From d58e29fbf3f799495b33afd06a5473b0dada32b9 Mon Sep 17 00:00:00 2001 From: rorts Date: Fri, 26 Jan 2024 17:08:59 +0100 Subject: [PATCH] Dependency graph --- .gitignore | 1 + pom.xml | 23 +++ .../java/org/spdx/maven/CreateSpdxMojo.java | 72 +++---- .../utils/SpdxDependencyInformation.java | 166 ++++++++-------- .../spdx/maven/utils/SpdxDocumentBuilder.java | 45 ++--- .../spdx/maven/TestWithSessionSpdxMojo.java | 179 ++++++++++++++++++ .../json-pom-dependencies.xml | 107 +++++++++++ 7 files changed, 435 insertions(+), 158 deletions(-) create mode 100644 src/test/java/org/spdx/maven/TestWithSessionSpdxMojo.java create mode 100644 src/test/resources/unit/spdx-maven-plugin-test/json-pom-dependencies.xml diff --git a/.gitignore b/.gitignore index f87c951..1eec11f 100644 --- a/.gitignore +++ b/.gitignore @@ -12,6 +12,7 @@ buildNumber.properties .settings/ .vscode/ src/test/resources/unit/spdx-maven-plugin-test/spdx maven plugin test.spdx.rdf.xml +.idea/ # Avoid ignoring Maven wrapper jar file (.jar files are usually ignored) !/.mvn/wrapper/maven-wrapper.jar diff --git a/pom.xml b/pom.xml index 9db2dbe..bdc2a2d 100644 --- a/pom.xml +++ b/pom.xml @@ -89,6 +89,11 @@ file-management 3.1.0 + + org.apache.maven.shared + maven-dependency-tree + 3.1.0 + org.spdx @@ -118,12 +123,30 @@ ${maven.version} test + + org.apache.maven.resolver + maven-resolver-connector-basic + 1.6.3 + test + org.apache.maven.plugin-testing maven-plugin-testing-harness 3.3.0 test + + org.eclipse.aether + aether-transport-file + 1.1.0 + test + + + org.eclipse.aether + aether-transport-http + 1.1.0 + test + diff --git a/src/main/java/org/spdx/maven/CreateSpdxMojo.java b/src/main/java/org/spdx/maven/CreateSpdxMojo.java index 7f97f39..bdf1b4d 100644 --- a/src/main/java/org/spdx/maven/CreateSpdxMojo.java +++ b/src/main/java/org/spdx/maven/CreateSpdxMojo.java @@ -29,9 +29,14 @@ import org.apache.maven.plugins.annotations.Mojo; import org.apache.maven.plugins.annotations.Parameter; import org.apache.maven.plugins.annotations.ResolutionScope; +import org.apache.maven.project.DefaultProjectBuildingRequest; import org.apache.maven.project.MavenProject; import org.apache.maven.project.MavenProjectHelper; import org.apache.maven.project.ProjectBuilder; +import org.apache.maven.project.ProjectBuildingRequest; +import org.apache.maven.shared.dependency.graph.DependencyGraphBuilder; +import org.apache.maven.shared.dependency.graph.DependencyGraphBuilderException; +import org.apache.maven.shared.dependency.graph.DependencyNode; import org.apache.maven.shared.model.fileset.FileSet; import org.spdx.library.InvalidSPDXAnalysisException; @@ -120,12 +125,15 @@ public class CreateSpdxMojo extends AbstractMojo @Component private MavenSession session; + @Component(hint = "default") + private DependencyGraphBuilder dependencyGraphBuilder; + // Parameters for the plugin /** * SPDX File name */ @Parameter( defaultValue = "${project.reporting.outputDirectory}/${project.groupId}_${project.artifactId}-${project.version}.spdx", - property = "spdxFileName" ) + property = "spdxFileName" ) private File spdxFile; /** @@ -536,12 +544,7 @@ public void execute() throws MojoExecutionException // add dependencies information try { - @SuppressWarnings("deprecation") - Set dependencies = includeTransitiveDependencies ? mavenProject.getArtifacts() : mavenProject.getDependencyArtifacts(); - - logDependencies( dependencies ); - - SpdxDependencyInformation dependencyInformation = getSpdxDependencyInformation( dependencies, builder, useArtifactID ); + SpdxDependencyInformation dependencyInformation = getSpdxDependencyInformation( builder ); builder.addDependencyInformation( dependencyInformation ); } @@ -553,6 +556,10 @@ public void execute() throws MojoExecutionException { throw new MojoExecutionException( "SPDX analysis error processing dependencies", e ); } + catch ( DependencyGraphBuilderException e ) + { + throw new MojoExecutionException( "SPDX analysis error getting the dependencies", e ); + } // save result to SPDX file builder.saveSpdxDocumentToFile(); @@ -648,52 +655,27 @@ private SpdxDocumentBuilder initSpdxDocumentBuilder( OutputFormat outputFormatEn /** * Collect dependency information from Maven dependencies * - * @param dependencies Maven dependencies * @param builder SPDX document builder - * @param useArtifactID If true, use ${project.groupId}:${artifactId} as the SPDX package name, otherwise, ${project.name} will be used - * @return information collected from Maven dependencies * @throws LicenseMapperException * @throws InvalidSPDXAnalysisException */ - private SpdxDependencyInformation getSpdxDependencyInformation( Set dependencies, - SpdxDocumentBuilder builder, - boolean useArtifactID ) throws LicenseMapperException, InvalidSPDXAnalysisException + private SpdxDependencyInformation getSpdxDependencyInformation( SpdxDocumentBuilder builder ) + throws LicenseMapperException, InvalidSPDXAnalysisException, DependencyGraphBuilderException { - SpdxDependencyInformation retval = new SpdxDependencyInformation( builder.getLicenseManager(), builder.getSpdxDoc(), createExternalRefs, generatePurls ); - if ( dependencies != null ) - { - for ( Artifact dependency : dependencies ) - { - retval.addMavenDependency( dependency, mavenProjectBuilder, session, mavenProject, useArtifactID ); - } - } - return retval; - } + SpdxDependencyInformation retval = new SpdxDependencyInformation( builder.getLicenseManager(), builder.getSpdxDoc(), + createExternalRefs, generatePurls, useArtifactID, + includeTransitiveDependencies ); - private void logDependencies( Set dependencies ) - { - if ( !getLog().isDebugEnabled() ) + if ( session != null ) { - return; - } - getLog().debug( "Dependencies:" ); - if ( dependencies == null ) - { - getLog().debug( "\tNull dependencies" ); - return; - } - if ( dependencies.isEmpty() ) - { - getLog().debug( "\tZero dependencies" ); - return; - } - for ( Artifact dependency : dependencies ) - { - String filePath = dependency.getFile() != null ? dependency.getFile().getAbsolutePath() : "[NONE]"; - String scope = dependency.getScope() != null ? dependency.getScope() : "[NONE]"; - getLog().debug( - "ArtifactId: " + dependency.getArtifactId() + ", file path: " + filePath + ", Scope: " + scope ); + ProjectBuildingRequest request = new DefaultProjectBuildingRequest( session.getProjectBuildingRequest() ); + request.setProject( mavenProject ); + DependencyNode parentNode = dependencyGraphBuilder.buildDependencyGraph( request, null ); + + retval.addMavenDependencies( mavenProjectBuilder, session, mavenProject, parentNode, builder.getProjectPackage() ); } + + return retval; } private void logFileSpecificInfo( HashMap fileSpecificInformation ) diff --git a/src/main/java/org/spdx/maven/utils/SpdxDependencyInformation.java b/src/main/java/org/spdx/maven/utils/SpdxDependencyInformation.java index f7f2067..dd77eea 100644 --- a/src/main/java/org/spdx/maven/utils/SpdxDependencyInformation.java +++ b/src/main/java/org/spdx/maven/utils/SpdxDependencyInformation.java @@ -31,9 +31,7 @@ import java.util.Map; import java.util.Objects; import java.util.Optional; - import javax.annotation.Nullable; - import org.apache.maven.artifact.Artifact; import org.apache.maven.artifact.repository.ArtifactRepository; import org.apache.maven.execution.MavenSession; @@ -47,9 +45,9 @@ import org.apache.maven.project.ProjectBuildingException; import org.apache.maven.project.ProjectBuildingRequest; import org.apache.maven.project.ProjectBuildingResult; +import org.apache.maven.shared.dependency.graph.DependencyNode; import org.apache.maven.shared.model.fileset.FileSet; import org.codehaus.plexus.util.xml.pull.XmlPullParserException; - import org.spdx.jacksonstore.MultiFormatStore; import org.spdx.jacksonstore.MultiFormatStore.Format; import org.spdx.jacksonstore.MultiFormatStore.Verbose; @@ -58,9 +56,7 @@ import org.spdx.library.SpdxInvalidIdException; import org.spdx.library.model.Checksum; import org.spdx.library.model.ExternalDocumentRef; -import org.spdx.library.model.ExternalRef; import org.spdx.library.model.ExternalSpdxElement; -import org.spdx.library.model.ReferenceType; import org.spdx.library.model.Relationship; import org.spdx.library.model.SpdxDocument; import org.spdx.library.model.SpdxElement; @@ -68,7 +64,6 @@ import org.spdx.library.model.enumerations.AnnotationType; import org.spdx.library.model.enumerations.ChecksumAlgorithm; import org.spdx.library.model.enumerations.Purpose; -import org.spdx.library.model.enumerations.ReferenceCategory; import org.spdx.library.model.enumerations.RelationshipType; import org.spdx.library.model.license.AnyLicenseInfo; import org.spdx.library.model.license.SpdxNoAssertionLicense; @@ -91,62 +86,10 @@ public class SpdxDependencyInformation { private static final Logger LOG = LoggerFactory.getLogger( SpdxDependencyInformation.class ); - /** - * Store information about a relationship which will be from a package to - * a package yet to be determined. - */ - static class FromRelationship { - private SpdxPackage fromPackage; - private RelationshipType relationshipType; - - /** - * @param fromPackage Package which is to be related TO the relatedPackage - * @param relationshipType type of relationship - */ - FromRelationship( SpdxPackage fromPackage, RelationshipType relationshipType ) { - this.fromPackage = fromPackage; - this.relationshipType = relationshipType; - } - - /** - * Creates a relationship to the toPackage and adds that relationship to the fromPackage - * @param toPackage Package which is related to the dependency - * @return the created relationship - * @throws InvalidSPDXAnalysisException - */ - Relationship createAndAddRelationship(SpdxPackage toPackage) throws InvalidSPDXAnalysisException { - Relationship retval = fromPackage.createRelationship( toPackage, relationshipType, - "Relationship created based on Maven POM information" ); - fromPackage.addRelationship( retval ); - return retval; - } - - /** - * @return the fromPackage - */ - public SpdxPackage getFromPackage() - { - return fromPackage; - } - - /** - * @return the relationshipType - */ - public RelationshipType getRelationshipType() - { - return relationshipType; - } - } - /** * List of all Relationships added for dependances To a related element */ - private List toRelationships = new ArrayList<>(); - - /** - * List of relationships from a package to a TBD package - */ - private List fromRelationships = new ArrayList<>(); + private Map> relationships = new HashMap<>(); /** * Map of namespaces to ExternalDocumentRefs @@ -157,34 +100,49 @@ public RelationshipType getRelationshipType() private SpdxDocument spdxDoc; private boolean createExternalRefs = false; private boolean generatePurls = false; + private boolean useArtifactID = false; + private boolean includeTransitiveDependencies = false; DateFormat format = new SimpleDateFormat( SpdxConstants.SPDX_DATE_FORMAT ); /** */ public SpdxDependencyInformation( LicenseManager licenseManager, - SpdxDocument spdxDoc, boolean createExternalRefs, boolean generatePurls ) + SpdxDocument spdxDoc, boolean createExternalRefs, boolean generatePurls, boolean useArtifactID, + boolean includeTransitiveDependencies ) { this.licenseManager = licenseManager; this.spdxDoc = spdxDoc; this.createExternalRefs = createExternalRefs; this.generatePurls = generatePurls; + this.useArtifactID = useArtifactID; + this.includeTransitiveDependencies = includeTransitiveDependencies; } /** - * Add information about a Maven dependency to the list of SPDX Dependencies + * Adds information about Maven dependencies to the list of SPDX Dependencies * - * @param dependency * @param mavenProjectBuilder project builder for the repo containing the POM file * @param session Maven session for building the project - * @param mavenProject Maven project - * @param useArtifactID If true, use ${project.groupId}:${artifactId} as the SPDX package name, otherwise, ${project.name} will be used - * @throws