We are analyzing several Projects in SonarQube -> Java and also .Net Projects.
For Java / Maven Projects its no Problem to see the Library dependencies -> Which component uses which Library. There is even a dependency browser built-in in the Sonar core.
For .Net Projects we use NuGet for the dependency Management. In Sonar its not possible to see which Component uses which Library with the specific version for .Net / NuGet Projects. Now we want to know which Library is used in which Component and vice versa. And that's why I'm writing a plugin that shows me the the NuGet dependencies.
There are two possibilities:
1. Solution: The easy way
I write a Plugin that parses the "repositories.config" and the appropriate "packages.config" Files, persists this information into the database and then show them in a widget.
2. Solution: The elegant way
I write a plugin which reads the NuGet information from the "repositories.config" and the appropriate "packages.config" files and perstist this information the same way like the maven information is perstisted too in the database. Then also the built-in dependency browser would find the NuGet dependencies.
So:
A question for Solution 1:
What would be the best way to persist the dependency information? A String Measure for each project with a JSON containing the dependency information?
A question for Solution 2: (And this is my main question here)
Do you know how / where this data is persisted in the Sonar database for maven projects? It would take me a lot of time trying to reenigneer the whole sonar source code. Maybe someone has an idea how i can find this information faster or maybe you have even other ideas to solve my problem.
The goal would also be to share this plugin to the community.
Thank you!
Regards
Cédric
Related
I'm using the Mill Build Tool for a Scala project, which uses a build.sc file to list specific dependencies for different modules within the project. Now, I'm trying to dockerize the project and would like to install the dependencies in the image before having to copy over the entire repository. I want to avoid this, so that the dependencies don't have to be installed every time I make a small change in the source code. Is there any simple way of doing this? Thanks!
Here's a similar post for sbt: sbt only fetch dependencies
Updated answer:
Since mill 0.9.3 there is support to easily prepare offline work.
See pull request #951 for details.
In short, you can use the prepareOffline target to fetch dependencies in advance.
mill __.prepareOffline
Original answer:
There is currently no easy and straight forward way of doing this. Although you can force the resolution of all compile dependencies by running mill __.compileClasspath, but this will also trigger the compilation of all inter-module dependencies.
As a work around you could try to generate IntelliJ IDEA project files, which will also trigger dependency resolution. Afterwards you can delete the generated directories (.idea/ and .idea_modules/).
Technically, it is quite simple to introduce a new fetchIvyDeps target for exactly that purpose, but it's not there yet. You might want to open a feature request or create a pull request.
I have an eclipse Java project and want to get information like project source dir, classpaths, etc. My current implementation parses the .project file. But as I didn't find any official documentation describing the structure of the .project file, I have some concerns for the robustness of this approach.
A more convenient and robust way would be to use JDT (headlessly) to load the project and get the relevant information from the IJavaProject object.
Although the developer guide of JDT says
JDT Core packages give you access to the Java model objects and headless Java IDE infrastructure.
all the examples I can find opening an existing Java project get the IJavaProject object from projects within a workspace or use an IProject object. But I couldn't find the way to add a project to the workspace or to construct a IProject/IJavaProject from a path to .project file.
Could anyone please help?
Yes, and can all be done through clear and stable API. org.eclipse.jdt.core is a plug-in, just like org.eclipse.core.resources (which is where you would get an IWorkspace instance), and they both expect to be running within an Eclipse runtime, which can be headless if that's how you write your Eclipse Application. JDT uses the .classpath file to record where sources, libraries, and build output are, and what abstracted references to libraries to use, while the .project file is what records what kind of project it is in general--Java, PHP, Web, some combination of those or others--and a little more information about what builders to execute.
So make yourself a headless Eclipse Application, or package your end-goal functionality inside of one.
https://wiki.eclipse.org/FAQ_What_is_an_Eclipse_application%3F
https://wiki.eclipse.org/FAQ_What_are_extensions_and_extension_points%3F
http://help.eclipse.org/mars/topic/org.eclipse.platform.doc.isv/reference/extension-points/org_eclipse_core_runtime_applications.html?cp=2_1_1_27
http://help.eclipse.org/mars/topic/org.eclipse.platform.doc.isv/reference/api/org/eclipse/core/resources/ResourcesPlugin.html#getWorkspace--
http://help.eclipse.org/mars/topic/org.eclipse.jdt.doc.isv/reference/api/org/eclipse/jdt/core/JavaCore.html#getJavaCore--
http://help.eclipse.org/mars/topic/org.eclipse.jdt.doc.isv/reference/api/org/eclipse/jdt/core/IJavaProject.html#getResolvedClasspath-boolean-
See http://www.ant4eclipse.org/ for a project which allows you to work inside Eclipse projects.
I used it for a bit some years back, and found that this is too brittle for long term usage and build scripts. I would recommend against relying on internal Eclipse things. They break! Typically when mixing releases.
Instead I would suggest you move to Maven. This is a bit more work, but allows you to use the whole maven infrastructure and API's to do things. What you want to achieve here, may be possible already using a Maven plugin.
