Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[FDN-82] Maven dependencies that override the build directory #1343

Merged

Conversation

spatten
Copy link
Contributor

@spatten spatten commented Dec 12, 2023

Overview

in FDN-82, the customer has overridden the build directory for a maven project, by adding this to the pom.xml:

   <properties>
    <buildDirectory>${project.basedir}/.build</buildDirectory>
  </properties>
  <build>
      <directory>${buildDirectory}</directory>
  </build>

This is breaking the Maven PluginStrategy, as parseReactorOutput is expecting the output from execPluginReactor to be in <project base>/target (the default build directory), but it is going in <project base>/.build instead.

I fixed this by putting the output from execPluginReactor into a temp directory and telling parseReactorOutput that it's in that temp directory.

Acceptance criteria

  • You can analyze a maven project if the build directory has been overridden
  • You can analyze a maven project if the build directory has not been overridden

Testing plan

Put this in a pom.xml file in an otherwise empty directory:

<?xml version="1.0" encoding="UTF-8"?>
<project
	xmlns="http://maven.apache.org/POM/4.0.0"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<groupId>com.example</groupId>
	<artifactId>example</artifactId>
	<version>0.0.1-SNAPSHOT</version>
  <properties>
    <buildDirectory>${project.basedir}/.build</buildDirectory>
  </properties>
	<dependencies>
		<dependency>
			<groupId>com.amazonaws</groupId>
			<artifactId>aws-java-sdk-kms</artifactId>
			<version>1.11.415</version>
		</dependency>
		<dependency>
			<groupId>com.jayway.restassured</groupId>
			<artifactId>rest-assured</artifactId>
			<version>2.9.0</version>
			<scope>test</scope>
		</dependency>
	</dependencies>
  <build>
      <directory>${buildDirectory}</directory>
  </build>
</project>

Test with the build directory overridden:

make install-dev

In the directory with the pom file:

install-dev analyze --debug --output > output-with-directory-overridden.json

Now edit the pom.xml file to remove the <build> section. Analyze again:

install-dev analyze --debug --output > output-with-no-override.json

Verify that there is no difference between the two outputs:

diff output-with-directory-overridden.json output-with-no-override.json

Risks

This seems safe to me

Metrics

References

Checklist

  • I added tests for this PR's change (or explained in the PR description why tests don't make sense).
  • If this PR introduced a user-visible change, I added documentation into docs/.
  • If this PR added docs, I added links as appropriate to the user manual's ToC in docs/README.ms and gave consideration to how discoverable or not my documentation is.
  • If this change is externally visible, I updated Changelog.md. If this PR did not mark a release, I added my changes into an # Unreleased section at the top.
  • If I made changes to .fossa.yml or fossa-deps.{json.yml}, I updated docs/references/files/*.schema.json AND I have updated example files used by fossa init command. You may also need to update these if you have added/removed new dependency type (e.g. pip) or analysis target type (e.g. poetry).
  • If I made changes to a subcommand's options, I updated docs/references/subcommands/<subcommand>.md.

@spatten spatten force-pushed the FDN-82-maven-dependencies-with-non-standard-target-dir branch from 142bbf7 to 795d887 Compare December 12, 2023 04:25
@spatten spatten force-pushed the FDN-82-maven-dependencies-with-non-standard-target-dir branch from 693ebad to 0aee0d3 Compare December 12, 2023 19:25
@spatten spatten marked this pull request as ready for review December 12, 2023 19:25
@spatten spatten requested a review from a team as a code owner December 12, 2023 19:25
@spatten spatten requested a review from csasarak December 12, 2023 19:25
@csasarak
Copy link
Contributor

It's not spelled out explicitly, but is the idea here that the -DoutputDirectory=... can override the directive in pom.xml?

@spatten
Copy link
Contributor Author

spatten commented Dec 13, 2023

It's not spelled out explicitly, but is the idea here that the -DoutputDirectory=... can override the directive in pom.xml?

Yes, -DoutputDirectory sets the directory that the dependency graph is output to. I'll add a comment that says that explicitly and references the ticket

@csasarak
Copy link
Contributor

It's not spelled out explicitly, but is the idea here that the -DoutputDirectory=... can override the directive in pom.xml?

Yes, -DoutputDirectory sets the directory that the dependency graph is output to. I'll add a comment that says that explicitly and references the ticket

That's perfect, thank you!

@spatten spatten enabled auto-merge (squash) December 13, 2023 18:43
@spatten spatten merged commit f26ae90 into master Dec 13, 2023
17 checks passed
@spatten spatten deleted the FDN-82-maven-dependencies-with-non-standard-target-dir branch December 13, 2023 19:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants