diff --git a/src/it/advanced/pom.xml b/src/it/advanced/pom.xml
index 66fb7e8..195a2c6 100644
--- a/src/it/advanced/pom.xml
+++ b/src/it/advanced/pom.xml
@@ -144,7 +144,7 @@
junit
junit
- 4.13.1
+ 4.13.2
test
diff --git a/src/it/simple-aggregate-it/pom.xml b/src/it/simple-aggregate-it/pom.xml
new file mode 100644
index 0000000..e40558e
--- /dev/null
+++ b/src/it/simple-aggregate-it/pom.xml
@@ -0,0 +1,56 @@
+
+
+ 4.0.0
+
+ org.spdx.it
+ simple-aggregate-it
+ 1.0-SNAPSHOT
+
+ A simple IT verifying the basic use case.
+ pom
+
+
+ UTF-8
+ 11
+
+
+
+
+ commons-collections
+ commons-collections
+ 3.2.2
+
+
+ junit
+ junit
+ 4.13.2
+ test
+
+
+
+ ../advanced
+
+
+
+
+
+ @project.groupId@
+ @project.artifactId@
+ @project.version@
+
+
+ build-spdx
+
+ aggregateSPDX
+
+
+
+
+
+ maven-compiler-plugin
+ 3.11.0
+
+
+
+
diff --git a/src/it/simple-aggregate-it/src/main/java/simple/Simple.java b/src/it/simple-aggregate-it/src/main/java/simple/Simple.java
new file mode 100644
index 0000000..d542d93
--- /dev/null
+++ b/src/it/simple-aggregate-it/src/main/java/simple/Simple.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2014 Source Auditor Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package simple;
+
+public class Simple
+{
+ public static void main(String[] args)
+ {
+ System.out.println( "Hello World!");
+ }
+}
diff --git a/src/it/simple-aggregate-it/src/test/java/SimpleTest.java b/src/it/simple-aggregate-it/src/test/java/SimpleTest.java
new file mode 100644
index 0000000..8991c39
--- /dev/null
+++ b/src/it/simple-aggregate-it/src/test/java/SimpleTest.java
@@ -0,0 +1,27 @@
+/*
+ * Copyright 2014 Source Auditor Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package simple;
+
+import org.junit.Test;
+
+public class SimpleTest
+{
+ @Test
+ public void test()
+ {
+
+ }
+}
diff --git a/src/it/simple-aggregate-it/verify.groovy b/src/it/simple-aggregate-it/verify.groovy
new file mode 100644
index 0000000..2f8f2cb
--- /dev/null
+++ b/src/it/simple-aggregate-it/verify.groovy
@@ -0,0 +1,3 @@
+File spdxFile = new File( basedir, "target/site/org.spdx.it_simple-aggregate-it-1.0-SNAPSHOT.spdx.json" );
+
+assert spdxFile.isFile()
diff --git a/src/main/java/org/spdx/maven/AggregateSpdxMojo.java b/src/main/java/org/spdx/maven/AggregateSpdxMojo.java
new file mode 100644
index 0000000..a073142
--- /dev/null
+++ b/src/main/java/org/spdx/maven/AggregateSpdxMojo.java
@@ -0,0 +1,61 @@
+package org.spdx.maven;
+
+import org.apache.maven.plugins.annotations.LifecyclePhase;
+import org.apache.maven.plugins.annotations.Mojo;
+import org.apache.maven.project.DefaultProjectBuildingRequest;
+import org.apache.maven.project.MavenProject;
+import org.apache.maven.project.ProjectBuildingRequest;
+import org.apache.maven.shared.dependency.graph.DependencyGraphBuilderException;
+import org.apache.maven.shared.dependency.graph.DependencyNode;
+
+import org.spdx.core.InvalidSPDXAnalysisException;
+import org.spdx.maven.utils.AbstractDependencyBuilder;
+import org.spdx.maven.utils.AbstractDocumentBuilder;
+import org.spdx.maven.utils.LicenseMapperException;
+import org.spdx.maven.utils.SpdxV2DependencyBuilder;
+import org.spdx.maven.utils.SpdxV2DocumentBuilder;
+import org.spdx.maven.utils.SpdxV3DependencyBuilder;
+import org.spdx.maven.utils.SpdxV3DocumentBuilder;
+
+
+import java.util.List;
+import java.util.Arrays;
+
+@Mojo( name = "aggregateSPDX",
+ defaultPhase = LifecyclePhase.VERIFY,
+ requiresOnline = true,
+ threadSafe = true )
+public class AggregateSpdxMojo extends CreateSpdxMojo {
+
+ @Override
+ protected void buildSpdxDependencyInformation( AbstractDocumentBuilder builder, OutputFormat outputFormatEnum )
+ throws DependencyGraphBuilderException, LicenseMapperException, InvalidSPDXAnalysisException {
+ AbstractDependencyBuilder dependencyBuilder;
+ if ( builder instanceof SpdxV3DocumentBuilder)
+ {
+ dependencyBuilder = new SpdxV3DependencyBuilder( ( SpdxV3DocumentBuilder ) builder, createExternalRefs,
+ generatePurls, useArtifactID, includeTransitiveDependencies );
+ }
+ else
+ {
+ dependencyBuilder = new SpdxV2DependencyBuilder( ( SpdxV2DocumentBuilder ) builder, createExternalRefs,
+ generatePurls, useArtifactID, includeTransitiveDependencies );
+ }
+ if ( session != null )
+ {
+ List projects = session.getAllProjects(); //includes the current project
+ if ( !projects.isEmpty() )
+ {
+ getLog().info( "List of projects that will be aggregated into one file: "
+ + Arrays.toString( projects.toArray() ) );
+ for ( MavenProject project : projects )
