spdx
Support aggregation (multi-module)
when I used the plugin in a multi-module project,the terminal print the error message below:
'[ERROR] Failed to execute goal on project curator-client: Could not resolve dependencies for project org.apache.curator:curator-client:bundle:5.4.0-SNAPSHOT: Failure to find org.apache.curator:curator-test:jar:5.4.0-SNAPSHOT in https://repository.apache.org/snapshots was cached in the local repository, resolution will not be reattempted until the update interval of apache.snapshots has elapsed or updates are forced -> [Help 1]'
'curator-client' and 'curator-test' are both the module of the project.I can not find the cause of this error. I hope you can give an answer when you are free.Thanks
@xwx666666 - I recall multi-module not working when I originally wrote the plugin. I'll take a look and see if I can recall what needs to be fixed sometime this week.
OK, thank you for your reply. And will this plugin support multi-module project in the future?
I just tested a very simple test multi-module POM file and it (mostly) worked.
The one issue I found was if the parent POM file generates an SPDX file, it does not include the sub-project information in the SPDX document.
The POM files are in my repo at https://github.com/goneall/spdx-java-aggregator
The results of the prepare-package goal which executes the spdx-maven-plugin are:
- SPDX files are generated for any sub-project that includes the plugin in the build plugins list
- An SPDX file is created for the parent POM file if the plugin is listed in the build plugins list
- The parameters for the plugin are appropriately inherited from the parent POM file
@xwx666666 It looks like the issue you ran into is different from the multi-module support.
I just checked the referenced https://repository.apache.org/content/groups/snapshots/org/apache/curator/curator-client/ and version 5.4.0 is not present - it looks like that may be the issue rather than an issue related to the spdx-maven-plugin. Let me know if you agree.
I used the plugin in the project https://github.com/apache/curator in order to test whether it is effective under complex multi-module project.And the version of the plugin I used is 0.5.5.
In such a test environment, the previously mentioned error occurred.
Later,I found that the error would not occur when I executed 'mvn install' before 'mvn spdx:createSPDX'.
I think the cause of the problem may be one module depdends on another module which is not in the local maven repository.
I hope to hear your analysis and solutions. Thank you very much.
Later,I found that the error would not occur when I executed 'mvn install' before 'mvn spdx:createSPDX'.
Based on this, it sounds like the error is a result of the Maven environment and not related to this plugin. the mvn install will create local caches of the project which then makes it available to other maven dependencies. I have the same issue when testing maven dependencies for versions I have not yet published to maven central.
Thank you,I got it.But if I want to use the plugin effectively in my project which contains some dependencies that are not yet pulished,how can I do?
But if I want to use the plugin effectively in my project which contains some dependencies that are not yet pulished,how can I do?
I may not be understanding the issue - I would expect you would run into this without the plugin when attempting to build the project.
Is the error showing up while building the SPDX file? Can you include more of the output? If you could run the command with the -X option to produce the debug output, you can attach the output as a file.
Before, I had to execute 'install' and then execute 'spdx: createSPDX' to build successfully, because some modules depend on unpublished projects (not in the maven center or local cache).
My problem : if the dependency module has not been published yet and I do not want to use the method of executing 'install' first,what should I do if I need to successfully use the plugin?
My problem : if the dependency module has not been published yet and I do not want to use the method of executing 'install' first,what should I do if I need to successfully use the plugin?
Is the "install" executed from the same POM file that includes the SPDX project? If so, is the SPDX file also created during the install?
Sorry.This is a problem about my maven environment,not about this plugin.I have sovled it.
By the way,will this plugin support aggregation of ouput content of multi-module project in the future(summarize the output results of multiple modules in one file)? And What data format should this summary file have?
By the way,will this plugin support aggregation of ouput content of multi-module project in the future(summarize the output results of multiple modules in one file)? And What data format should this summary file have?
One way to handle aggregating the files is to have the top level be an SPDX document which "contains" references to the modules each would have their own SPDX document.
I don't have any plans in the near future to implement this as the current functionality captures al the modules in a multi-module POM file.
Thanks,I will have a try.And is there any official format for a single aggregation file of a multi-module project?
And is there any official format for a single aggregation file of a multi-module project?
No single official format, but you can check out the SPDX examples to see different recommended approaches for different scenarios. I don't think there is any example for multi-module project, however.