Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

move code out of base when possible #268

Merged
merged 1 commit into from
Feb 3, 2023
Merged

move code out of base when possible #268

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
102 changes: 3 additions & 99 deletions src/main/java/org/cyclonedx/maven/BaseCycloneDxMojo.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,15 +42,10 @@
import org.apache.maven.project.ProjectBuildingResult;
import org.apache.maven.repository.RepositorySystem;
import org.apache.maven.shared.dependency.analyzer.ProjectDependencyAnalysis;
import org.apache.maven.shared.dependency.analyzer.ProjectDependencyAnalyzer;
import org.apache.maven.shared.dependency.graph.DependencyCollectorBuilder;
import org.apache.maven.shared.dependency.graph.DependencyCollectorBuilderException;
import org.apache.maven.shared.dependency.graph.DependencyNode;
import org.apache.maven.shared.dependency.graph.traversal.CollectingDependencyNodeVisitor;
import org.codehaus.plexus.context.Context;
import org.codehaus.plexus.PlexusConstants;
import org.codehaus.plexus.PlexusContainer;
import org.codehaus.plexus.personality.plexus.lifecycle.phase.Contextualizable;
import org.cyclonedx.BomGeneratorFactory;
import org.cyclonedx.CycloneDxSchema;
import org.cyclonedx.exception.GeneratorException;
Expand Down Expand Up @@ -89,7 +84,7 @@

import static org.apache.maven.artifact.Artifact.SCOPE_COMPILE;

public abstract class BaseCycloneDxMojo extends AbstractMojo implements Contextualizable {
public abstract class BaseCycloneDxMojo extends AbstractMojo {

@Parameter(property = "session", readonly = true, required = true)
private MavenSession session;
Expand Down Expand Up @@ -247,28 +242,6 @@ public abstract class BaseCycloneDxMojo extends AbstractMojo implements Contextu
protected static final String MESSAGE_VALIDATING_BOM = "CycloneDX: Validating BOM (%s): %s";
protected static final String MESSAGE_VALIDATION_FAILURE = "The BOM does not conform to the CycloneDX BOM standard as defined by the XSD";

/**
* The plexus context to look-up the right {@link ProjectDependencyAnalyzer} implementation depending on the mojo
* configuration.
*/
private Context context;

/**
* Specify the project dependency analyzer to use (plexus component role-hint). By default,
* <a href="https://maven.apache.org/shared/maven-dependency-analyzer/">maven-dependency-analyzer</a> is used. To use this, you must declare
* a dependency for this plugin that contains the code for the analyzer. The analyzer must have a declared Plexus
* role name, and you specify the role name here.
*
* @since 2.2
*/
@Parameter( property = "analyzer", defaultValue = "default" )
private String analyzer;

/**
* DependencyAnalyzer
*/
protected ProjectDependencyAnalyzer dependencyAnalyzer;

/**
* Returns a reference to the current project.
*
Expand Down Expand Up @@ -308,7 +281,7 @@ protected boolean shouldInclude(Artifact artifact) {
* @param project the MavenProject to convert
* @return a CycloneDX Metadata object
*/
protected Metadata convert(final MavenProject project) {
private Metadata convert(final MavenProject project) {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

12% of developers fix this issue

Var: Unnecessary 'final' modifier.

Suggested change
private Metadata convert(final MavenProject project) {
private Metadata convert(MavenProject project) {
ℹ️ Learn about @sonatype-lift commands

You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.

Command Usage
@sonatype-lift ignore Leave out the above finding from this PR
@sonatype-lift ignoreall Leave out all the existing findings from this PR
@sonatype-lift exclude <file|issue|path|tool> Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file

Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.

Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

11% of developers fix this issue

UnnecessaryFinal: Since Java 8, it's been unnecessary to make local variables and parameters final for use in lambdas or anonymous classes. Marking them as final is weakly discouraged, as it adds a fair amount of noise for minimal benefit.

Suggested change
private Metadata convert(final MavenProject project) {
private Metadata convert( MavenProject project) {
ℹ️ Learn about @sonatype-lift commands

You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.

Command Usage
@sonatype-lift ignore Leave out the above finding from this PR
@sonatype-lift ignoreall Leave out all the existing findings from this PR
@sonatype-lift exclude <file|issue|path|tool> Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file

Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.

Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]

final Tool tool = new Tool();
final Properties properties = readPluginProperties();
tool.setVendor(properties.getProperty("vendor"));
Expand Down Expand Up @@ -392,7 +365,7 @@ protected Component convert(Artifact artifact) {
return component;
}

private String generatePackageUrl(final Artifact artifact) {
protected String generatePackageUrl(final Artifact artifact) {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

12% of developers fix this issue

Var: Unnecessary 'final' modifier.

Suggested change
protected String generatePackageUrl(final Artifact artifact) {
protected String generatePackageUrl(Artifact artifact) {
ℹ️ Learn about @sonatype-lift commands

You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.

