diff --git a/.gitignore b/.gitignore
index f87c951..1eec11f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,6 +12,7 @@ buildNumber.properties
.settings/
.vscode/
src/test/resources/unit/spdx-maven-plugin-test/spdx maven plugin test.spdx.rdf.xml
+.idea/
# Avoid ignoring Maven wrapper jar file (.jar files are usually ignored)
!/.mvn/wrapper/maven-wrapper.jar
diff --git a/pom.xml b/pom.xml
index 9db2dbe..bdc2a2d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -89,6 +89,11 @@
file-management
3.1.0
+
+ org.apache.maven.shared
+ maven-dependency-tree
+ 3.1.0
+
org.spdx
@@ -118,12 +123,30 @@
${maven.version}
test
+
+ org.apache.maven.resolver
+ maven-resolver-connector-basic
+ 1.6.3
+ test
+
org.apache.maven.plugin-testing
maven-plugin-testing-harness
3.3.0
test
+
+ org.eclipse.aether
+ aether-transport-file
+ 1.1.0
+ test
+
+
+ org.eclipse.aether
+ aether-transport-http
+ 1.1.0
+ test
+
diff --git a/src/main/java/org/spdx/maven/CreateSpdxMojo.java b/src/main/java/org/spdx/maven/CreateSpdxMojo.java
index 7f97f39..bdf1b4d 100644
--- a/src/main/java/org/spdx/maven/CreateSpdxMojo.java
+++ b/src/main/java/org/spdx/maven/CreateSpdxMojo.java
@@ -29,9 +29,14 @@
import org.apache.maven.plugins.annotations.Mojo;
import org.apache.maven.plugins.annotations.Parameter;
import org.apache.maven.plugins.annotations.ResolutionScope;
+import org.apache.maven.project.DefaultProjectBuildingRequest;
import org.apache.maven.project.MavenProject;
import org.apache.maven.project.MavenProjectHelper;
import org.apache.maven.project.ProjectBuilder;
+import org.apache.maven.project.ProjectBuildingRequest;
+import org.apache.maven.shared.dependency.graph.DependencyGraphBuilder;
+import org.apache.maven.shared.dependency.graph.DependencyGraphBuilderException;
+import org.apache.maven.shared.dependency.graph.DependencyNode;
import org.apache.maven.shared.model.fileset.FileSet;
import org.spdx.library.InvalidSPDXAnalysisException;
@@ -120,12 +125,15 @@ public class CreateSpdxMojo extends AbstractMojo
@Component
private MavenSession session;
+ @Component(hint = "default")
+ private DependencyGraphBuilder dependencyGraphBuilder;
+
// Parameters for the plugin
/**
* SPDX File name
*/
@Parameter( defaultValue = "${project.reporting.outputDirectory}/${project.groupId}_${project.artifactId}-${project.version}.spdx",
- property = "spdxFileName" )
+ property = "spdxFileName" )
private File spdxFile;
/**
@@ -536,12 +544,7 @@ public void execute() throws MojoExecutionException
// add dependencies information
try
{
- @SuppressWarnings("deprecation")
- Set dependencies = includeTransitiveDependencies ? mavenProject.getArtifacts() : mavenProject.getDependencyArtifacts();
-
- logDependencies( dependencies );
-
- SpdxDependencyInformation dependencyInformation = getSpdxDependencyInformation( dependencies, builder, useArtifactID );
+ SpdxDependencyInformation dependencyInformation = getSpdxDependencyInformation( builder );
builder.addDependencyInformation( dependencyInformation );
}
@@ -553,6 +556,10 @@ public void execute() throws MojoExecutionException
{
throw new MojoExecutionException( "SPDX analysis error processing dependencies", e );
}
+ catch ( DependencyGraphBuilderException e )
+ {
+ throw new MojoExecutionException( "SPDX analysis error getting the dependencies", e );
+ }
// save result to SPDX file
builder.saveSpdxDocumentToFile();
@@ -648,52 +655,27 @@ private SpdxDocumentBuilder initSpdxDocumentBuilder( OutputFormat outputFormatEn
/**
* Collect dependency information from Maven dependencies
*
- * @param dependencies Maven dependencies
* @param builder SPDX document builder
- * @param useArtifactID If true, use ${project.groupId}:${artifactId} as the SPDX package name, otherwise, ${project.name} will be used
- * @return information collected from Maven dependencies
* @throws LicenseMapperException
* @throws InvalidSPDXAnalysisException
*/
- private SpdxDependencyInformation getSpdxDependencyInformation( Set dependencies,
- SpdxDocumentBuilder builder,
- boolean useArtifactID ) throws LicenseMapperException, InvalidSPDXAnalysisException
+ private SpdxDependencyInformation getSpdxDependencyInformation( SpdxDocumentBuilder builder )
+ throws LicenseMapperException, InvalidSPDXAnalysisException, DependencyGraphBuilderException
{
- SpdxDependencyInformation retval = new SpdxDependencyInformation( builder.getLicenseManager(), builder.getSpdxDoc(), createExternalRefs, generatePurls );
- if ( dependencies != null )
- {
- for ( Artifact dependency : dependencies )
- {
- retval.addMavenDependency( dependency, mavenProjectBuilder, session, mavenProject, useArtifactID );
- }
- }
- return retval;
- }
+ SpdxDependencyInformation retval = new SpdxDependencyInformation( builder.getLicenseManager(), builder.getSpdxDoc(),
+ createExternalRefs, generatePurls, useArtifactID,
+ includeTransitiveDependencies );
- private void logDependencies( Set dependencies )
- {
- if ( !getLog().isDebugEnabled() )
+ if ( session != null )
{
- return;
- }
- getLog().debug( "Dependencies:" );
- if ( dependencies == null )
- {
- getLog().debug( "\tNull dependencies" );
- return;
- }
- if ( dependencies.isEmpty() )
- {
- getLog().debug( "\tZero dependencies" );
- return;
- }
- for ( Artifact dependency : dependencies )
- {
- String filePath = dependency.getFile() != null ? dependency.getFile().getAbsolutePath() : "[NONE]";
- String scope = dependency.getScope() != null ? dependency.getScope() : "[NONE]";
- getLog().debug(
- "ArtifactId: " + dependency.getArtifactId() + ", file path: " + filePath + ", Scope: " + scope );
+ ProjectBuildingRequest request = new DefaultProjectBuildingRequest( session.getProjectBuildingRequest() );
+ request.setProject( mavenProject );
+ DependencyNode parentNode = dependencyGraphBuilder.buildDependencyGraph( request, null );
+
+ retval.addMavenDependencies( mavenProjectBuilder, session, mavenProject, parentNode, builder.getProjectPackage() );
}
+
+ return retval;
}
private void logFileSpecificInfo( HashMap fileSpecificInformation )
diff --git a/src/main/java/org/spdx/maven/utils/SpdxDependencyInformation.java b/src/main/java/org/spdx/maven/utils/SpdxDependencyInformation.java
index f7f2067..dd77eea 100644
--- a/src/main/java/org/spdx/maven/utils/SpdxDependencyInformation.java
+++ b/src/main/java/org/spdx/maven/utils/SpdxDependencyInformation.java
@@ -31,9 +31,7 @@
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
-
import javax.annotation.Nullable;
-
import org.apache.maven.artifact.Artifact;
import org.apache.maven.artifact.repository.ArtifactRepository;
import org.apache.maven.execution.MavenSession;
@@ -47,9 +45,9 @@
import org.apache.maven.project.ProjectBuildingException;
import org.apache.maven.project.ProjectBuildingRequest;
import org.apache.maven.project.ProjectBuildingResult;
+import org.apache.maven.shared.dependency.graph.DependencyNode;
import org.apache.maven.shared.model.fileset.FileSet;
import org.codehaus.plexus.util.xml.pull.XmlPullParserException;
-
import org.spdx.jacksonstore.MultiFormatStore;
import org.spdx.jacksonstore.MultiFormatStore.Format;
import org.spdx.jacksonstore.MultiFormatStore.Verbose;
@@ -58,9 +56,7 @@
import org.spdx.library.SpdxInvalidIdException;
import org.spdx.library.model.Checksum;
import org.spdx.library.model.ExternalDocumentRef;
-import org.spdx.library.model.ExternalRef;
import org.spdx.library.model.ExternalSpdxElement;
-import org.spdx.library.model.ReferenceType;
import org.spdx.library.model.Relationship;
import org.spdx.library.model.SpdxDocument;
import org.spdx.library.model.SpdxElement;
@@ -68,7 +64,6 @@
import org.spdx.library.model.enumerations.AnnotationType;
import org.spdx.library.model.enumerations.ChecksumAlgorithm;
import org.spdx.library.model.enumerations.Purpose;
-import org.spdx.library.model.enumerations.ReferenceCategory;
import org.spdx.library.model.enumerations.RelationshipType;
import org.spdx.library.model.license.AnyLicenseInfo;
import org.spdx.library.model.license.SpdxNoAssertionLicense;
@@ -91,62 +86,10 @@ public class SpdxDependencyInformation
{
private static final Logger LOG = LoggerFactory.getLogger( SpdxDependencyInformation.class );
- /**
- * Store information about a relationship which will be from a package to
- * a package yet to be determined.
- */
- static class FromRelationship {
- private SpdxPackage fromPackage;
- private RelationshipType relationshipType;
-
- /**
- * @param fromPackage Package which is to be related TO the relatedPackage
- * @param relationshipType type of relationship
- */
- FromRelationship( SpdxPackage fromPackage, RelationshipType relationshipType ) {
- this.fromPackage = fromPackage;
- this.relationshipType = relationshipType;
- }
-
- /**
- * Creates a relationship to the toPackage and adds that relationship to the fromPackage
- * @param toPackage Package which is related to the dependency
- * @return the created relationship
- * @throws InvalidSPDXAnalysisException
- */
- Relationship createAndAddRelationship(SpdxPackage toPackage) throws InvalidSPDXAnalysisException {
- Relationship retval = fromPackage.createRelationship( toPackage, relationshipType,
- "Relationship created based on Maven POM information" );
- fromPackage.addRelationship( retval );
- return retval;
- }
-
- /**
- * @return the fromPackage
- */
- public SpdxPackage getFromPackage()
- {
- return fromPackage;
- }
-
- /**
- * @return the relationshipType
- */
- public RelationshipType getRelationshipType()
- {
- return relationshipType;
- }
- }
-
/**
* List of all Relationships added for dependances To a related element
*/
- private List toRelationships = new ArrayList<>();
-
- /**
- * List of relationships from a package to a TBD package
- */
- private List fromRelationships = new ArrayList<>();
+ private Map> relationships = new HashMap<>();
/**
* Map of namespaces to ExternalDocumentRefs
@@ -157,34 +100,49 @@ public RelationshipType getRelationshipType()
private SpdxDocument spdxDoc;
private boolean createExternalRefs = false;
private boolean generatePurls = false;
+ private boolean useArtifactID = false;
+ private boolean includeTransitiveDependencies = false;
DateFormat format = new SimpleDateFormat( SpdxConstants.SPDX_DATE_FORMAT );
/**
*/
public SpdxDependencyInformation( LicenseManager licenseManager,
- SpdxDocument spdxDoc, boolean createExternalRefs, boolean generatePurls )
+ SpdxDocument spdxDoc, boolean createExternalRefs, boolean generatePurls, boolean useArtifactID,
+ boolean includeTransitiveDependencies )
{
this.licenseManager = licenseManager;
this.spdxDoc = spdxDoc;
this.createExternalRefs = createExternalRefs;
this.generatePurls = generatePurls;
+ this.useArtifactID = useArtifactID;
+ this.includeTransitiveDependencies = includeTransitiveDependencies;
}
/**
- * Add information about a Maven dependency to the list of SPDX Dependencies
+ * Adds information about Maven dependencies to the list of SPDX Dependencies
*
- * @param dependency
* @param mavenProjectBuilder project builder for the repo containing the POM file
* @param session Maven session for building the project
- * @param mavenProject Maven project
- * @param useArtifactID If true, use ${project.groupId}:${artifactId} as the SPDX package name, otherwise, ${project.name} will be used
- * @throws LicenseMapperException
- * @throws InvalidSPDXAnalysisException
+ * @param mavenProject Maven project
*/
- public void addMavenDependency( Artifact dependency, ProjectBuilder mavenProjectBuilder,
- MavenSession session, MavenProject mavenProject,
- boolean useArtifactID ) throws LicenseMapperException, InvalidSPDXAnalysisException
+ public void addMavenDependencies( ProjectBuilder mavenProjectBuilder, MavenSession session, MavenProject mavenProject,
+ DependencyNode node, SpdxElement pkg ) throws LicenseMapperException, InvalidSPDXAnalysisException
{
+ List children = node.getChildren();
+
+ logDependencies( children );
+
+ for ( DependencyNode childNode : children )
+ {
+ addMavenDependency( pkg, childNode, mavenProjectBuilder, session, mavenProject );
+ }
+ }
+
+ private void addMavenDependency( SpdxElement parentPackage, DependencyNode dependencyNode, ProjectBuilder mavenProjectBuilder,
+ MavenSession session, MavenProject mavenProject )
+ throws LicenseMapperException, InvalidSPDXAnalysisException
+ {
+ Artifact dependency = dependencyNode.getArtifact();
String scope = dependency.getScope();
RelationshipType relType = scopeToRelationshipType( scope, dependency.isOptional() );
if ( relType == RelationshipType.OTHER )
@@ -192,25 +150,62 @@ public void addMavenDependency( Artifact dependency, ProjectBuilder mavenProject
LOG.warn(
"Could not determine the SPDX relationship type for dependency artifact ID " + dependency.getArtifactId() + " scope " + scope );
}
+
SpdxElement dependencyPackage = createSpdxPackage( dependency, mavenProjectBuilder, session, mavenProject, useArtifactID );
- if ( relType.toString().endsWith( "_OF" ))
+
+ if ( relType.toString().endsWith( "_OF" ) )
{
- if ( dependencyPackage instanceof SpdxPackage)
+ if ( dependencyPackage instanceof SpdxPackage )
{
- this.fromRelationships.add( new FromRelationship( (SpdxPackage)dependencyPackage, relType ) );
- LOG.debug( "Added relationship of type "+relType.toString() + " for "+dependencyPackage.getName() );
+ this.relationships.computeIfAbsent( parentPackage, key -> new ArrayList<>() )
+ .add( spdxDoc.createRelationship( dependencyPackage, relType,
+ "Relationship created based on Maven POM information" ) );
+ LOG.debug( "Added relationship of type " + relType + " for " + dependencyPackage.getName() );
}
else
{
- this.toRelationships.add( spdxDoc.createRelationship( dependencyPackage, RelationshipType.OTHER,
- "This relationship is the inverse of "+relType.toString()+" to an external document reference." ) );
- LOG.debug( "Could not create proper to relationships for external element "+dependencyPackage.getId() );
+ this.relationships.computeIfAbsent( dependencyPackage, key -> new ArrayList<>() )
+ .add( spdxDoc.createRelationship( parentPackage, RelationshipType.OTHER,
+ "This relationship is the inverse of " + relType + " to an external document reference." ) );
+ LOG.debug( "Could not create proper to relationships for external element " + dependencyPackage.getId() );
}
}
else
{
- this.toRelationships.add( spdxDoc.createRelationship( dependencyPackage, relType,
- "Relationship based on Maven POM file dependency information" ) );
+ this.relationships.computeIfAbsent( parentPackage, key -> new ArrayList<>() )
+ .add( spdxDoc.createRelationship( dependencyPackage, relType,
+ "Relationship based on Maven POM file dependency information" ) );
+ }
+
+ if ( includeTransitiveDependencies ) {
+ addMavenDependencies( mavenProjectBuilder, session, mavenProject, dependencyNode, dependencyPackage );
+ }
+ }
+
+ private void logDependencies( List dependencies )
+ {
+ if ( !LOG.isDebugEnabled() )
+ {
+ return;
+ }
+ LOG.debug( "Dependencies:" );
+ if ( dependencies == null )
+ {
+ LOG.debug( "\tNull dependencies" );
+ return;
+ }
+ if ( dependencies.isEmpty() )
+ {
+ LOG.debug( "\tZero dependencies" );
+ return;
+ }
+ for ( DependencyNode node : dependencies )
+ {
+ Artifact dependency = node.getArtifact();
+ String filePath = dependency.getFile() != null ? dependency.getFile().getAbsolutePath() : "[NONE]";
+ String scope = dependency.getScope() != null ? dependency.getScope() : "[NONE]";
+ LOG.debug(
+ "ArtifactId: " + dependency.getArtifactId() + ", file path: " + filePath + ", Scope: " + scope );
}
}
@@ -326,10 +321,10 @@ private SpdxElement createSpdxPackage( Artifact artifact,
{
ProjectBuildingRequest request = new DefaultProjectBuildingRequest( session.getProjectBuildingRequest() );
request.setRemoteRepositories( mavenProject.getRemoteArtifactRepositories() );
- for (ArtifactRepository ar:request.getRemoteRepositories()) {
+ for ( ArtifactRepository ar : request.getRemoteRepositories() ) {
LOG.debug( "request Remote repository ID: " + ar.getId() );
}
- for (ArtifactRepository ar:mavenProject.getRemoteArtifactRepositories()) {
+ for ( ArtifactRepository ar : mavenProject.getRemoteArtifactRepositories() ) {
LOG.debug( "Project Remote repository ID: " + ar.getId() );
}
ProjectBuildingResult build = mavenProjectBuilder.build( artifact, request );
@@ -813,16 +808,11 @@ public Collection getDocumentExternalReferences()
}
/**
- * @return the toRelationships
+ * @return the relationships
*/
- public List getToRelationships()
- {
- return toRelationships;
- }
-
- public List getFromRelationships()
+ public Map> getRelationships()
{
- return fromRelationships;
+ return relationships;
}
/**
diff --git a/src/main/java/org/spdx/maven/utils/SpdxDocumentBuilder.java b/src/main/java/org/spdx/maven/utils/SpdxDocumentBuilder.java
index c477982..81b652b 100644
--- a/src/main/java/org/spdx/maven/utils/SpdxDocumentBuilder.java
+++ b/src/main/java/org/spdx/maven/utils/SpdxDocumentBuilder.java
@@ -44,6 +44,7 @@
import org.spdx.library.model.Relationship;
import org.spdx.library.model.SpdxCreatorInformation;
import org.spdx.library.model.SpdxDocument;
+import org.spdx.library.model.SpdxElement;
import org.spdx.library.model.SpdxModelFactory;
import org.spdx.library.model.SpdxPackage;
import org.spdx.library.model.SpdxPackageVerificationCode;
@@ -216,35 +217,24 @@ public void saveSpdxDocumentToFile() throws SpdxBuilderException
*/
public void addDependencyInformation( SpdxDependencyInformation dependencyInformation ) throws SpdxBuilderException
{
- List packageRelationships = dependencyInformation.getToRelationships();
+ Map> packageRelationships = dependencyInformation.getRelationships();
if ( packageRelationships != null )
{
- for ( Relationship relationship : packageRelationships )
+ for ( Map.Entry> entry : packageRelationships.entrySet() )
{
- try
- {
- this.projectPackage.addRelationship( relationship );
- }
- catch ( InvalidSPDXAnalysisException e )
- {
- throw new SpdxBuilderException( "Unable to set package dependencies", e );
- }
- }
- }
- List fromRelationships = dependencyInformation.getFromRelationships();
- if ( fromRelationships != null )
- {
- for ( SpdxDependencyInformation.FromRelationship fromRelationship : fromRelationships )
- {
- try
- {
- Relationship rel =fromRelationship.createAndAddRelationship( projectPackage );
- LOG.debug( "Created relationship of type " + rel.getRelationshipType().toString() +
- " from " + fromRelationship.getFromPackage().getName() );
- }
- catch ( InvalidSPDXAnalysisException e )
+ SpdxElement parentElement = entry.getKey();
+ List relationships = entry.getValue();
+
+ for ( Relationship relationship : relationships )
{
- throw new SpdxBuilderException( "Unable to set dependency to package", e );
+ try
+ {
+ parentElement.addRelationship( relationship );
+ }
+ catch ( InvalidSPDXAnalysisException e )
+ {
+ throw new SpdxBuilderException("Unable to set package dependencies", e);
+ }
}
}
}
@@ -535,4 +525,9 @@ public LicenseManager getLicenseManager()
return this.licenseManager;
}
+ public SpdxPackage getProjectPackage()
+ {
+ return projectPackage;
+ }
+
}
diff --git a/src/test/java/org/spdx/maven/TestWithSessionSpdxMojo.java b/src/test/java/org/spdx/maven/TestWithSessionSpdxMojo.java
new file mode 100644
index 0000000..028dc92
--- /dev/null
+++ b/src/test/java/org/spdx/maven/TestWithSessionSpdxMojo.java
@@ -0,0 +1,179 @@
+package org.spdx.maven;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.file.Files;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+import org.apache.maven.artifact.repository.ArtifactRepository;
+import org.apache.maven.artifact.repository.ArtifactRepositoryPolicy;
+import org.apache.maven.artifact.repository.MavenArtifactRepository;
+import org.apache.maven.artifact.repository.layout.DefaultRepositoryLayout;
+import org.apache.maven.execution.DefaultMavenExecutionRequest;
+import org.apache.maven.execution.DefaultMavenExecutionResult;
+import org.apache.maven.execution.MavenExecutionRequest;
+import org.apache.maven.execution.MavenExecutionResult;
+import org.apache.maven.execution.MavenSession;
+import org.apache.maven.plugin.testing.AbstractMojoTestCase;
+import org.apache.maven.project.MavenProject;
+import org.apache.maven.project.ProjectBuilder;
+import org.apache.maven.project.ProjectBuildingRequest;
+import org.apache.maven.repository.internal.MavenRepositorySystemUtils;
+import org.eclipse.aether.DefaultRepositorySystemSession;
+import org.eclipse.aether.RepositorySystem;
