From 357d13a5b4173575954f4372343c8f4bbe4aadd6 Mon Sep 17 00:00:00 2001 From: Ivan Vankovich Date: Tue, 7 Dec 2021 14:03:52 -0800 Subject: [PATCH] Add dependency check (#59) * Add dependency check * Fix maven-dependency-plugin errors * Add --fail-at-end flag * Fix comment --- .semaphore/semaphore.yml | 18 +++++++++++++ .../confluent-extensions/pom.xml | 25 +++++++++++++++++++ .../opencensus-extensions/pom.xml | 24 ++++++++++++++++++ 3 files changed, 67 insertions(+) diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml index 5d2a466c5cac..260f07e3c98c 100644 --- a/.semaphore/semaphore.yml +++ b/.semaphore/semaphore.yml @@ -74,6 +74,24 @@ blocks: commands: - ${MVN} spotbugs:check --fail-at-end -pl '!benchmarks' + - name: "analyze dependencies" + commands: + - > + ${MVN} ${MAVEN_SKIP} dependency:analyze -DoutputXML=true -DignoreNonCompile=true -DfailOnWarning=true --fail-at-end || { echo " + + The dependency analysis has found a dependency that is either: + 1) Used and undeclared: These are available as a transitive dependency but should be explicitly + added to the POM to ensure the dependency version. The XML to add the dependencies to the POM is + shown above. + 2) Unused and declared: These are not needed and removing them from the POM will speed up the build + and reduce the artifact size. The dependencies to remove are shown above. + If there are false positive dependency analysis warnings, they can be suppressed: + https://maven.apache.org/plugins/maven-dependency-plugin/analyze-mojo.html#usedDependencies + https://maven.apache.org/plugins/maven-dependency-plugin/examples/exclude-dependencies-from-dependency-analysis.html + For more information, refer to: + https://maven.apache.org/plugins/maven-dependency-plugin/analyze-mojo.html + " && false; } + - name: "Confluent Extensions" env_vars: - name: MAVEN_PROJECTS diff --git a/extensions-contrib/confluent-extensions/pom.xml b/extensions-contrib/confluent-extensions/pom.xml index 77a7aed1392c..6e6878fde11f 100644 --- a/extensions-contrib/confluent-extensions/pom.xml +++ b/extensions-contrib/confluent-extensions/pom.xml @@ -34,6 +34,31 @@ ${project.parent.version} provided + + com.google.code.findbugs + jsr305 + provided + + + com.fasterxml.jackson.core + jackson-databind + provided + + + com.google.guava + guava + provided + + + com.google.inject + guice + provided + + + com.fasterxml.jackson.core + jackson-annotations + provided + junit diff --git a/extensions-contrib/opencensus-extensions/pom.xml b/extensions-contrib/opencensus-extensions/pom.xml index 5526fc18fc30..3373be42a54c 100644 --- a/extensions-contrib/opencensus-extensions/pom.xml +++ b/extensions-contrib/opencensus-extensions/pom.xml @@ -55,6 +55,30 @@ ${project.parent.version} provided + + com.fasterxml.jackson.core + jackson-databind + provided + + + com.google.protobuf + protobuf-java + + + com.google.guava + guava + provided + + + com.google.inject + guice + provided + + + com.fasterxml.jackson.core + jackson-annotations + provided + junit