I have seen many posts on this, but let me say that i am not trying to write a plugin.
I am making a project analyser which needs to find out resolved dependencies with their path.
Given a pom.xml(in a project) i want to find out all the dependencies(transitive too) with their paths and if possible the missing dependencies too.
Getting a version independent solution would be bonus.
PS: Every answer is suggesting to use exec to run the command on cli, i am already using this and want to find a better approach of doing this.
You could use the maven dependency plugin. The two that I have used and found very helpful I've mentioned below:
dependency:tree
Displays a tree structure of the entire dependencies both direct and transitive used. Be sure to use the verbose mode.
Link
dependency:list
Displays all dependencies used in a project in a list fashion. I personally do not find this that handy at times when I need to know what are transitives and which are direct for licensing purpose. But it has its place when you just need to know what you are using or detecting duplicate libraries with different versions.
Link
In addition there is also analyze, when reading the documentation it seems quite handy but I would need to try this out and I will.
dependency:analyze
Use mvn dependency:tree. For programmatic access simply use the java Process api.
http://maven.apache.org/plugins/maven-dependency-plugin/tree-mojo.html
Java Process with Input/Output Stream
Also Maven plugins are simple java classes. You can download the dependency:tree plugin's code and use it/modify it to your taste.
I am new to enterprise application developement and trying to create a REST server with Spring REST, JPA taking to mySQL database and Javascript on the client side. As I see loads of opensource libraries doing specific task, I started off with using 'maven project' with different 'arch type' (which is nothing but predefined POM with relevent libraries as I understand) provided by Eclipse. But I often run into version mismatch issues, in many cases found specific solution to that perticular libraries in StackOverflow or other sites.
Hence I started looking for a information these version dependancies such as, this version of JPA works with that version of Hibernate library and so on. I checked maven repository of major libraries, I did not find such information so far.
My queries are:
Where can I find these information about the versions dependancies?
Are these pre defined POM in eclipse reliable? Who owns them, where can I get last modified dates on these maven 'arch types'? (I find the ones I choose having fairly old version of libraries).
If I have to start off on my own creating a Maven dependacies, where will I get information about what are the dependent libraries, for example, if I need spring MVC, for sure it needs java servlet library. I am worried becuase the maven 'spring-mvc-jap' arch type whooping 50 libaries as dependancies.(Coming from embeded domain, I find to too hard to digest :D). So not sure if it is the right way.
Please correct if I am missing anything in my understanding.
You can find this information, if you are using maven and some IDE you can go to the dependancy and make click un > and this will show the librarys used for this dependancy or if you want to use the console you have http://maven.apache.org/plugins/maven-dependency-plugin/examples/resolving-conflicts-using-the-dependency-tree.html this will show the same that the IDE.
After normally in the documentation of the library used, you can find some doc about the dependancy about this.
Other solution is get the .jar and use 7zip to see the POM and know the dependancy used.
And for finish my answer if the IDE tell you that you dont have x dependancy normally you have to add this because any of the other dependancy used have it (they used only for the compiling task), but sometime somes projet change a lots of code between the version .a to .b so you will have some problem using the version .b, at this moment i didnt find one good and easy way to fix this, only using the way that i told you (only if i found some problem in the compilation)
3> I am not sure how it works in eclipse but in IntelliJ IDEA when you start using some class without proper dependency IDEA suggest you to add proper dependency automatically. The same approach should be in eclipse.
I've trying to use Eclipse JDT AST parsing classes. After including the initial JAR, and sorting out a couple more dependencies, it is with 7+ JARs and I still having NoClassDefFoundError exceptions. This situation arises whenever I'm trying to test libraries with little or no documentation. Trial and error seems a very dumb (and annoying) approach to solve this problem.
Is there a way to automatically sort this out using Eclipse?
Update: Later I found that adding all the JARs you have, and using Ctrl-T (to view/locate types), lets you manually locate the JAR. That was the solution that Google provided so far. Is there a better way?
If you refer to this SO question Finding unused jars used in an eclipse project, you also have:
ClassPathHelper, which can quickly focus on unresolved classes:
It automatically identifies orphan jars, blocked (obscured) classes, and much more.
The only limit is dependencies that are not defined in classes, e.g. in dependency injection framework configuration files.
I have found setting up a workspace exclusively for browsing the eclipse source code incredibly useful. In this manner, you can use PDE tools like the Plug-in Spy, bundle dependency analysis, browsing the documentation, etc much like you would your own plugin projects. I found this article at Vogella a very useful guide.
If you know which bundle your desired class is you can generate the transitive closure of dependencies by creating a new OSGi launch configuration, with just the single bundle selected. By hitting the Add Required button, you can see all bundles necessary to use the one you're interested in.
Edit:
From your question it wasn't clear as to the environment you want to run the compiler in. If you're interested in an embeddable Java compiler to be run outside of an OSGi environment, may I suggest Janino.
You could use a dependency analyzer like:
JarAnalyzer
This will parse a directory full of Jars and give you an XML output dependency map, for which there are several tools for displaying in either graphical or text form.