XRAY-145307 - Transfered logic to include plugins deps as well in maven dep tree#776
Open
gauriy-tech wants to merge 1 commit into
Open
Conversation
gauriy-tech
force-pushed
the
feature/XRAY-145307-transfer-plugin-logic
branch
from
45daa26 to
98c52f7
Compare
gauriy-tech
force-pushed
the
feature/XRAY-145307-transfer-plugin-logic
branch
from
98c52f7 to
899c5ca
Compare
Open
1 task
gauriy-tech
force-pushed
the
feature/XRAY-145307-transfer-plugin-logic
branch
from
899c5ca to
7322a07
Compare
Contributor
Author
|
I have read the CLA Document and I hereby sign the CLA |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
The
jf ca(curation audit) Maven flow supports including build-plugin transitive dependencies in the curation evaluation via the--mvn-include-plugin-depsflag (introduced in #771).That first implementation resolved the plugin dependencies on the Go side inside
mvn.goby spawning extra Maven processes (mvn dependency:resolve-plugins -Bandmvn help:effective-pom) in addition to the existingmaven-dep-treeinvocation. This PR moves that logic into themaven-dep-treeplugin itself, so resolution happens where Aether/Maven already have full repository and lifecycle context.The CLI now simply:
-DincludePluginDeps=trueto the existingmaven-dep-treeinvocation, andpluginNodesJSON section, then injects them under each module root before the curation graph is built.This removes ~330 lines of Maven-internals logic from the CLI and makes plugin-dependency resolution more correct (proper transitive/diamond handling, lifecycle filtering) on the plugin side.
Performance
When
--mvn-include-plugin-depsis enabled, the old flow triggered three separate Maven process executions: one formaven-dep-tree, one fordependency:resolve-plugins, and one forhelp:effective-pom(which built an install-lifecycle plugin allow-list). Each Maven invocation pays the full cost of JVM startup, project model / effective-POM construction, and repository session setup.By folding plugin resolution into the single
maven-dep-treerun (-DincludePluginDeps=true), the two extra Maven processes are eliminated entirely — plugin deps are now resolved within the same session that already builds the project tree, reusing the already-loaded project model and repository session. This roughly cuts the Maven invocation overhead for the plugin-deps path by two-thirds and avoids redundant POM resolution work.Testing
pluginNodesJSON decode (single-module, no-plugin-nodes, multi-module type-union dedup), thepluginNodesPresentsignal that distinguishes "plugin doesn't support the flag" from "plugin ran but found nothing", andClassifierpropagation throughinjectPluginDeps.tests/testdata/projects/package-managers/maven/maven-curation-plugin-deps) covers the customer scenario from XRAY-144809.devbranch.go vet ./....go fmt ./....