[MDEP-317] - add mojo to analyze invalid exclusions

This mojo reports if exclusions are defined on a dependency, but that dependency does not pull in said artifacts.

Author: vbreivik

pom.xml

@@ -326,6 +326,13 @@ under the License.
       <scope>test</scope>
     </dependency>
 
+    <dependency>
+      <groupId>org.assertj</groupId>
+      <artifactId>assertj-core</artifactId>
+      <version>3.24.2</version>
+      <scope>test</scope>
+    </dependency>
+
     <!-- Remove once deprecated code has been replaced/removed  -->
     <dependency>
       <groupId>org.apache.maven</groupId>

src/it/projects/analyze-invalid-exclude/invoker.properties

@@ -0,0 +1,18 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+# 
+#   http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+invoker.goals = clean ${project.groupId}:${project.artifactId}:${project.version}:analyze-exclusions

src/it/projects/analyze-invalid-exclude/pom.xml

@@ -0,0 +1,95 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one
+  ~ or more contributor license agreements.  See the NOTICE file
+  ~ distributed with this work for additional information
+  ~ regarding copyright ownership.  The ASF licenses this file
+  ~ to you under the Apache License, Version 2.0 (the
+  ~ "License"); you may not use this file except in compliance
+  ~ with the License.  You may obtain a copy of the License at
+  ~
+  ~   http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <groupId>org.apache.maven.its.dependency</groupId>
+  <artifactId>test</artifactId>
+  <version>1.0-SNAPSHOT</version>
+
+  <name>Test</name>
+  <description>
+    Test dependency:analyze-exclusion
+  </description>
+
+  <properties>
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+  </properties>
+
+  <dependencies>
+    <dependency>
+      <groupId>org.apache.maven</groupId>
+      <artifactId>maven-project</artifactId>
+      <version>2.0.6</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.maven</groupId>
+      <artifactId>maven-artifact</artifactId>
+      <version>2.0.6</version>
+      <exclusions>
+        <exclusion>
+          <groupId>javax.annotation</groupId>
+          <artifactId>javax.annotation-api</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>javax.activation</groupId>
+          <artifactId>javax.activation-api</artifactId>
+        </exclusion>
+      </exclusions>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.maven</groupId>
+      <artifactId>maven-model</artifactId>
+      <version>2.0.6</version>
+    </dependency>
+  </dependencies>
+
+  <dependencyManagement>
+    <dependencies>
+      <dependency>
+        <groupId>org.apache.maven</groupId>
+        <artifactId>maven-project</artifactId>
+        <version>2.0.6</version>
+        <exclusions>
+          <exclusion>
+            <groupId>javax.inject</groupId>
+            <artifactId>javax.inject</artifactId>
+          </exclusion>
+        </exclusions>
+      </dependency>
+    </dependencies>
+  </dependencyManagement>
+
+  <build>
+    <pluginManagement>
+      <plugins>
+        <plugin>
+          <artifactId>maven-dependency-plugin</artifactId>
+          <configuration>
+           <failOnWarning>false</failOnWarning>
+          </configuration>
+        </plugin>
+      </plugins>
+    </pluginManagement>
+  </build>
+</project>

src/it/projects/analyze-invalid-exclude/src/main/java/Main.java

@@ -0,0 +1,31 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.apache.maven.artifact.Artifact;
+import org.apache.maven.artifact.repository.metadata.Metadata;
+import org.apache.maven.model.Model;
+
+public class Main
+{
+    public static final String SCOPE_COMPILE = Artifact.SCOPE_COMPILE;
+
+    public Model model = null;
+
+    public Metadata metadata = null;
+}

src/it/projects/analyze-invalid-exclude/verify.groovy

@@ -0,0 +1,31 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+File file = new File( basedir, "build.log" );
+assert file.exists();
+
+String buildLog = file.getText( "UTF-8" );
+assert buildLog.contains( '[WARNING] The following dependencies defines unnecessary excludes');
+assert buildLog.contains( '[WARNING]     org.apache.maven:maven-artifact:');
+assert buildLog.contains( '[WARNING]         - javax.annotation:javax.annotation-api');
+assert buildLog.contains( '[WARNING]         - javax.activation:javax.activation-api');
+assert buildLog.contains( '[WARNING]     org.apache.maven:maven-project:');
+assert buildLog.contains( '[WARNING]         - javax.inject:javax.inject');
+
+return true;

src/main/java/org/apache/maven/plugins/dependency/exclusion/AnalyzeExclusionsMojo.java