Command Usage
@sonatype-lift ignore Leave out the above finding from this PR
@sonatype-lift ignoreall Leave out all the existing findings from this PR
@sonatype-lift exclude <file|issue|path|tool> Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file

Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.

Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

11% of developers fix this issue

UnnecessaryFinal: Since Java 8, it's been unnecessary to make local variables and parameters final for use in lambdas or anonymous classes. Marking them as final is weakly discouraged, as it adds a fair amount of noise for minimal benefit.

Suggested change
protected String generatePackageUrl(final Artifact artifact) {
protected String generatePackageUrl( Artifact artifact) {
ℹ️ Learn about @sonatype-lift commands

You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.

Command Usage
@sonatype-lift ignore Leave out the above finding from this PR
@sonatype-lift ignoreall Leave out all the existing findings from this PR
@sonatype-lift exclude <file|issue|path|tool> Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file

Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.

Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]

TreeMap<String, String> qualifiers = null;
if (artifact.getType() != null || artifact.getClassifier() != null) {
qualifiers = new TreeMap<>();
Expand Down Expand Up @@ -765,20 +738,6 @@ private void addDependencyToGraph(final Set<Dependency> dependencies, final Stri
}
}

protected void addMavenProjectsAsDependencies(List<MavenProject> reactorProjects, Set<Dependency> dependencies) {
for (final Dependency dependency: dependencies) {
for (final MavenProject project: reactorProjects) {
if (project.hasParent()) {
final String parentRef = generatePackageUrl(project.getParentArtifact());
if (dependency.getRef() != null && dependency.getRef().equals(parentRef)) {
final Dependency child = new Dependency(generatePackageUrl(project.getArtifact()));
dependency.addDependency(child);
}
}
}
}
}

protected void logAdditionalParameters() {
// no additional parameters
}
Expand All @@ -801,59 +760,4 @@ protected void logParameters() {
getLog().info("------------------------------------------------------------------------");
}
}

@Override
public void contextualize( Context theContext )
{
this.context = theContext;
}

/**
* @return {@link ProjectDependencyAnalyzer}
* @throws MojoExecutionException in case of an error.
*/
protected ProjectDependencyAnalyzer createProjectDependencyAnalyzer()
throws MojoExecutionException
{
final String role = ProjectDependencyAnalyzer.class.getName();
final String roleHint = analyzer;
try
{
final PlexusContainer container = (PlexusContainer) context.get( PlexusConstants.PLEXUS_KEY );
return (ProjectDependencyAnalyzer) container.lookup( role, roleHint );
}
catch ( Exception exception )
{
throw new MojoExecutionException( "Failed to instantiate ProjectDependencyAnalyser with role " + role
+ " / role-hint " + roleHint, exception );
}
}

/**
* Method to identify component scope based on dependency analysis
*
* @param component Component
* @param artifact Artifact from maven project
* @param dependencyAnalysis Dependency analysis data
*
* @return Component.Scope - Required: If the component is used. Optional: If it is unused
*/
protected Component.Scope getComponentScope(Component component, Artifact artifact, ProjectDependencyAnalysis dependencyAnalysis) {
if (dependencyAnalysis == null) {
return null;
}
Set<Artifact> usedDeclaredArtifacts = dependencyAnalysis.getUsedDeclaredArtifacts();
Set<Artifact> usedUndeclaredArtifacts = dependencyAnalysis.getUsedUndeclaredArtifacts();
Set<Artifact> unusedDeclaredArtifacts = dependencyAnalysis.getUnusedDeclaredArtifacts();
Set<Artifact> testArtifactsWithNonTestScope = dependencyAnalysis.getTestArtifactsWithNonTestScope();
// Is the artifact used?
if (usedDeclaredArtifacts.contains(artifact) || usedUndeclaredArtifacts.contains(artifact)) {
return Component.Scope.REQUIRED;
}
// Is the artifact unused or test?
if (unusedDeclaredArtifacts.contains(artifact) || testArtifactsWithNonTestScope.contains(artifact)) {
return Component.Scope.OPTIONAL;
}
return null;
}
}
14 changes: 14 additions & 0 deletions src/main/java/org/cyclonedx/maven/CycloneDxAggregateMojo.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -197,4 +197,18 @@ protected boolean analyze(final Set<Component> components, final Set<Dependency>
addMavenProjectsAsDependencies(reactorProjects, dependencies);
return true;
}

