Merge pull request #278 from CycloneDX/bundle

don't fail on dependencies with bundle packaging
CycloneDX · Feb 13, 2023 · d31d26a · d31d26a
2 parents e8f3762 + 0665b1a
commit d31d26a
Show file tree

Hide file tree

Showing 3 changed files with 107 additions and 3 deletions.
diff --git a/src/main/java/org/cyclonedx/maven/DefaultModelConverter.java b/src/main/java/org/cyclonedx/maven/DefaultModelConverter.java
@@ -139,8 +139,11 @@ public Component convert(Artifact artifact, CycloneDxSchema.Version schemaVersio
                     extractComponentMetadata(project, component, schemaVersion, includeLicenseText);
                 }
             } catch (ProjectBuildingException e) {
-                logger.warn("An unexpected issue occurred attempting to resolve the effective pom for  "
-                        + artifact.getGroupId() + ":" + artifact.getArtifactId() + ":" + artifact.getVersion(), e);
+                if (logger.isDebugEnabled()) {
+                    logger.warn("Unable to create Maven project for " + artifact.getId() + " from repository.", e);
+                } else {
+                    logger.warn("Unable to create Maven project for " + artifact.getId() + " from repository.");
+                }
             }
         }
         return component;
@@ -238,7 +241,7 @@ private void extractComponentMetadata(MavenProject project, Component component,
     private MavenProject getEffectiveMavenProject(final Artifact artifact) throws ProjectBuildingException {
         final Artifact pomArtifact = repositorySystem.createProjectArtifact(artifact.getGroupId(), artifact.getArtifactId(), artifact.getVersion());
         final ProjectBuildingResult build = mavenProjectBuilder.build(pomArtifact,
-                session.getProjectBuildingRequest().setValidationLevel(ModelBuildingRequest.VALIDATION_LEVEL_MINIMAL)
+                session.getProjectBuildingRequest().setValidationLevel(ModelBuildingRequest.VALIDATION_LEVEL_MINIMAL).setProcessPlugins(false)
         );
         return build.getProject();
     }

diff --git a/src/test/java/org/cyclonedx/maven/BundleDependencyTest.java b/src/test/java/org/cyclonedx/maven/BundleDependencyTest.java
@@ -0,0 +1,43 @@
+package org.cyclonedx.maven;
+
+import static io.takari.maven.testing.TestResources.assertFilesPresent;
+import static org.junit.Assert.assertTrue;
+
+import java.io.File;
+import java.io.IOException;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import io.takari.maven.testing.executor.MavenRuntime.MavenRuntimeBuilder;
+import io.takari.maven.testing.executor.MavenVersions;
+import io.takari.maven.testing.executor.junit.MavenJUnitTestRunner;
+
+/**
+ * test for https://github.com/CycloneDX/cyclonedx-maven-plugin/issues/272
+ * dependency has a bundle packaging which causes Maven's ProjectBuildingException
+ */
+@RunWith(MavenJUnitTestRunner.class)
+@MavenVersions({"3.6.3"})
+public class BundleDependencyTest extends BaseMavenVerifier {
+
+    public BundleDependencyTest(MavenRuntimeBuilder runtimeBuilder) throws Exception {
+        super(runtimeBuilder);
+    }
+
+    @Test
+    public void testBundleDependencyDebug() throws Exception {
+        File projDir = resources.getBasedir("bundle");
+
+        verifier
+                .forProject(projDir)
+                .withCliOption("-Dcurrent.version=" + getCurrentVersion()) // inject cyclonedx-maven-plugin version
+                .withCliOption("-B")
+                .withCliOption("-X") // debug, will print the full stacktrace with error message if there is any model building issue
+                .execute("clean", "verify")
+                .assertErrorFreeLog();
+
+        String bomContents = fileRead(new File(projDir, "target/bom.json"), true);
+        assertTrue(bomContents.contains("\"description\" : \"snappy-java: A fast compression/decompression library\""));
+    }
+}
diff --git a/src/test/resources/bundle/pom.xml b/src/test/resources/bundle/pom.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>com.example</groupId>
+    <artifactId>issue-272</artifactId>
+    <packaging>jar</packaging>
+    <version>1.0.0</version>
+
+    <name>Issue-272: dependency with bundle packaging cause Maven ProjectBuildingException</name>
+
+    <licenses>
+        <license>
+            <name>Apache-2.0</name>
+            <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+        </license>
+    </licenses>
+
+    <properties>
+        <maven.compiler.source>1.8</maven.compiler.source>
+        <maven.compiler.target>1.8</maven.compiler.target>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+    </properties>
+
+    <dependencies>
+        <dependency><!-- has bundle packaging https://repo.maven.apache.org/maven2/org/xerial/snappy/snappy-java/1.1.8.4/snappy-java-1.1.8.4.pom -->
+            <groupId>org.xerial.snappy</groupId>
+            <artifactId>snappy-java</artifactId>
+            <version>1.1.8.4</version>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.cyclonedx</groupId>
+                <artifactId>cyclonedx-maven-plugin</artifactId>
+                <version>${current.version}</version>
+                <executions>
+                    <execution>
+                        <phase>verify</phase>
+                        <goals>
+                            <goal>makeBom</goal>
+                        </goals>
+                    </execution>
+                </executions>
+                <configuration>
+                    <outputFormat>json</outputFormat>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>