@@ -0,0 +1,160 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.maven.plugins.dependency.exclusion;
+
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Set;
+import java.util.function.Consumer;
+
+import org.apache.maven.artifact.Artifact;
+import org.apache.maven.execution.MavenSession;
+import org.apache.maven.model.Dependency;
+import org.apache.maven.plugin.AbstractMojo;
+import org.apache.maven.plugin.MojoExecutionException;
+import org.apache.maven.plugin.MojoFailureException;
+import org.apache.maven.plugins.annotations.Component;
+import org.apache.maven.plugins.annotations.Execute;
+import org.apache.maven.plugins.annotations.LifecyclePhase;
+import org.apache.maven.plugins.annotations.Mojo;
+import org.apache.maven.plugins.annotations.Parameter;
+import org.apache.maven.plugins.annotations.ResolutionScope;
+import org.apache.maven.project.DefaultProjectBuildingRequest;
+import org.apache.maven.project.MavenProject;
+import org.apache.maven.project.ProjectBuilder;
+import org.apache.maven.project.ProjectBuildingException;
+import org.apache.maven.project.ProjectBuildingRequest;
+import org.apache.maven.project.ProjectBuildingResult;
+
+import static java.lang.String.format;
+import static java.util.stream.Collectors.toList;
+import static java.util.stream.Collectors.toSet;
+import static org.apache.commons.lang3.StringUtils.stripToEmpty;
+import static org.apache.maven.plugins.dependency.exclusion.Coordinates.coordinates;
+
+/**
+ * Analyzes the exclusions defined on dependencies in this project and reports if any of them are invalid.
+ * <p>
+ * Relevant use case is when an artifact in a later version has removed usage of a dependency, making the exclusion no
+ * longer valid.
+ * </p>
+ * @since 3.6.2
+ */
+@Mojo(name = "analyze-exclusions", requiresDependencyResolution = ResolutionScope.TEST, threadSafe = true)
+@Execute(phase = LifecyclePhase.TEST_COMPILE)
+public class AnalyzeExclusionsMojo extends AbstractMojo {
+
+    @Component
+    private MavenProject project;
+
+    @Component
+    private ProjectBuilder projectBuilder;
+
+    @Component
+    private MavenSession session;
+
+    /**
+     * Whether to fail the build if invalid exclusions is found.
+     */
+    @Parameter(property = "failOnWarning", defaultValue = "false")
+    private boolean failOnWarning;
+
+    /**
+     * Skip plugin execution completely.
+     */
+    @Parameter(property = "mdep.skip", defaultValue = "false")
+    private boolean skip;
+
+    @Override
+    public void execute() throws MojoExecutionException, MojoFailureException {
+        if (skip) {
+            getLog().debug("Skipping execution");
+            return;
+        }
+        List<Dependency> dependenciesWithExclusions = project.getDependencies().stream()
+                .filter(dep -> !dep.getExclusions().isEmpty())
+                .collect(toList());
+
+        if (dependenciesWithExclusions.isEmpty()) {
+            getLog().debug("No dependencies defined with exclusions - exiting");
+            return;
+        }
+
+        ExclusionChecker checker = new ExclusionChecker();
+
+        for (Dependency dependency : dependenciesWithExclusions) {
+            Coordinates currentCoordinates = coordinates(dependency.getGroupId(), dependency.getArtifactId());
+            Artifact matchingArtifact = project.getArtifacts().stream()
+                    .filter(artifact -> matchesDependency(artifact, dependency))
+                    .findFirst()
+                    .orElseThrow(() -> new MojoExecutionException("TODO Bug in code?"));
+
+            ProjectBuildingResult result = buildProject(matchingArtifact);
+
+            Set<Coordinates> actualDependencies = result.getProject().getArtifacts().stream()
+                    .map(a -> coordinates(a.getGroupId(), a.getArtifactId()))
+                    .collect(toSet());
+
+            Set<Coordinates> exclusions = dependency.getExclusions().stream()
+                    .map(e -> coordinates(e.getGroupId(), e.getArtifactId()))
+                    .collect(toSet());
+
+            checker.check(currentCoordinates, exclusions, actualDependencies);
+        }
+
+        if (!checker.getViolations().isEmpty()) {
+            if (failOnWarning) {
+                logWarnings(checker.getViolations(), (value) -> getLog().error(value));
+                throw new MojoExecutionException("Invalid exclusions found");
+            } else {
+                logWarnings(checker.getViolations(), (value) -> getLog().warn(value));
+            }
+        }
+    }
+
+    private boolean matchesDependency(Artifact artifact, Dependency dependency) {
+        return Objects.equals(artifact.getGroupId(), dependency.getGroupId())
+                && Objects.equals(artifact.getArtifactId(), dependency.getArtifactId())
+                && Objects.equals(artifact.getType(), dependency.getType())
+                && Objects.equals(stripToEmpty(artifact.getClassifier()), stripToEmpty(dependency.getClassifier()));
+    }
+
+    private void logWarnings(Map<Coordinates, List<Coordinates>> violations, final Consumer<String> logger) {
+        logger.accept("The following dependencies defines unnecessary excludes");
+        violations.forEach((dependency, invalidExclusions) -> {
+            logger.accept("    " + dependency + ":");
+            invalidExclusions.forEach(invalidExclusion -> {
+                logger.accept("        - " + invalidExclusion);
+            });
+        });
+    }
+
+    private ProjectBuildingResult buildProject(Artifact artifact) throws MojoExecutionException {
+        try {
+            ProjectBuildingRequest projectBuildingRequest =
+                    new DefaultProjectBuildingRequest(session.getProjectBuildingRequest());
+            projectBuildingRequest.setResolveDependencies(true);
+            return projectBuilder.build(artifact, true, projectBuildingRequest);
+        } catch (ProjectBuildingException e) {
+            throw new MojoExecutionException(
+                    format("Failed to build project for %s:%s", artifact.getGroupId(), artifact.getArtifactId()), e);
+        }
+    }
+}