LicenseMapperException - * @throws InvalidSPDXAnalysisException + * @param mavenProject Maven project */ - public void addMavenDependency( Artifact dependency, ProjectBuilder mavenProjectBuilder, - MavenSession session, MavenProject mavenProject, - boolean useArtifactID ) throws LicenseMapperException, InvalidSPDXAnalysisException + public void addMavenDependencies( ProjectBuilder mavenProjectBuilder, MavenSession session, MavenProject mavenProject, + DependencyNode node, SpdxElement pkg ) throws LicenseMapperException, InvalidSPDXAnalysisException { + List children = node.getChildren(); + + logDependencies( children ); + + for ( DependencyNode childNode : children ) + { + addMavenDependency( pkg, childNode, mavenProjectBuilder, session, mavenProject ); + } + } + + private void addMavenDependency( SpdxElement parentPackage, DependencyNode dependencyNode, ProjectBuilder mavenProjectBuilder, + MavenSession session, MavenProject mavenProject ) + throws LicenseMapperException, InvalidSPDXAnalysisException + { + Artifact dependency = dependencyNode.getArtifact(); String scope = dependency.getScope(); RelationshipType relType = scopeToRelationshipType( scope, dependency.isOptional() ); if ( relType == RelationshipType.OTHER ) @@ -192,25 +150,62 @@ public void addMavenDependency( Artifact dependency, ProjectBuilder mavenProject LOG.warn( "Could not determine the SPDX relationship type for dependency artifact ID " + dependency.getArtifactId() + " scope " + scope ); } + SpdxElement dependencyPackage = createSpdxPackage( dependency, mavenProjectBuilder, session, mavenProject, useArtifactID ); - if ( relType.toString().endsWith( "_OF" )) + + if ( relType.toString().endsWith( "_OF" ) ) { - if ( dependencyPackage instanceof SpdxPackage) + if ( dependencyPackage instanceof SpdxPackage ) { - this.fromRelationships.add( new FromRelationship( (SpdxPackage)dependencyPackage, relType ) ); - LOG.debug( "Added relationship of type "+relType.toString() + " for "+dependencyPackage.getName() ); + this.relationships.computeIfAbsent( parentPackage, key -> new ArrayList<>() ) + .add( spdxDoc.createRelationship( dependencyPackage, relType, + "Relationship created based on Maven POM information" ) ); + LOG.debug( "Added relationship of type " + relType + " for " + dependencyPackage.getName() ); } else { - this.toRelationships.add( spdxDoc.createRelationship( dependencyPackage, RelationshipType.OTHER, - "This relationship is the inverse of "+relType.toString()+" to an external document reference." ) ); - LOG.debug( "Could not create proper to relationships for external element "+dependencyPackage.getId() ); + this.relationships.computeIfAbsent( dependencyPackage, key -> new ArrayList<>() ) + .add( spdxDoc.createRelationship( parentPackage, RelationshipType.OTHER, + "This relationship is the inverse of " + relType + " to an external document reference." ) ); + LOG.debug( "Could not create proper to relationships for external element " + dependencyPackage.getId() ); } } else { - this.toRelationships.add( spdxDoc.createRelationship( dependencyPackage, relType, - "Relationship based on Maven POM file dependency information" ) ); + this.relationships.computeIfAbsent( parentPackage, key -> new ArrayList<>() ) + .add( spdxDoc.createRelationship( dependencyPackage, relType, + "Relationship based on Maven POM file dependency information" ) ); + } + + if ( includeTransitiveDependencies ) { + addMavenDependencies( mavenProjectBuilder, session, mavenProject, dependencyNode, dependencyPackage ); + } + } + + private void logDependencies( List dependencies ) + { + if ( !LOG.isDebugEnabled() ) + { + return; + } + LOG.debug( "Dependencies:" ); + if ( dependencies == null ) + { + LOG.debug( "\tNull dependencies" ); + return; + } + if ( dependencies.isEmpty() ) + { + LOG.debug( "\tZero dependencies" ); + return; + } + for ( DependencyNode node : dependencies ) + { + Artifact dependency = node.getArtifact(); + String filePath = dependency.getFile() != null ? dependency.getFile().getAbsolutePath() : "[NONE]"; + String scope = dependency.getScope() != null ? dependency.getScope() : "[NONE]"; + LOG.debug( + "ArtifactId: " + dependency.getArtifactId() + ", file path: " + filePath + ", Scope: " + scope ); } } @@ -326,10 +321,10 @@ private SpdxElement createSpdxPackage( Artifact artifact, { ProjectBuildingRequest request = new DefaultProjectBuildingRequest( session.getProjectBuildingRequest() ); request.setRemoteRepositories( mavenProject.getRemoteArtifactRepositories() ); - for (ArtifactRepository ar:request.getRemoteRepositories()) { + for ( ArtifactRepository ar : request.getRemoteRepositories() ) { LOG.debug( "request Remote repository ID: " + ar.getId() ); } - for (ArtifactRepository ar:mavenProject.getRemoteArtifactRepositories()) { + for ( ArtifactRepository ar : mavenProject.getRemoteArtifactRepositories() ) { LOG.debug( "Project Remote repository ID: " + ar.getId() ); } ProjectBuildingResult build = mavenProjectBuilder.build( artifact, request ); @@ -813,16 +808,11 @@ public Collection getDocumentExternalReferences() } /** - * @return the toRelationships + * @return the relationships */ - public List getToRelationships() - { - return toRelationships; - } - - public List getFromRelationships() + public Map> getRelationships() { - return fromRelationships; + return relationships; } /** diff --git a/src/main/java/org/spdx/maven/utils/SpdxDocumentBuilder.java b/src/main/java/org/spdx/maven/utils/SpdxDocumentBuilder.java index c477982..81b652b 100644 --- a/src/main/java/org/spdx/maven/utils/SpdxDocumentBuilder.java +++ b/src/main/java/org/spdx/maven/utils/SpdxDocumentBuilder.java @@ -44,6 +44,7 @@ import org.spdx.library.model.Relationship; import org.spdx.library.model.SpdxCreatorInformation; import org.spdx.library.model.SpdxDocument; +import org.spdx.library.model.SpdxElement; import org.spdx.library.model.SpdxModelFactory; import org.spdx.library.model.SpdxPackage; import org.spdx.library.model.SpdxPackageVerificationCode; @@ -216,35 +217,24 @@ public void saveSpdxDocumentToFile() throws SpdxBuilderException */ public void addDependencyInformation( SpdxDependencyInformation dependencyInformation ) throws SpdxBuilderException { - List packageRelationships = dependencyInformation.getToRelationships(); + Map> packageRelationships = dependencyInformation.getRelationships(); if ( packageRelationships != null ) { - for ( Relationship relationship : packageRelationships ) + for ( Map.Entry> entry : packageRelationships.entrySet() ) { - try - { - this.projectPackage.addRelationship( relationship ); - } - catch ( InvalidSPDXAnalysisException e ) - { - throw new SpdxBuilderException( "Unable to set package dependencies", e ); - } - } - } - List fromRelationships = dependencyInformation.getFromRelationships(); - if ( fromRelationships != null ) - { - for ( SpdxDependencyInformation.FromRelationship fromRelationship : fromRelationships ) - { - try - { - Relationship rel =fromRelationship.createAndAddRelationship( projectPackage ); - LOG.debug( "Created relationship of type " + rel.getRelationshipType().toString() + - " from " + fromRelationship.getFromPackage().getName() ); - } - catch ( InvalidSPDXAnalysisException e ) + SpdxElement parentElement = entry.getKey(); + List relationships = entry.getValue(); + + for ( Relationship relationship : relationships ) { - throw new SpdxBuilderException( "Unable to set dependency to package", e ); + try + { + parentElement.addRelationship( relationship ); + } + catch ( InvalidSPDXAnalysisException e ) + { + throw new SpdxBuilderException("Unable to set package dependencies", e); + } } } } @@ -535,4 +525,9 @@ public LicenseManager getLicenseManager() return this.licenseManager; } + public SpdxPackage getProjectPackage() + { + return projectPackage; + } + } diff --git a/src/test/java/org/spdx/maven/TestWithSessionSpdxMojo.java b/src/test/java/org/spdx/maven/TestWithSessionSpdxMojo.java new file mode 100644 index 0000000..028dc92 --- /dev/null +++ b/src/test/java/org/spdx/maven/TestWithSessionSpdxMojo.java @@ -0,0 +1,179 @@ +package org.spdx.maven; + +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.nio.file.Files; +import java.util.HashSet; +import java.util.List; +import java.util.Set; +import org.apache.maven.artifact.repository.ArtifactRepository; +import org.apache.maven.artifact.repository.ArtifactRepositoryPolicy; +import org.apache.maven.artifact.repository.MavenArtifactRepository; +import org.apache.maven.artifact.repository.layout.DefaultRepositoryLayout; +import org.apache.maven.execution.DefaultMavenExecutionRequest; +import org.apache.maven.execution.DefaultMavenExecutionResult; +import org.apache.maven.execution.MavenExecutionRequest; +import org.apache.maven.execution.MavenExecutionResult; +import org.apache.maven.execution.MavenSession; +import org.apache.maven.plugin.testing.AbstractMojoTestCase; +import org.apache.maven.project.MavenProject; +import org.apache.maven.project.ProjectBuilder; +import org.apache.maven.project.ProjectBuildingRequest; +import org.apache.maven.repository.internal.MavenRepositorySystemUtils; +import org.eclipse.aether.DefaultRepositorySystemSession; +import org.eclipse.aether.RepositorySystem; +import org.eclipse.aether.RepositorySystemSession; +import org.eclipse.aether.impl.DefaultServiceLocator; +import org.eclipse.aether.repository.LocalRepository; +import org.eclipse.aether.repository.LocalRepositoryManager; +import org.junit.Assert; +import org.junit.Test; +import org.spdx.jacksonstore.MultiFormatStore; +import org.spdx.jacksonstore.MultiFormatStore.Format; +import org.spdx.library.InvalidSPDXAnalysisException; +import org.spdx.library.ModelCopyManager; +import org.spdx.library.model.Relationship; +import org.spdx.library.model.SpdxDocument; +import org.spdx.library.model.SpdxModelFactory; +import org.spdx.library.model.SpdxPackage; +import org.spdx.spdxRdfStore.RdfStore; +import org.spdx.storage.ISerializableModelStore; +import org.spdx.storage.simple.InMemSpdxStore; + +public class TestWithSessionSpdxMojo extends AbstractMojoTestCase +{ + + private static final String UNIT_TEST_RESOURCE_DIR = "target/test-classes/unit/spdx-maven-plugin-test"; + + @Test + public void testDependencies() throws Exception + { + File pom = new File( getBasedir(), UNIT_TEST_RESOURCE_DIR + "/json-pom-dependencies.xml" ); + SpdxDocument result = runMojoWithPom( pom ); + + Set packages = new HashSet<>(); + Set relationships = new HashSet<>(); + SpdxModelFactory.getElements( result.getModelStore(), result.getDocumentUri(), result.getCopyManager(), SpdxPackage.class ) + .forEach( ( element ) -> { + SpdxPackage pkg = (SpdxPackage) element; + try + { + packages.add( pkg.getName().get() ); + + for ( Relationship rel : pkg.getRelationships() ) + { + relationships.add( pkg.getName().get() + "->" + rel.getRelatedSpdxElement().get().getName().get() ); + } + } + catch ( InvalidSPDXAnalysisException e ) + { + throw new RuntimeException( e ); + } + }); + + assertTrue( packages.contains( "org.spdx:spdx-maven-plugin-test" ) ); + assertTrue( packages.contains( "junit" ) ); + assertTrue( packages.contains( "hamcrest-core" ) ); + assertTrue( relationships.contains( "org.spdx:spdx-maven-plugin-test->junit" ) ); + assertTrue( relationships.contains( "junit->hamcrest-core" ) ); + } + + // -- Configure mojo loader + + private SpdxDocument runMojoWithPom( File pom ) throws Exception + { + CreateSpdxMojo mojo = (CreateSpdxMojo) lookupConfiguredMojo( readMavenProject( pom ), "createSPDX" ); + mojo.execute(); + + File artifactFile = (File) getVariableValueFromObject( mojo, "spdxFile" ); + assertTrue( artifactFile.exists() ); + String outputFormat = (String) getVariableValueFromObject( mojo, "outputFormat" ); + ISerializableModelStore modelStore = buildModelStore( outputFormat ); + ModelCopyManager copyManager = new ModelCopyManager(); + try ( InputStream is = new FileInputStream( artifactFile.getAbsolutePath() ) ) + { + String documentUri = modelStore.deSerialize( is, false ); + return new SpdxDocument( modelStore, documentUri, copyManager, false ); + } + } + + private ISerializableModelStore buildModelStore( String outputFormat ) + { + switch ( outputFormat ) + { + case "JSON": + return new MultiFormatStore( new InMemSpdxStore(), Format.JSON ); + case "RDF/XML": + return new RdfStore(); + default: + throw new IllegalArgumentException( "Unknown output format " + outputFormat ); + } + } + + @Override + protected MavenSession newMavenSession( MavenProject project ) + { + MavenExecutionRequest request = new DefaultMavenExecutionRequest(); + MavenExecutionResult result = new DefaultMavenExecutionResult(); + + MavenSession session = new MavenSession( getContainer(), createRepositorySystemSession(), request, result ); + session.setCurrentProject( project ); + session.setProjects( List.of( project ) ); + session.getRequest().setLocalRepository(createLocalArtifactRepository()); + return session; + } + + private RepositorySystemSession createRepositorySystemSession() { + DefaultServiceLocator locator = MavenRepositorySystemUtils.newServiceLocator(); + RepositorySystem repositorySystem = locator.getService( RepositorySystem.class ); + + LocalRepository localRepo = null; + try + { + localRepo = new LocalRepository( Files.createTempDirectory("tmpDirPrefix").toFile() ); + } + catch (IOException e) + { + throw new RuntimeException(e); + } + + DefaultRepositorySystemSession session = MavenRepositorySystemUtils.newSession(); + LocalRepositoryManager lrm = repositorySystem.newLocalRepositoryManager( session, localRepo ); + session.setLocalRepositoryManager( lrm ); + + return session; + } + + private ArtifactRepository createLocalArtifactRepository() { + try { + return new MavenArtifactRepository( + "local", + Files.createTempDirectory( "tmpDirPrefix" ).toString(), + new DefaultRepositoryLayout(), + new ArtifactRepositoryPolicy( true, ArtifactRepositoryPolicy.UPDATE_POLICY_ALWAYS, ArtifactRepositoryPolicy.CHECKSUM_POLICY_IGNORE ), + new ArtifactRepositoryPolicy( true, ArtifactRepositoryPolicy.UPDATE_POLICY_ALWAYS, ArtifactRepositoryPolicy.CHECKSUM_POLICY_IGNORE ) + ); + } + catch ( IOException e ) + { + throw new RuntimeException(e); + } + } + + private MavenProject readMavenProject( File pom ) + throws Exception + { + MavenExecutionRequest request = new DefaultMavenExecutionRequest(); + request.setBaseDirectory( new File( getBasedir() ) ); + ProjectBuildingRequest configuration = request.getProjectBuildingRequest(); + configuration.setResolveDependencies( true ); + configuration.setLocalRepository( createLocalArtifactRepository() ); + configuration.setRepositorySession( createRepositorySystemSession() ); + MavenProject project = lookup( ProjectBuilder.class ).build( pom, configuration ).getProject(); + Assert.assertNotNull( project ); + return project; + } + +} diff --git a/src/test/resources/unit/spdx-maven-plugin-test/json-pom-dependencies.xml b/src/test/resources/unit/spdx-maven-plugin-test/json-pom-dependencies.xml new file mode 100644 index 0000000..d3a20d9 --- /dev/null +++ b/src/test/resources/unit/spdx-maven-plugin-test/json-pom-dependencies.xml @@ -0,0 +1,107 @@ + + 4.0.0 + + org.spdx + spdx-maven-plugin-test + 1.0-SNAPSHOT + jar + Test SPDX Plugin + + + The Apache Software License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + http://spdx.org/tools + + Linux Foundation + http://www.linuxfoundation.org + + + UTF-8 + + + + + junit + junit + 4.13.1 + test + + + + + src + Test + + + resources + false + resources + + **/* + + + + META-INF + false + . + + NOTICE + LICENSE + README.txt + changelog + + + + src + + **/*.java + + + + + + Test + + **/*.java + + + + false + TestFiles + + **/* + + + + + + + org.spdx + spdx-maven-plugin + 1.0-SNAPSHOT + + + build-spdx + prepare-package + + createSPDX + + + + + target/test-classes/unit/spdx-maven-plugin-test/test.spdx.json + true + JSON + http://spdx.org/documents/spdx%20toolsv2.0%20rc1 + Apache-2.0 + true + + + + +