All geek questions in one place

Who is using my maven artifact?

I have a system consisting of several web applications (war) and libraries (jar). They all use maven and are under my control (source code, built-in artifacts in Nexus, ...). Let's say that application A uses the L1 library directly and L2 indirectly (used from L1). I can easily check the dependency tree from top to bottom of the application using maven dependency: tree or graph: project plugins. But how can I check who uses my library? In my example, I want to know if A is the only application (or library) using L1, and that L2 is used from L1 and from some other application, say B. Is there any plugin for maven or nexus or should I try to write a script for this? What are your suggestions?

+6
source share
8 answers

If you want to achieve this at the repository level, Apache Archiva has the "used by" function specified in the project information.

See screenshot .

This is similar to what mvnrepository.com lists in the "Used" section of the artifact description.

Unfortunately, Nexus does not provide an equivalent function.

Now I believe that it would be difficult to maintain another repository for this, but then it would probably be easier than some other suggestions, for example, writing a plugin for Nexus. I believe that Archiva can be configured on the proxy server of other repositories.

Update

In fact, there is also a plugin for Nexus to achieve the β€œused” function.

+4
source

As far as I know, nothing in these lines exists as an open source tool. You can write a Nexus plugin that traverses the repo and verifies the use of your component in all other components, repeating all the data and analyzing it. This would be a pretty difficult task to run as it would have to look at all the components and analyze all the letters.

Similarly, you can do this in the local repository using another tool. However, it probably makes sense to parse the contents of the repo manager rather than the local repository.

+3
source

I don’t think there is a Maven way to do this. There are ways to do this or similar things. Here are some examples:

  • Open your projects in your favorite IDE. For example, Eclipse can help you with class-level impact analysis, which in most cases can be quite good.

  • Use a simple grep in the source folder. It may sound a little block (as well as indicating the obvious), but we used it a lot.

  • Use addiction analysis tools like Sonargraph or Lattix

+2
source

I am not aware of the public libraries for this work, so I wrote a custom application that does this for me. I work with a distribution that combines over 70 artifacts. Many times after changing an artifact, I want the changes to be backward compatible (i.e. no compilation errors occur in dependent artifacts). To achieve this, it was important to know all those dependent on the changed artifact.

Therefore, I wrote an application that scans all artifacts in a directory (/ subdirectories), extracts them pom.xml and searches (in the pom dependency section) for a modified artifact to appear. (I did it in java, although the shell / windows script can make it even more compact.)

I will be happy to share the code on github if this can be any help.

+2
source

One way that can satisfy your needs is to create a master pump with all your maven projects. Then you run the following command on master-pom:

 mvn dependency:tree -DoutputType=graphml -DoutputFile=dependency.graphml

Open the generated file in yEd.

Instructions used here: http://www.summa-tech.com/blog/2011/04/12/a-visual-maven-dependency-tree-view/

+2
source

Perhaps more interesting is: what would you do with this information? Let A developers no longer use the L1 or L2 library because it has a fatal error? In my opinion, you should be able to create a blacklist of dependencies / parents / plugins in your repository manager. Once a project tries to deploy / load itself with a blacklisted artifact, it should fail. I say uploading , not downloading , because it can break many projects. As far as I know, this is not yet available for any repository manager.

+1
source

One way to solve this problem is outside of Java itself: to write an OS-level monitoring script that tracks every case of fopen () in a jar file in doubt! Assuming this is in a corporate environment, it may take you several weeks (!) To allow everyone using processes to access the library at least once!

On Windows, you can use the Sysinternals Process Monitor for this: http://technet.microsoft.com/en-us/sysinternals/bb896645

On Unix variants, you will use DTrace or strace.

+1
source

IMHO, and also in my experience, finding a technical solution to such a problem is often redundant. If the reason you want to find out who uses your artifact (library) is because you want to ensure backward compatibility when changing an artifact or something similar, I think this is best done by passing your changes using traditional channels, and encourage other teams that can use your library to talk about it (project blogs, wikis, email, a well-known place for documents, Jour fixe, etc.).

In theory, you can write a script that scans every project in your repository, and then analyzes maven build.xml (assuming they all use maven) and finds out if they determined the dependency on your artifact. If all the projects in your organization follow the standard maven structure, it should be easy to write one such script (although if any of these projects has a dependency on your artifact through a transitive dependency, things can get a little more complicated).

+1
source

Source: https://habr.com/ru/post/956026/

More articles:


All Articles