty
I read about Tycho plugin, but online configurations don't work.
If I'm reading this correctly, you've just started by adding a Maven dependency to your project, but don't have the dependency available for Eclipse to validate your code against.
You will need to start a Maven build after you add a brand new dependency so that Maven can add that to your local cached repository. Once the Maven build is done, Eclipse should recognize your imports properly.
You may want to check whether the dependency you are looking for is available in the Eclipse Orbit.
The Orbit project is basically a repository of libraries to make them available for Eclipse Plug-in Development. What is especially nice in the Orbit libraries is that they also provide the sources. Thus, it is possible to view the implementation and get proper JavaDoc and so on.
Example
One can find the com.google.gson library using the update site
https://download.eclipse.org/tools/orbit/downloads/drops/R20190602212107/repository
Thereby, the part R20190602212107 refers to the Orbit build name that you find on the downloads page of the project.

Resources