+ {
+ ProjectBuildingRequest request = new DefaultProjectBuildingRequest( session.getProjectBuildingRequest() );
+ request.setProject( project );
+ DependencyNode parentNode = dependencyGraphBuilder.buildDependencyGraph( request, null );
+ dependencyBuilder.addMavenDependencies( mavenProjectBuilder, session, project, parentNode, builder.getProjectPackage() );
+ }
+ }
+ }
+ }
+}
diff --git a/src/main/java/org/spdx/maven/CreateSpdxMojo.java b/src/main/java/org/spdx/maven/CreateSpdxMojo.java
index 400a1b2..831e52f 100644
--- a/src/main/java/org/spdx/maven/CreateSpdxMojo.java
+++ b/src/main/java/org/spdx/maven/CreateSpdxMojo.java
@@ -117,13 +117,13 @@ public class CreateSpdxMojo extends AbstractMojo
private MavenProjectHelper projectHelper;
@Component
- private ProjectBuilder mavenProjectBuilder;
+ protected ProjectBuilder mavenProjectBuilder;
@Component
- private MavenSession session;
+ protected MavenSession session;
@Component(hint = "default")
- private DependencyGraphBuilder dependencyGraphBuilder;
+ protected DependencyGraphBuilder dependencyGraphBuilder;
// Parameters for the plugin
/**
@@ -460,7 +460,7 @@ public class CreateSpdxMojo extends AbstractMojo
* @since 0.6.3
*/
@Parameter( defaultValue = "true" )
- private boolean createExternalRefs;
+ protected boolean createExternalRefs;
/**
* If true, all transitive dependencies will be included in the SPDX document. If false,
@@ -469,7 +469,7 @@ public class CreateSpdxMojo extends AbstractMojo
* @since 0.6.3
*/
@Parameter( defaultValue = "true" )
- private boolean includeTransitiveDependencies;
+ protected boolean includeTransitiveDependencies;
/**
* Skip goal execution.
@@ -484,14 +484,14 @@ public class CreateSpdxMojo extends AbstractMojo
* Otherwise, ${project.name} will be used
*/
@Parameter( property = "spdx.useArtifactID" )
- private boolean useArtifactID;
+ protected boolean useArtifactID;
/**
* If true, adds an external reference to every package with category "PACKAGE-MANAGER", type "purl"
* and locator "pkg:maven/${project.groupId}/${project.artifactId}@${project.version}".
*/
@Parameter( property = "spdx.generatePurls" )
- private boolean generatePurls = true;
+ protected boolean generatePurls = true;
public void execute() throws MojoExecutionException
{
@@ -662,7 +662,7 @@ private AbstractDocumentBuilder initSpdxDocumentBuilder( OutputFormat outputForm
* @throws LicenseMapperException on errors related to mapping Maven licenses to SPDX licenses
* @throws InvalidSPDXAnalysisException on SPDX parsing errors
*/
- private void buildSpdxDependencyInformation( AbstractDocumentBuilder builder, OutputFormat outputFormatEnum )
+ protected void buildSpdxDependencyInformation( AbstractDocumentBuilder builder, OutputFormat outputFormatEnum )
throws LicenseMapperException, InvalidSPDXAnalysisException, DependencyGraphBuilderException
{
AbstractDependencyBuilder dependencyBuilder;
diff --git a/src/main/java/org/spdx/maven/utils/AbstractDependencyBuilder.java b/src/main/java/org/spdx/maven/utils/AbstractDependencyBuilder.java
index 3ea9153..6d005ea 100644
--- a/src/main/java/org/spdx/maven/utils/AbstractDependencyBuilder.java
+++ b/src/main/java/org/spdx/maven/utils/AbstractDependencyBuilder.java
@@ -7,6 +7,7 @@
import java.io.File;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
+import java.util.HashSet;
import java.util.List;
import java.util.Objects;
@@ -41,6 +42,7 @@ public abstract class AbstractDependencyBuilder
protected boolean generatePurls;
protected boolean useArtifactID;
protected boolean includeTransitiveDependencies;
+ private final HashSet usedDependencies = new HashSet<>();
DateFormat format = new SimpleDateFormat( SpdxConstantsCompatV2.SPDX_DATE_FORMAT );
/**
@@ -74,12 +76,22 @@ public void addMavenDependencies( ProjectBuilder mavenProjectBuilder, MavenSessi
CoreModelObject pkg ) throws LicenseMapperException, InvalidSPDXAnalysisException
{
List children = node.getChildren();
-
logDependencies( children );
+ String name = "";
for ( DependencyNode childNode : children )
{
- addMavenDependency( pkg, childNode, mavenProjectBuilder, session, mavenProject );
+ name = String.format( "%s:%s:%s", childNode.getArtifact().getGroupId(),
+ childNode.getArtifact().getArtifactId(), childNode.getArtifact().getVersion() );
+ //To keep the repetition-check at O(1)
+ if ( usedDependencies.add( name ) )
+ {
+ addMavenDependency( pkg, childNode, mavenProjectBuilder, session, mavenProject );
+ }
+ else
+ {
+ LOG.info( "Duplicate dependency occurred for " + name );
+ }
}
}