Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Maven-dependency-plugin and annotations with SOURCE RetentionPolicy

In a mvn project where I am utilizing maven-dependency-plugin to detect unused dependencies, there is seemingly no dependency scope I can specify for Google's AutoValue (com.google.auto.value:auto-value) to that will convince the plugin that the dependency is being used in spite of the fact that annotations from the package are being used (e.g. @AutoValue) and the project won't build if auto-value is excluded.

Now one solution is simply adding a configuration entry to my plugin:

<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-dependency-plugin</artifactId>
    <configuration>
        <usedDependencies>
            <usedDependency>com.google.auto.value:auto-value</usedDependency>
        </usedDependencies>
    </configuration>
</plugin>

But I would be curious to know whether it's possible to configure either the maven-dependency-plugin or the dependency entry for auto-value in a way that would detect usage of the dependency per its annotations?

My suspicion is that this isn't possible because the RetentionPolicy of the annotations I'm using from auto-value are of RetentionPolicy.SOURCE and are discarded by the compiler. Is this correct?

like image 709
vpiTriumph Avatar asked Jan 13 '16 15:01

vpiTriumph


People also ask

What is difference between Maven dependency and plugin?

A plugin is an extension to Maven, something used to produce your artifact (maven-jar-plugin for an example, is used to, you guess it, make a jar out of your compiled classes and resources). A dependency is a library that is needed by the application you are building, at compile and/or test and/or runtime time.

What is the purpose of Maven dependency plugin?

The dependency plugin provides the capability to manipulate artifacts. It can copy and/or unpack artifacts from local or remote repositories to a specified location.

How do you use dependency analysis?

Analyze dependenciesFrom the main menu, select Code | Analyze Code | Dependencies. Alternatively, if you want to analyze a specific item, right-click it in the Project tool window and select Analyze | Analyze Dependencies. In the dialog that opens, specify the scope of files that you want to analyze.

How do I download dependency in Maven?

Via the Maven index, you can search for dependencies, select them and add them to your pom file. To download the index, select Windows > Preferences > Maven and enable the Download repository index updates on startup option. After changing this setting, restart Eclipse. This triggers the download of the Maven index.


1 Answers

Unfortunately, your suspicion is correct. The maven-dependency-plugin documentation specifically lists this as a concern here for source level annotations: http://maven.apache.org/shared/maven-dependency-analyzer/

Warning: Analysis is not done at source but bytecode level, then some cases are not detected (constants, annotations with source-only retention, links in javadoc) which can lead to wrong result if they are the only use of a dependency.

You can force AutoValue as used with usedDependencies as you have in your example or use the ignoredUnusedDeclaredDependencies configuration instead (which is what I did recently).

I don't believe it is possible to configure the dependency section to avoid this because maven doesn't provide a scope level that is compile only. I mark AutoValue with the provided scope to keep it out of any shaded jars I might make.

Lastly, you could write (or find if it exists) a custom dependency analyzer that takes source level annotations into account. See the documentation here http://maven.apache.org/plugins/maven-dependency-plugin/analyze-mojo.html#analyzer. Probably not worth the effort.

like image 102
Phil Avatar answered Sep 29 '22 06:09

Phil