From e6b6af27c64f427977137718bb4f74a9e24275e2 Mon Sep 17 00:00:00 2001 From: "Piotr P. Karwasz" Date: Thu, 23 Nov 2023 20:17:59 +0100 Subject: [PATCH] Add a configuration option to skip undeployed artifacts This adds a `` plugin configuration option. If set to `false`, even artifacts that do not have a deploy execution are used to generate the SBOM. Closes #430 Signed-off-by: Piotr P. Karwasz --- .../skipped/deploy-config-force/pom.xml | 50 +++++++++++++++++++ .../skipped/deploy-property-force/pom.xml | 35 +++++++++++++ src/it/makeAggregateBom/skipped/pom.xml | 2 + src/it/makeAggregateBom/verify.groovy | 18 ++++--- .../cyclonedx/maven/BaseCycloneDxMojo.java | 13 ++++- .../maven/CycloneDxAggregateMojo.java | 2 +- .../org/cyclonedx/maven/CycloneDxMojo.java | 18 ++++++- 7 files changed, 127 insertions(+), 11 deletions(-) create mode 100644 src/it/makeAggregateBom/skipped/deploy-config-force/pom.xml create mode 100644 src/it/makeAggregateBom/skipped/deploy-property-force/pom.xml diff --git a/src/it/makeAggregateBom/skipped/deploy-config-force/pom.xml b/src/it/makeAggregateBom/skipped/deploy-config-force/pom.xml new file mode 100644 index 00000000..3de8ae5b --- /dev/null +++ b/src/it/makeAggregateBom/skipped/deploy-config-force/pom.xml @@ -0,0 +1,50 @@ + + + + + 4.0.0 + + + org.cyclonedx.its + skipped + 1.0-SNAPSHOT + + deploy-config-force + + + + + org.cyclonedx + cyclonedx-maven-plugin + + false + + + + org.apache.maven.plugins + maven-deploy-plugin + 3.1.1 + + true + + + + + diff --git a/src/it/makeAggregateBom/skipped/deploy-property-force/pom.xml b/src/it/makeAggregateBom/skipped/deploy-property-force/pom.xml new file mode 100644 index 00000000..8baca03c --- /dev/null +++ b/src/it/makeAggregateBom/skipped/deploy-property-force/pom.xml @@ -0,0 +1,35 @@ + + + + + 4.0.0 + + + org.cyclonedx.its + skipped + 1.0-SNAPSHOT + + deploy-property-force + + + true + false + + diff --git a/src/it/makeAggregateBom/skipped/pom.xml b/src/it/makeAggregateBom/skipped/pom.xml index 784fab36..c802c496 100644 --- a/src/it/makeAggregateBom/skipped/pom.xml +++ b/src/it/makeAggregateBom/skipped/pom.xml @@ -31,7 +31,9 @@ deploy-property + deploy-property-force deploy-config + deploy-config-force nexus-property nexus-config diff --git a/src/it/makeAggregateBom/verify.groovy b/src/it/makeAggregateBom/verify.groovy index ec101a43..3629ae92 100644 --- a/src/it/makeAggregateBom/verify.groovy +++ b/src/it/makeAggregateBom/verify.groovy @@ -30,6 +30,8 @@ assertBomFiles("impls/target/bom", false) assertBomFiles("impls/impl-A/target/bom", false) assertBomFiles("impls/impl-B/target/bom", false) assertBomFiles("skipped/target/bom", false) +assertBomFiles("skipped/deploy-config-force/target/bom", false) +assertBomFiles("skipped/deploy-property-force/target/bom", false) assertNoBomFiles("skipped/deploy-config/target/bom") assertNoBomFiles("skipped/deploy-property/target/bom") @@ -38,16 +40,16 @@ assertNoBomFiles("skipped/nexus-property/target/bom") var buildLog = new File(basedir, "build.log").text -assert 13 == (buildLog =~ /\[INFO\] CycloneDX: Resolving Dependencies/).size() +assert 17 == (buildLog =~ /\[INFO\] CycloneDX: Resolving Dependencies/).size() assert 2 == (buildLog =~ /\[INFO\] CycloneDX: Resolving Aggregated Dependencies/).size() -// 15 = 7 modules for main cyclonedx-makeAggregateBom execution +// 19 = 9 modules for main cyclonedx-makeAggregateBom execution // + 1 for root module cyclonedx-makeAggregateBom-root-only execution -// + 7 modules for additional cyclonedx-makeBom execution -assert 15 == (buildLog =~ /\[INFO\] CycloneDX: Writing and validating BOM \(XML\)/).size() -assert 15 == (buildLog =~ /\[INFO\] CycloneDX: Writing and validating BOM \(JSON\)/).size() -// cyclonedx-makeAggregateBom-root-only execution skips 5 non-root modules -assert 6 == (buildLog =~ /\[INFO\] Skipping CycloneDX on non-execution root/).size() +// + 9 modules for additional cyclonedx-makeBom execution +assert 19 == (buildLog =~ /\[INFO\] CycloneDX: Writing and validating BOM \(XML\)/).size() +assert 19 == (buildLog =~ /\[INFO\] CycloneDX: Writing and validating BOM \(JSON\)/).size() +// cyclonedx-makeAggregateBom-root-only execution skips 7 non-root modules +assert 8 == (buildLog =~ /\[INFO\] Skipping CycloneDX on non-execution root/).size() // [WARNING] artifact org.cyclonedx.its:api:xml:cyclonedx:1.0-SNAPSHOT already attached, replace previous instance assert 0 == (buildLog =~ /-SNAPSHOT already attached, replace previous instance/).size() @@ -72,6 +74,8 @@ assertBomEqualsNonAggregate("util/target/bom") assertBomEqualsNonAggregate("impls/target/bom") assertBomEqualsNonAggregate("impls/impl-A/target/bom") assertBomEqualsNonAggregate("impls/impl-B/target/bom") +assertBomEqualsNonAggregate("skipped/deploy-config-force/target/bom") +assertBomEqualsNonAggregate("skipped/deploy-property-force/target/bom") // dependencies for root component in makeAggregateBom is the list of modules String bom = new File(basedir, 'target/bom.xml').text diff --git a/src/main/java/org/cyclonedx/maven/BaseCycloneDxMojo.java b/src/main/java/org/cyclonedx/maven/BaseCycloneDxMojo.java index 34ba8a08..ff304ea6 100644 --- a/src/main/java/org/cyclonedx/maven/BaseCycloneDxMojo.java +++ b/src/main/java/org/cyclonedx/maven/BaseCycloneDxMojo.java @@ -278,9 +278,18 @@ protected boolean shouldSkip() { return Boolean.parseBoolean(System.getProperty("cyclonedx.skip", Boolean.toString(skip))); } + protected String getSkipReason() { + return null; + } + public void execute() throws MojoExecutionException { if (shouldSkip()) { - getLog().info("Skipping CycloneDX"); + final String skipReason = getSkipReason(); + if (skipReason != null) { + getLog().info("Skipping CycloneDX goal, because " + skipReason); + } else { + getLog().info("Skipping CycloneDX goal"); + } return; } logParameters(); @@ -490,7 +499,7 @@ protected void populateComponents(final Set topLevelComponents, final Ma * * @return Component.Scope - REQUIRED, OPTIONAL or null if it cannot be determined * - * @see detectUnusedForOptionalScope + * @see #detectUnusedForOptionalScope */ private Component.Scope getComponentScope(Artifact artifact, ProjectDependencyAnalysis projectDependencyAnalysis) { if (detectUnusedForOptionalScope) { diff --git a/src/main/java/org/cyclonedx/maven/CycloneDxAggregateMojo.java b/src/main/java/org/cyclonedx/maven/CycloneDxAggregateMojo.java index 7675b403..ea5296f8 100644 --- a/src/main/java/org/cyclonedx/maven/CycloneDxAggregateMojo.java +++ b/src/main/java/org/cyclonedx/maven/CycloneDxAggregateMojo.java @@ -91,7 +91,7 @@ protected boolean shouldExclude(MavenProject mavenProject) { if (excludeTestProject && mavenProject.getArtifactId().contains("test")) { shouldExclude = true; } - if (!BaseCycloneDxMojo.isDeployable(mavenProject)) { + if (skipNotDeployed && !BaseCycloneDxMojo.isDeployable(mavenProject)) { shouldExclude = true; } return shouldExclude; diff --git a/src/main/java/org/cyclonedx/maven/CycloneDxMojo.java b/src/main/java/org/cyclonedx/maven/CycloneDxMojo.java index 44f3b38e..981708f2 100644 --- a/src/main/java/org/cyclonedx/maven/CycloneDxMojo.java +++ b/src/main/java/org/cyclonedx/maven/CycloneDxMojo.java @@ -47,6 +47,14 @@ ) public class CycloneDxMojo extends BaseCycloneDxMojo { + /** + * Only runs this goal if the module does not skip deploy. + * + * @since 2.8.0 + */ + @Parameter(property = "cyclonedx.skipNotDeployed", defaultValue = "true", required = false) + protected boolean skipNotDeployed = true; + /** * Specify the Maven project dependency analyzer to use (plexus component role-hint). By default, * maven-dependency-analyzer's one @@ -97,7 +105,15 @@ protected ProjectDependencyAnalysis doProjectDependencyAnalysis(final MavenProje @Override protected boolean shouldSkip() { // The list of artifacts would be empty - return super.shouldSkip() || !isDeployable(getProject()); + return super.shouldSkip() || skipNotDeployed && !isDeployable(getProject()); + } + + @Override + protected String getSkipReason() { + if (super.shouldSkip()) { + return super.getSkipReason(); + } + return "module skips deploy"; } protected String extractComponentsAndDependencies(final Set topLevelComponents, final Map components, final Map dependencies) throws MojoExecutionException {