Use maven-model to parse the pom.xml and calculate paths by DavyLandman · Pull Request #2181 · usethesource/rascal

DavyLandman · 2025-03-07T08:38:14Z

This makes us more flexible and allows us to detect errors in the pom, and maybe fix them with projects in the workspace.

It also removes a whole set of maven dependencies that we recently accepted.

todo:

… building

codecov · 2025-03-07T08:42:43Z

Codecov Report

Attention: Patch coverage is 63.85350% with 227 lines in your changes missing coverage. Please review.

Project coverage is 46%. Comparing base (c81f775) to head (bde7e38).
Report is 64 commits behind head on main.

Files with missing lines	Patch %	Lines
src/org/rascalmpl/library/util/PathConfig.java	30%	40 Missing and 8 partials ⚠️
src/org/rascalmpl/util/maven/MavenParser.java	61%	35 Missing and 11 partials ⚠️
src/org/rascalmpl/util/maven/Artifact.java	69%	23 Missing and 4 partials ⚠️
src/org/rascalmpl/util/maven/Dependency.java	57%	17 Missing and 5 partials ⚠️
...scalmpl/util/maven/SimpleRepositoryDownloader.java	76%	15 Missing and 5 partials ⚠️
src/org/rascalmpl/util/maven/Util.java	62%	11 Missing and 8 partials ⚠️
src/org/rascalmpl/util/maven/SimpleResolver.java	78%	9 Missing and 3 partials ⚠️
...c/org/rascalmpl/util/maven/ArtifactCoordinate.java	70%	10 Missing and 1 partial ⚠️
.../org/rascalmpl/util/maven/ChecksumInputStream.java	75%	7 Missing ⚠️
.../rascalmpl/util/maven/SimpleWorkspaceResolver.java	68%	4 Missing and 2 partials ⚠️
... and 4 more

Additional details and impacted files

@@           Coverage Diff            @@
##              main   #2181    +/-   ##
========================================
  Coverage       46%     46%            
- Complexity    6074    6214   +140     
========================================
  Files          748     758    +10     
  Lines        62518   63070   +552     
  Branches      9338    9419    +81     
========================================
+ Hits         29170   29559   +389     
- Misses       31176   31310   +134     
- Partials      2172    2201    +29

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

jurgenvinju · 2025-03-07T13:57:45Z

+            var loc = context.pom;
+            var artifactLoc = me.getLocation("artifactId");
+            if (artifactLoc != null) {
+                loc = IRascalValueFactory.getInstance().sourceLocation(loc , 0, 0, artifactLoc.getLineNumber(), artifactLoc.getColumnNumber(), artifactLoc.getLineNumber(), artifactLoc.getColumnNumber() + 1);


This is broken. Source locations with 0,0 as offset and length are never queried for line and column information. The two have to align; as they are intended to be redundant information.

jurgenvinju · 2025-03-07T13:59:34Z

+            if (artifactLoc != null) {
+                loc = IRascalValueFactory.getInstance().sourceLocation(loc , 0, 0, artifactLoc.getLineNumber(), artifactLoc.getColumnNumber(), artifactLoc.getLineNumber(), artifactLoc.getColumnNumber() + 1);
+            }
+            messages.append(Messages.warning("I could not resolve dependency in maven repository: " + me.getGroupId() + ":" + me.getArtifactId() + ":" + me.getVersion(), loc));


The use of "I" is a style breach for rascal exceptions and error messages. "Rascal" would be better or "Rascal dependency resolution could not..."

jurgenvinju

An enormous jump in a short time. It's a lot of code but it makes all our lives a lot simpler.

jurgenvinju

I didn't see any checksum checking in this code; which is a minimum level of "security" checking for transport correctness and the absence of a man-in-the-middle attack. Of course this is not "secure" in any serious way, but it is a "bottom bar" to jump over.

…de of the maven repo

DavyLandman · 2025-03-09T15:43:03Z

Yes, we'll add checksum support. The PR is still in draft mode, there are about 10 TODOs in the code, and we also have to move the old code away.

I will however note that the checksum feature is primarily for detecting corrupted downloads. HTTPS is a better protection against mitm. Especially since the checksums aren't signed, so any MITM can also just rewrite the checksum.

jurgenvinju · 2025-03-11T09:53:16Z

I am running against mvn jar loading issues in rascal-maven-plugin. @rodinaarssen and I think that our lives will be easier once the current PR is merged. Then we have fewer maven-x projects to depend on (and shaded) and we hope that will resolve the complex issues we are running into. Groetjes! See usethesource/rascal-maven-plugin#28

…repo-from-settings

…epo-from-settings Retrieve local repo from system property or settings.xml when available

…le-improvement Using a temp file in the same directory as the target

…-scope

…nresolved

… at the pom level

…scope Implemented system scope resolving

Implemented first version of the maven extractor that only uses model…

532ba68

… building

DavyLandman added 5 commits March 7, 2025 10:37

Correctly interpret exclusions

561efce

Added download support

029e6ca

Added cycle detection to break dependency cycles

375fb78

Wrote test for the maven resolver

f54789a

Added method that does the calculation of the class path

e6b3bf9