+import org.eclipse.aether.RepositorySystemSession;
+import org.eclipse.aether.impl.DefaultServiceLocator;
+import org.eclipse.aether.repository.LocalRepository;
+import org.eclipse.aether.repository.LocalRepositoryManager;
+import org.junit.Assert;
+import org.junit.Test;
+import org.spdx.jacksonstore.MultiFormatStore;
+import org.spdx.jacksonstore.MultiFormatStore.Format;
+import org.spdx.library.InvalidSPDXAnalysisException;
+import org.spdx.library.ModelCopyManager;
+import org.spdx.library.model.Relationship;
+import org.spdx.library.model.SpdxDocument;
+import org.spdx.library.model.SpdxModelFactory;
+import org.spdx.library.model.SpdxPackage;
+import org.spdx.spdxRdfStore.RdfStore;
+import org.spdx.storage.ISerializableModelStore;
+import org.spdx.storage.simple.InMemSpdxStore;
+
+public class TestWithSessionSpdxMojo extends AbstractMojoTestCase
+{
+
+ private static final String UNIT_TEST_RESOURCE_DIR = "target/test-classes/unit/spdx-maven-plugin-test";
+
+ @Test
+ public void testDependencies() throws Exception
+ {
+ File pom = new File( getBasedir(), UNIT_TEST_RESOURCE_DIR + "/json-pom-dependencies.xml" );
+ SpdxDocument result = runMojoWithPom( pom );
+
+ Set packages = new HashSet<>();
+ Set relationships = new HashSet<>();
+ SpdxModelFactory.getElements( result.getModelStore(), result.getDocumentUri(), result.getCopyManager(), SpdxPackage.class )
+ .forEach( ( element ) -> {
+ SpdxPackage pkg = (SpdxPackage) element;
+ try
+ {
+ packages.add( pkg.getName().get() );
+
+ for ( Relationship rel : pkg.getRelationships() )
+ {
+ relationships.add( pkg.getName().get() + "->" + rel.getRelatedSpdxElement().get().getName().get() );
+ }
+ }
+ catch ( InvalidSPDXAnalysisException e )
+ {
+ throw new RuntimeException( e );
+ }
+ });
+
+ assertTrue( packages.contains( "org.spdx:spdx-maven-plugin-test" ) );
+ assertTrue( packages.contains( "junit" ) );
+ assertTrue( packages.contains( "hamcrest-core" ) );
+ assertTrue( relationships.contains( "org.spdx:spdx-maven-plugin-test->junit" ) );
+ assertTrue( relationships.contains( "junit->hamcrest-core" ) );
+ }
+
+ // -- Configure mojo loader
+
+ private SpdxDocument runMojoWithPom( File pom ) throws Exception
+ {
+ CreateSpdxMojo mojo = (CreateSpdxMojo) lookupConfiguredMojo( readMavenProject( pom ), "createSPDX" );
+ mojo.execute();
+
+ File artifactFile = (File) getVariableValueFromObject( mojo, "spdxFile" );
+ assertTrue( artifactFile.exists() );
+ String outputFormat = (String) getVariableValueFromObject( mojo, "outputFormat" );
+ ISerializableModelStore modelStore = buildModelStore( outputFormat );
+ ModelCopyManager copyManager = new ModelCopyManager();
+ try ( InputStream is = new FileInputStream( artifactFile.getAbsolutePath() ) )
+ {
+ String documentUri = modelStore.deSerialize( is, false );
+ return new SpdxDocument( modelStore, documentUri, copyManager, false );
+ }
+ }
+
+ private ISerializableModelStore buildModelStore( String outputFormat )
+ {
+ switch ( outputFormat )
+ {
+ case "JSON":
+ return new MultiFormatStore( new InMemSpdxStore(), Format.JSON );
+ case "RDF/XML":
+ return new RdfStore();
+ default:
+ throw new IllegalArgumentException( "Unknown output format " + outputFormat );
+ }
+ }
+
+ @Override
+ protected MavenSession newMavenSession( MavenProject project )
+ {
+ MavenExecutionRequest request = new DefaultMavenExecutionRequest();
