Archiva

repository: transitive dependency report

Details

  • Type: New Feature New Feature
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: None
  • Fix Version/s: 1.0-alpha-1
  • Component/s: reporting
  • Labels:
    None
  • Number of attachments :
    4

Description

repository tool to ensure that transitive dependencies will work.

we basically need to know that every artifact that
is referenced in one POM is actually in the repository along with its
POM. We need to know that the dependency relationships among
all artifacts in the repository form a closed set. otherwise the
transitive dependency mechanism in m2 will break and we need to be wary
of this. eventually i would like to create graphical representations of
the dependencies amongst projects but this can come later.

  1. File
    MRM-2-maven-repository-reports-standard.diff
    06/Dec/05 11:32 PM
    30 kB
    John Tolentino
  2. File
    MRM-2-maven-repository-reports-standard.diff
    06/Dec/05 4:01 AM
    32 kB
    John Tolentino
  3. File
    MRM-2-maven-repository-reports-standard.diff
    06/Dec/05 3:47 AM
    24 kB
    John Tolentino
  4. File
    MRM-2-maven-repository-reports-standard.diff
    05/Dec/05 3:07 AM
    12 kB
    John Tolentino

Issue Links

is duplicated by

Sub-task - The sub-task of the issue MNG-335 graph dependencies found vs. needed on convert, report missing

  • Major - Major loss of function.
  • Closed - The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Rafal Krzewski added a comment -

Note: that such check must span multiple repositories: An organization may publish their artifacts to a their private repository, but the artifacts could have dependencies both in the private and public repositories.
If the scan were performed on a single repository only, dependencies from public repository would have to be replicated in private repository to pass the check, which would a waste of bandwidth and resources.

Show
Rafal Krzewski added a comment - Note: that such check must span multiple repositories: An organization may publish their artifacts to a their private repository, but the artifacts could have dependencies both in the private and public repositories. If the scan were performed on a single repository only, dependencies from public repository would have to be replicated in private repository to pass the check, which would a waste of bandwidth and resources.
Hide
Permalink
Brett Porter added a comment -

Rafal - thanks, that's a possible feature for later. I think for now this is fine to run on ibiblio itself so we've got the most upstream server in good condition.

I'd prefer for users running this, to start with, to use something like maven-proxy so they actually have a local copy of all the deps they use, but we can certainly extend it in the ways you've suggested.

Show
Brett Porter added a comment - Rafal - thanks, that's a possible feature for later. I think for now this is fine to run on ibiblio itself so we've got the most upstream server in good condition. I'd prefer for users running this, to start with, to use something like maven-proxy so they actually have a local copy of all the deps they use, but we can certainly extend it in the ways you've suggested.
Hide
Permalink
John Tolentino added a comment -

New classes and unit tests.

Show
John Tolentino added a comment - New classes and unit tests.
Hide
Permalink
John Tolentino added a comment -

Additional implementations, new classes and unit tests.

Show
John Tolentino added a comment - Additional implementations, new classes and unit tests.
Hide
Permalink
John Tolentino added a comment -

More unit tests.

Show
John Tolentino added a comment - More unit tests.
Hide
Permalink
John Tolentino added a comment -

Finished implementation with 100% unit test code coverage on artifact reporting.

Show
John Tolentino added a comment - Finished implementation with 100% unit test code coverage on artifact reporting.

People

  • Assignee:
    John Tolentino
    Reporter:
    Brett Porter
Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved:

Time Tracking

Estimated:
2d
Original Estimate - 2 days
Remaining:
8h
Time Spent - 17 hours Remaining Estimate - 8 hours
Logged:
17h
Time Spent - 17 hours Remaining Estimate - 8 hours Time Not Required