Finding out dependencies of an artifact is easy, but what about dependents? Who is depending on the artifact? That is a common problem when working with Java. The answer is needed in order to, among other things, automate build flows. This is one way of doing it that will work with anything (Maven, Gradle, ...) that is published to a Maven repository like Nexus or Bintray.
I developed 3 tools:
- Pom Downloader
Given a groupId, it will download all pom-files withing that group.
- Pom Dependency Analyzer
Will analyze a pom-file and output the effective dependencies, groupId, artifactId, version. Also update all dependencies to have its dependents refer to the dependency.
- Pom Dependency Analyzer Web
Will transform the output of Pom Dependency Analyzer to a static REST API that can be deployed on a static web server, like Github pages: https://tomasbjerre.github.io/pom-dependency-analyzer-web/
Check the README:s of each tool to get the accurate features and commands. I see 2 main use cases that I wanted to solve:
Have a browsable website, that is automatically updated, that shows:
- What artifacts are being produced within an organization.
- Their effective dependencies, including transitives.
- Their dependents, artifacts that have them as dependency.
Have, instantly updated, lists of dependents of each artifact. So that:
- Whenever an artifact is built, you can know what other artifacts needs to be verified against the newly changed artifact.
- Where, probably Git reposiroties, to find these dependent artifacts.
The first use case is solved by:
- Running Pom Downloader in a scheduled job
- Running Pom Dependency Analyzer on each pom downloaded from first step
- Running Pom Dependency Analyzer Web on the output of second step
The second use case is solved by:
- Running Pom Dependency Analyzer on each newly produced artifact, snapshot-jobs and release-jobs.
I'm storing output of Pom Dependency Analyzer in a shared folder but you might want to store it in its own Git repository.
I have my example running here: https://tomasbjerre.github.io/pom-dependency-analyzer-web/
So that you can view dependents of a specific version like this: https://tomasbjerre.github.io/pom-dependency-analyzer-web/#/groupId/se.bjurr.violations/artifactId/violation-comments-lib/version/1.95