+ MavenExecutionResult result = new DefaultMavenExecutionResult();
+
+ MavenSession session = new MavenSession( getContainer(), createRepositorySystemSession(), request, result );
+ session.setCurrentProject( project );
+ session.setProjects( List.of( project ) );
+ session.getRequest().setLocalRepository(createLocalArtifactRepository());
+ return session;
+ }
+
+ private RepositorySystemSession createRepositorySystemSession() {
+ DefaultServiceLocator locator = MavenRepositorySystemUtils.newServiceLocator();
+ RepositorySystem repositorySystem = locator.getService( RepositorySystem.class );
+
+ LocalRepository localRepo = null;
+ try
+ {
+ localRepo = new LocalRepository( Files.createTempDirectory("tmpDirPrefix").toFile() );
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException(e);
+ }
+
+ DefaultRepositorySystemSession session = MavenRepositorySystemUtils.newSession();
+ LocalRepositoryManager lrm = repositorySystem.newLocalRepositoryManager( session, localRepo );
+ session.setLocalRepositoryManager( lrm );
+
+ return session;
+ }
+
+ private ArtifactRepository createLocalArtifactRepository() {
+ try {
+ return new MavenArtifactRepository(
+ "local",
+ Files.createTempDirectory( "tmpDirPrefix" ).toString(),
+ new DefaultRepositoryLayout(),
+ new ArtifactRepositoryPolicy( true, ArtifactRepositoryPolicy.UPDATE_POLICY_ALWAYS, ArtifactRepositoryPolicy.CHECKSUM_POLICY_IGNORE ),
+ new ArtifactRepositoryPolicy( true, ArtifactRepositoryPolicy.UPDATE_POLICY_ALWAYS, ArtifactRepositoryPolicy.CHECKSUM_POLICY_IGNORE )
+ );
+ }
+ catch ( IOException e )
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ private MavenProject readMavenProject( File pom )
+ throws Exception
+ {
+ MavenExecutionRequest request = new DefaultMavenExecutionRequest();
+ request.setBaseDirectory( new File( getBasedir() ) );
+ ProjectBuildingRequest configuration = request.getProjectBuildingRequest();
+ configuration.setResolveDependencies( true );
+ configuration.setLocalRepository( createLocalArtifactRepository() );
+ configuration.setRepositorySession( createRepositorySystemSession() );
+ MavenProject project = lookup( ProjectBuilder.class ).build( pom, configuration ).getProject();
+ Assert.assertNotNull( project );
+ return project;
+ }
+
+}
diff --git a/src/test/resources/unit/spdx-maven-plugin-test/json-pom-dependencies.xml b/src/test/resources/unit/spdx-maven-plugin-test/json-pom-dependencies.xml
new file mode 100644
index 0000000..d3a20d9
--- /dev/null
+++ b/src/test/resources/unit/spdx-maven-plugin-test/json-pom-dependencies.xml
@@ -0,0 +1,107 @@
+
+ 4.0.0
+
+ org.spdx
+ spdx-maven-plugin-test
+ 1.0-SNAPSHOT
+ jar
+ Test SPDX Plugin
+
+
+ The Apache Software License, Version 2.0
+ http://www.apache.org/licenses/LICENSE-2.0.txt
+ repo
+
+
+ http://spdx.org/tools
+
+ Linux Foundation
+ http://www.linuxfoundation.org
+
+
+ UTF-8
+
+
+
+
+ junit
+ junit
+ 4.13.1
+ test
+
+
+
+
+ src
+ Test
+
+
+ resources
+ false
+ resources
+
+ **/*
+
+
+
+ META-INF
+ false
+ .
+
+ NOTICE
+ LICENSE
+ README.txt
+ changelog
+
+
+
+ src
+
+ **/*.java
+
+
+
+
+
+ Test
+
+ **/*.java
+
+
+
+ false
+ TestFiles
+
+ **/*
+
+
+
+
+
+
+ org.spdx
+ spdx-maven-plugin
+ 1.0-SNAPSHOT
+
+
+ build-spdx
+ prepare-package
+
+ createSPDX
+
+
+
+
+ target/test-classes/unit/spdx-maven-plugin-test/test.spdx.json
+ true
+ JSON
+ http://spdx.org/documents/spdx%20toolsv2.0%20rc1
+ Apache-2.0
+ true
+
+
+
+
+