-
Notifications
You must be signed in to change notification settings - Fork 172
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[MDEP-799] - improve dependency:tree to add optional JSON output of the results #207
Conversation
src/main/java/org/apache/maven/plugins/dependency/tree/JSONDependencyNodeVisitor.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- why json is created manually? Maybe use FasterXML
- missing documentation, I propose separate page with output example and description
else if ( "json".equals( outputType ) ) | ||
{ | ||
return new JSONDependencyNodeVisitor( writer ); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can be replaced by switch
statement
* | ||
* @throws Exception in case of an error. | ||
*/ | ||
public void _testTreeJSONSerializing() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please write dedicated test for new class JSONDependencyNodeVisitor
Is it OK to add some dependencies? I thought you might want to keep the dependencies minimal.
OK, will add doc |
It is ok if meets: https://maven.apache.org/developers/dependency-policies.html
|
/** | ||
* Constructor. | ||
* | ||
* @param writer the writer to write to. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: no period
{ | ||
Artifact artifact = node.getArtifact(); | ||
|
||
writer.println( indentations( indent ) + "{" ); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We shouldn't be using a PrintWriter here. They swallow IOExceptions. Even if the superclass already does this, let's not make the same mistake again.
|
||
writer.println( indentations( indent ) + "{" ); | ||
indent++; | ||
String groupId = indentations( indent ) + "\"groupId\": \"" + artifact.getGroupId() + "\""; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think manually constructing the JSON is preferable to adding another library. (Some JSON libraries due have security issues.)
String[] elements = root ? new String[] { groupId, artifactId, version, type } | ||
: new String[] { groupId, artifactId, version, type, scope }; | ||
|
||
writer.print( StringUtils.join( "," + System.lineSeparator(), elements ) ); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please don't system dependent output like System.lineSeparator(). Specify the character being output.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why, a PrintWriter
will do the same?!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, and that's another reason we shouldn't be using PrintWriter
super cool feature, hope we can get it merged! |
Hey, as this PR seems stale, and I want this feature, I would implement this in a new PR. Do you prefer to use a JSON library, which one do you like, or shall I write a JSON printer myself? |
I strongly prefer no extra dependencies for this. JSON libraries in particular are a world of security bugs, unmaintained code, violations of Java conventions, and overall poor design. For JSON output, writing strings is straight-forward. A library shouldn't be necessary to implement this. Possibly tests (and only tests) might want to parse the JSON, and for that a library would be helpful. Do not use Jackson. javax.json or perhaps GSON might be OK. |
GSON is superseded already. |
By what? |
What makes you think that "gson is superseded"? |
There is a while post about it. |
Where? |
Searching, it was from the original authors, maybe even Kevin Bourillion. |
AFAIK, GSON was "just" moved out from Google umbrella, and is in maintenance mode, as it is feature complete (or something, dunno, guessing), but the project is quite lively and have regular releases and fixes. |
While I was at Google, I did successfully lobby to get GSON adopted and officially supported by the Java core libraries team. This was part of my then day job managing dependencies for the Google Cloud Java client libraries, which depended quite heavily on GSON. That was a couple of years ago. Things might have changed since, but anything you heard about the project pre-2021 is certainly out of date. |
feature complete under another PR |
Following this checklist to help us incorporate your
contribution quickly and easily:
for the change (usually before you start working on it). Trivial changes like typos do not
require a JIRA issue. Your pull request should address just this issue, without
pulling in other changes.
[MDEP-XXX] - Fixes bug in ApproximateQuantiles
,where you replace
MDEP-XXX
with the appropriate JIRA issue. Best practiceis to use the JIRA issue title in the pull request title and in the first line of the
commit message.
mvn clean verify
to make sure basic checks pass. A more thorough check willbe performed on your pull request automatically.
mvn -Prun-its clean verify
).If your pull request is about ~20 lines of code you don't need to sign an
Individual Contributor License Agreement if you are unsure
please ask on the developers list.
(I'm Apache Member and I've signed ICLA)
To make clear that you license your contribution under
the Apache License Version 2.0, January 2004
you have to acknowledge this by using the following check-box.
I hereby declare this contribution to be licenced under the Apache License Version 2.0, January 2004
In any other case, please file an Apache Individual Contributor License Agreement.