Ivy CLI Detector: Transitive Dependency Support#1655
Ivy CLI Detector: Transitive Dependency Support#1655zahidblackduck wants to merge 11 commits intomasterfrom
Conversation
zahidblackduck
changed the title
zahidblackduck
requested review from
bd-samratmuk,
devmehtabd,
dterrybd,
shantyk and
sig-abyreddy
| If `ivy:dependencytree` is unavailable, [detect_product_short] will default to the Ivy Build Parse Detector, which extracts dependencies by parsing the `ivy.xml` file. | ||
|
|
||
| * Parses `ivy.xml` for direct dependency declarations only. Transitive dependencies are not resolved. | ||
| * Extracts the project's name and version from `build.xml`. If missing, it defers to values derived by git, from the project's directory, or defaults. |
There was a problem hiding this comment.
Suggestion:
- Extracts the project name and version from
build.xml. If the project name or version is missing, the values are derived via Git from the project's directory or defaults.
| ### New features | ||
|
|
||
| * Support for the Conda Tree–based detector has been added. For more details, see [Conda Tree](packagemgrs/conda.md#conda-tree-detector). | ||
| * Ivy CLI Detector, leveraging the `ivy:dependencytree` Ant task to extract direct and transitive dependencies for Ant + Ivy projects. Falls back to the Ivy Build Parse Detector if the task is not present in `build.xml`. For further information, see [Ivy (Ant) support](packagemgrs/ivy.md). |
There was a problem hiding this comment.
I'd suggest leaving this part out of the release notes as you have this information in the ivy.md page:
"Falls back to the Ivy Build Parse Detector if the task is not present in build.xml."
| @Override | ||
| public DetectableResult applicable() { | ||
| Requirements requirements = new Requirements(fileFinder, environment); | ||
| ivyXmlFile = requirements.file(IVY_XML_FILENAME); |
There was a problem hiding this comment.
This requires ivy.xml to exist in the project root as a precondition for applicability, but the extraction phase never actually reads it. It relies entirely on running ant which lets Ivy resolve the descriptor internally based on the project's own ivysettings.xml or build.xml configuration. This means projects that keep their Ivy module descriptor at a non-standard path (e.g., config/ivy-deps.xml) or under a different filename will have a fully working ivy:dependencytree target but the detector won't trigger. This is a rare edge case since the overwhelming majority of Ivy projects use the conventional ivy.xml in the root, and requiring it is a reasonable heuristic to confirm the project is Ivy-based but this assumption and its limitation should be documented.
There was a problem hiding this comment.
Thanks Samrat for the suggestion. It is indeed an edge case but a possibility too. Nonetheless, we should document it. I should further investigate it and create a separate PR if the doc change is required.
5 participants
JIRA Ticket
IDETECT-4963
Description
This merge request introduces a new Ivy CLI Detector that resolves transitive dependencies for Apache Ant + Ivy projects by leveraging the
ivy:dependencytreetask. Previously, all the dependencies were reported as direct dependencies by the existingLOWaccuracy Ivy Build Parse Detector regardless they were transitive dependencies or not..The new detector executes
ant <targetName>to generate a complete dependency tree, then parses the hierarchical structure to identify direct dependencies, transitive dependencies, and parent-child relationships.Requirements
ivy:dependencytreetask inbuild.xmlImplementation
The detector automatically discovers the
ivy:dependencytreetarget inbuild.xmland executes it. If not found, detection falls back to the existingxmlparsing based Ivy Build Parse Detector (direct dependencies only).User Action Required
Add the
ivy:dependencytreetarget tobuild.xml:This is required to generate the dependency tree for parsing.
New Detect Properties
detect.ant.path=<path>- Specifies theantexecutable path (optional)