shrinkwrap-resolver解析pom依赖
魏凯捷
需求
我们需要分析一个项目的相关依赖,评估对其改动的影响点。工具可以辅助开发人员评估影响点,画出依赖树
解决方案
方案1
直接对项目执行mvn dependency:tree 然后对结果进行
优点:maven官方工具可靠稳定
缺点:如果想要线上服务化需要对线上服务器配置maven。服务强依赖maven生成的依赖树文件。并且通过执行shell命令后要开发人员编写分析maven输出文件的代码,如果文件结构因为升级发现变化或者改变会影响分析结果。
方案2
服务自动解析项目的pom分析
优点:通过解析pom文件返回对象,反序列化为对象,更容易分析。服务只需要关系抽象对象间的关心分析,不需要关心pom反序列化的过程。解耦pom与依赖分析服务
缺点:非官方工具,分析结果的准确性、稳定性需要多观察注意,避免bug引起的错误分析导致评估遗漏出现盲区。
shrinkwrap-resolver使用
pom依赖
<dependency>
<groupId>org.jboss.shrinkwrap.resolver</groupId>
<artifactId>shrinkwrap-resolver-depchain</artifactId>
<version>${version.shrinkwrap.resolvers}</version>
<type>pom</type>
</dependency>
// 获取依赖时需要使用该依赖
<dependency>
<groupId>org.jboss.shrinkwrap.resolver</groupId>
<artifactId>shrinkwrap-resolver-impl-maven</artifactId>
<version>${version.shrinkwrap.resolvers}</version>
</dependency>
// 1. 加载并解析pom文件
MavenResolveStageBase<PomEquippedResolveStage, MavenStrategyStage, MavenFormatStage> mavenResolveStageBase = Maven.resolver()
.loadPomFromFile(pomPath);
// 2. 获取依赖
MavenWorkingSession session = ((MavenWorkingSessionContainer) mavenResolveStageBase).getMavenWorkingSession();
Set<MavenDependency> mavenDependencies = session.getDependencyManagement();
问题
出现如下警告与报错,解析失败。
警告是未能在maven2资源库中找到父pom的maven-metadata.xml。
报错比较明显指出了对于jdk tools的依赖需要制定绝对路径。
一月 16, 2020 6:42:25 下午 org.jboss.shrinkwrap.resolver.impl.maven.logging.LogTransferListener transferFailed
警告: Failed downloading com/.../dispatch/dispatch-parent/3.0.0-SNAPSHOT/maven-metadata.xml from https://repo1.maven.org/maven2/. Reason:
org.eclipse.aether.transfer.MetadataNotFoundException: Could not find metadata com.....dispatch:dispatch-parent:3.0.0-SNAPSHOT/maven-metadata.xml in central (https://repo1.maven.org/maven2)
一月 16, 2020 6:42:26 下午 org.jboss.shrinkwrap.resolver.impl.maven.logging.LogTransferListener transferFailed
警告: Failed downloading com/.../wireless/parent/3.2.0-SNAPSHOT/maven-metadata.xml from https://repo1.maven.org/maven2/. Reason:
org.eclipse.aether.transfer.MetadataNotFoundException: Could not find metadata com.....wireless:parent:3.2.0-SNAPSHOT/maven-metadata.xml in central (https://repo1.maven.org/maven2)
Exception in thread "main" org.jboss.shrinkwrap.resolver.api.InvalidConfigurationFileException: Found 1 problems while building POM model from D:\git\...\dispatch\dispatch-grafana-service\dispatch-grafana-service-server\pom.xml
1/ [ERROR] 'dependencyManagement.dependencies.dependency.systemPath' for jdk.tools:jdk.tools:jar must specify an absolute path but is ${JAVA_HOME}/lib/tools.jar @ com.....dispatch:dispatch-grafana-service-server:1.0-SNAPSHOT, D:\git\...\dispatch\dispatch-grafana-service\dispatch-grafana-service-server\pom.xml
解决方法
排除maven中心资源库;在setting文件中增加JAVA_HOME变量的配置。上面的报错也提醒我们再pom配置中应该尽量使用maven提供的内置变量而非自定义变量,父类中的jdk路径的配置可以修改为:${java.home}。
修改后的代码
MavenResolveStageBase<PomEquippedResolveStage, MavenStrategyStage, MavenFormatStage> mavenResolveStageBase = Maven.configureResolver()
// 1. 排除maven中心资源库
.withMavenCentralRepo(false)
// 2. 从resource中读取setting文件(相对路径)
.fromClassloaderResource(settingPath)
// 3. 读取解析pom文件
.loadPomFromFile(pomPath);
// 4. 获取依赖
MavenWorkingSession session = ((MavenWorkingSessionContainer) mavenResolveStageBase).getMavenWorkingSession();
Set<MavenDependency> mavenDependencies = session.getDependencyManagement();
pom增加JAVA_HOME配置
<profile>
<id>jdk-1.8</id>
<activation>
<activeByDefault>true</activeByDefault>
<jdk>1.8</jdk>
</activation>
<properties>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
<maven.compiler.compilerVersion>1.8</maven.compiler.compilerVersion>
// JAVA_HOME 变量配置
<JAVA_HOME>C:\Program Files (x86)\Java\jdk1.8.0_73</JAVA_HOME>
</properties>
</profile>
至此解析依赖成功
[...MavenDependency [org.springframework.security:spring-security-acl:jar:4.2.9.RELEASE:compile],
MavenDependency [org.springframework.security:spring-security-aspects:jar:4.2.9.RELEASE:compile],
MavenDependency [org.springframework.security:spring-security-cas:jar:4.2.9.RELEASE:compile],
MavenDependency [org.springframework.security:spring-security-config:jar:4.2.9.RELEASE:compile],
MavenDependency [org.springframework.security:spring-security-core:jar:4.2.9.RELEASE:compile],
MavenDependency [org.springframework.security:spring-security-crypto:jar:4.2.9.RELEASE:compile],
MavenDependency [org.springframework.security:spring-security-data:jar:4.2.9.RELEASE:compile],
MavenDependency [org.springframework.security:spring-security-ldap:jar:4.2.9.RELEASE:compile],
MavenDependency [org.springframework.security:spring-security-messaging:jar:4.2.9.RELEASE:compile],
MavenDependency [org.springframework.security:spring-security-openid:jar:4.2.9.RELEASE:compile],
MavenDependency [org.springframework.security:spring-security-remoting:jar:4.2.9.RELEASE:compile],
MavenDependency [org.springframework.security:spring-security-taglibs:jar:4.2.9.RELEASE:compile],
MavenDependency [org.springframework.security:spring-security-test:jar:4.2.9.RELEASE:compile],
MavenDependency [org.springframework.security:spring-security-web:jar:4.2.9.RELEASE:compile],
MavenDependency [com.dianwoba.dispatch:dispatch-grafana-service-impl:jar:1.0-SNAPSHOT:compile],
MavenDependency [org.jboss.shrinkwrap.resolver:shrinkwrap-resolver-depchain:pom:3.1.3:test]]
总结
shrinkwrap-resolver不仅可以帮助我们解析pom依赖,还可以实现打包上传部署等功能。并且项目提供了内嵌的Maven可以直接执行maven命令。功能很强大,相关使用可以直接查看官方文档均有详细的解释与使用案例
还有一点应该注意的是在pom中应当尽量使用maven内置的参数定义,例如:${java.home}而不是${JAVA_HOME}
类似资料: