Archiva
  1. Archiva
  2. MRM-2

repository: transitive dependency report

    Details

    • Type: New Feature New Feature
    • Status: Closed Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.0-alpha-1
    • Component/s: reporting
    • Labels:
      None
    • Number of attachments :
      4

      Description

      repository tool to ensure that transitive dependencies will work.

      we basically need to know that every artifact that
      is referenced in one POM is actually in the repository along with its
      POM. We need to know that the dependency relationships among
      all artifacts in the repository form a closed set. otherwise the
      transitive dependency mechanism in m2 will break and we need to be wary
      of this. eventually i would like to create graphical representations of
      the dependencies amongst projects but this can come later.

      1. MRM-2-maven-repository-reports-standard.diff
        30 kB
        John Tolentino
      2. MRM-2-maven-repository-reports-standard.diff
        32 kB
        John Tolentino
      3. MRM-2-maven-repository-reports-standard.diff
        24 kB
        John Tolentino
      4. MRM-2-maven-repository-reports-standard.diff
        12 kB
        John Tolentino

        Issue Links

          Activity

          Hide
          Rafal Krzewski added a comment -

          Note: that such check must span multiple repositories: An organization may publish their artifacts to a their private repository, but the artifacts could have dependencies both in the private and public repositories.
          If the scan were performed on a single repository only, dependencies from public repository would have to be replicated in private repository to pass the check, which would a waste of bandwidth and resources.

          Show
          Rafal Krzewski added a comment - Note: that such check must span multiple repositories: An organization may publish their artifacts to a their private repository, but the artifacts could have dependencies both in the private and public repositories. If the scan were performed on a single repository only, dependencies from public repository would have to be replicated in private repository to pass the check, which would a waste of bandwidth and resources.
          Hide
          Brett Porter added a comment -

          Rafal - thanks, that's a possible feature for later. I think for now this is fine to run on ibiblio itself so we've got the most upstream server in good condition.

          I'd prefer for users running this, to start with, to use something like maven-proxy so they actually have a local copy of all the deps they use, but we can certainly extend it in the ways you've suggested.

          Show
          Brett Porter added a comment - Rafal - thanks, that's a possible feature for later. I think for now this is fine to run on ibiblio itself so we've got the most upstream server in good condition. I'd prefer for users running this, to start with, to use something like maven-proxy so they actually have a local copy of all the deps they use, but we can certainly extend it in the ways you've suggested.
          Hide
          John Tolentino added a comment -

          New classes and unit tests.

          Show
          John Tolentino added a comment - New classes and unit tests.
          Hide
          John Tolentino added a comment -

          Additional implementations, new classes and unit tests.

          Show
          John Tolentino added a comment - Additional implementations, new classes and unit tests.
          Hide
          John Tolentino added a comment -

          More unit tests.

          Show
          John Tolentino added a comment - More unit tests.
          Hide
          John Tolentino added a comment -

          Finished implementation with 100% unit test code coverage on artifact reporting.

          Show
          John Tolentino added a comment - Finished implementation with 100% unit test code coverage on artifact reporting.

            People

            • Assignee:
              John Tolentino
              Reporter:
              Brett Porter
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 2 days
                2d
                Remaining:
                Time Spent - 17 hours Remaining Estimate - 8 hours
                8h
                Logged:
                Time Spent - 17 hours Remaining Estimate - 8 hours Time Not Required
                17h