private void addMavenProjectsAsDependencies(List<MavenProject> reactorProjects, Set<Dependency> dependencies) {
for (final Dependency dependency: dependencies) {
for (final MavenProject project: reactorProjects) {
if (project.hasParent()) {
final String parentRef = generatePackageUrl(project.getParentArtifact());
if (dependency.getRef() != null && dependency.getRef().equals(parentRef)) {
final Dependency child = new Dependency(generatePackageUrl(project.getArtifact()));
dependency.addDependency(child);
}
}
}
}
}
}
79 changes: 78 additions & 1 deletion src/main/java/org/cyclonedx/maven/CycloneDxMojo.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,14 @@
import org.apache.maven.plugin.MojoExecutionException;
import org.apache.maven.plugins.annotations.LifecyclePhase;
import org.apache.maven.plugins.annotations.Mojo;
import org.apache.maven.plugins.annotations.Parameter;
import org.apache.maven.plugins.annotations.ResolutionScope;
import org.apache.maven.shared.dependency.analyzer.ProjectDependencyAnalysis;
import org.apache.maven.shared.dependency.analyzer.ProjectDependencyAnalyzer;
import org.codehaus.plexus.PlexusConstants;
import org.codehaus.plexus.PlexusContainer;
import org.codehaus.plexus.context.Context;
import org.codehaus.plexus.personality.plexus.lifecycle.phase.Contextualizable;
import org.cyclonedx.model.Component;
import org.cyclonedx.model.Dependency;
import java.util.LinkedHashSet;
Expand All @@ -40,7 +46,51 @@
requiresDependencyCollection = ResolutionScope.TEST,
requiresDependencyResolution = ResolutionScope.TEST
)
public class CycloneDxMojo extends BaseCycloneDxMojo {
public class CycloneDxMojo extends BaseCycloneDxMojo implements Contextualizable {

/**
* The Plexus context to look-up the right {@link ProjectDependencyAnalyzer} implementation depending on the mojo
* configuration.
*/
private Context context;

/**
* Specify the project dependency analyzer to use (plexus component role-hint). By default,
* <a href="https://maven.apache.org/shared/maven-dependency-analyzer/">maven-dependency-analyzer</a> is used. To use this, you must declare
* a dependency for this plugin that contains the code for the analyzer. The analyzer must have a declared Plexus
* role name, and you specify the role name here.
*
* @since 2.2
*/
@Parameter(property = "analyzer", defaultValue = "default")
private String analyzer;

/**
* DependencyAnalyzer
*/
protected ProjectDependencyAnalyzer dependencyAnalyzer;

@Override
public void contextualize(Context theContext) {
this.context = theContext;
}

/**
* @return {@link ProjectDependencyAnalyzer}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

42% of developers fix this issue

MissingSummary: A summary line is required on public/protected Javadocs.

ℹ️ Learn about @sonatype-lift commands

You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.

Command Usage
@sonatype-lift ignore Leave out the above finding from this PR
@sonatype-lift ignoreall Leave out all the existing findings from this PR
@sonatype-lift exclude <file|issue|path|tool> Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file

Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.

Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]

* @throws MojoExecutionException in case of an error.
*/
protected ProjectDependencyAnalyzer createProjectDependencyAnalyzer() throws MojoExecutionException {
final String role = ProjectDependencyAnalyzer.class.getName();
final String roleHint = analyzer;
try {
final PlexusContainer container = (PlexusContainer) context.get(PlexusConstants.PLEXUS_KEY);
return (ProjectDependencyAnalyzer) container.lookup(role, roleHint);
}
catch (Exception exception) {
throw new MojoExecutionException("Failed to instantiate ProjectDependencyAnalyser with role " + role
+ " / role-hint " + roleHint, exception);
}
}

protected boolean analyze(final Set<Component> components, final Set<Dependency> dependencies) throws MojoExecutionException {
final Set<String> componentRefs = new LinkedHashSet<>();
Expand Down Expand Up @@ -78,4 +128,31 @@ protected boolean analyze(final Set<Component> components, final Set<Dependency>
return true;
}

/**
* Method to identify component scope based on dependency analysis
*
* @param component Component
* @param artifact Artifact from maven project
* @param dependencyAnalysis Dependency analysis data
*
* @return Component.Scope - Required: If the component is used. Optional: If it is unused
*/
protected Component.Scope getComponentScope(Component component, Artifact artifact, ProjectDependencyAnalysis dependencyAnalysis) {
if (dependencyAnalysis == null) {
return null;
}
Set<Artifact> usedDeclaredArtifacts = dependencyAnalysis.getUsedDeclaredArtifacts();
Set<Artifact> usedUndeclaredArtifacts = dependencyAnalysis.getUsedUndeclaredArtifacts();
Set<Artifact> unusedDeclaredArtifacts = dependencyAnalysis.getUnusedDeclaredArtifacts();
Set<Artifact> testArtifactsWithNonTestScope = dependencyAnalysis.getTestArtifactsWithNonTestScope();
// Is the artifact used?
if (usedDeclaredArtifacts.contains(artifact) || usedUndeclaredArtifacts.contains(artifact)) {
return Component.Scope.REQUIRED;
}
// Is the artifact unused or test?
if (unusedDeclaredArtifacts.contains(artifact) || testArtifactsWithNonTestScope.contains(artifact)) {
return Component.Scope.OPTIONAL;
}
return null;
}
}