java source code of DependencyResolver

start.spring.io-master
- .github
  - ISSUE_TEMPLATE
    - entry-upgrade.md
    - other.md
    - add-entry-proposal.md
    - config.yml
- CONTRIBUTING.adoc
- start-site
  - src
    - main
      - resources
        application.yml
        templates
        spring-cloud-function-build-setup-azure.mustache
        spring-cloud-function-build-setup-aws.mustache
        spring-cloud-netflix-maintenance-mode.mustache
        spring-cloud-function-build-setup-missing.mustache
        META-INF
        spring.factories
      - java
        io
        spring
        start
        site
        web
        HomeController.java
        package-info.java
        support
        CacheableDependencyManagementVersionResolver.java
        package-info.java
        project
        package-info.java
        GradleDslProjectDescriptionCustomizer.java
        ProjectDescriptionCustomizerConfiguration.java
        SpringBoot2ProjectDescriptionCustomizer.java
        JavaVersionProjectDescriptionCustomizer.java
        extension
        dependency
        springamqp
        SpringRabbitTestBuildCustomizer.java
        SpringAmqpProjectGenerationConfiguration.java
        package-info.java
        observability
        ObservabilityProjectGenerationConfiguration.java
        ObservabilityBuildCustomizer.java
        WavefrontHelpDocumentCustomizer.java
        DependencyProjectGenerationConfiguration.java
        solace
        SolaceProjectGenerationConfiguration.java
        SolaceBinderBuildCustomizer.java
        package-info.java
        springintegration
        SpringIntegrationTestBuildCustomizer.java
        package-info.java
        SpringIntegrationProjectGenerationConfiguration.java
        lombok
        LombokGradleBuildCustomizer.java
        package-info.java
        package-info.java
        springdata
        R2dbcBuildCustomizer.java
        R2dbcHelpDocumentCustomizer.java
        SpringDataProjectGenerationConfiguration.java
        package-info.java
        springsecurity
        SpringSecurityTestBuildCustomizer.java
        SpringSecurityRSocketBuildCustomizer.java
        package-info.java
        springrestdocs
        SpringRestDocsMavenBuildCustomizer.java
        SpringRestDocsGradleBuildCustomizer.java
        package-info.java
        SpringRestDocsBuildCustomizer.java
        SpringRestDocsProjectGenerationConfiguration.java
        flyway
        FlywayProjectContributor.java
        package-info.java
        springsession
        SpringSessionBuildCustomizer.java
        package-info.java
        liquibase
        package-info.java
        LiquibaseProjectContributor.java
        springbatch
        package-info.java
        SpringBatchTestBuildCustomizer.java
        springcloud
        SpringCloudStreamBuildCustomizer.java
        SpringCloudContractGradleBuildCustomizer.java
        SpringCloudContractMavenBuildCustomizer.java
        SpringCloudNetflixMaintenanceModeSection.java
        SpringCloudFunctionHelpDocumentCustomizer.java
        SpringCloudContractDirectoryProjectContributor.java
        SpringCloudProjectGenerationConfiguration.java
        SpringCloudFunctionBuildCustomizer.java
        SpringCloudNetflixMaintenanceModeHelpDocumentCustomizer.java
        package-info.java
        SpringCloudGcpBomBuildCustomizer.java
        SpringCloudProjectVersionResolver.java
        SpringCloudCircuitBreakerBuildCustomizer.java
        reactor
        package-info.java
        ReactorTestBuildCustomizer.java
        springboot
        SpringBootProjectGenerationConfiguration.java
        DevToolsGradleBuildCustomizer.java
        package-info.java
        DevToolsMavenBuildCustomizer.java
        springkafka
        SpringKafkaBuildCustomizer.java
        package-info.java
        description
        InvalidJvmVersionHelpDocumentCustomizer.java
        InvalidPackageNameHelpDocumentCustomizer.java
        package-info.java
        DescriptionProjectGenerationConfiguration.java
        code
        kotlin
        ReactorKotlinExtensionsCustomizer.java
        package-info.java
        ManagedDependenciesKotlinVersionResolver.java
        KotlinProjectGenerationConfiguration.java
        KotlinCoroutinesCustomizer.java
        build
        gradle
        ManagedDependenciesDependencyManagementPluginVersionResolver.java
        package-info.java
        GradleProjectGenerationConfiguration.java
        GradleBuildSystemHelpDocumentCustomizer.java
        maven
        MavenBuildSystemHelpDocumentCustomizer.java
        MavenProjectGenerationConfiguration.java
        package-info.java
        package-info.java
        package-info.java
        StartApplication.java
    - test
      - resources
        logback-test.xml
        metadata
        test-dependencies-all.json
        junit-platform.properties
      - java
        io
        spring
        start
        site
        ProjectGenerationIntegrationTests.java
        project
        SpringBoot2ProjectDescriptionCustomizerTests.java
        JavaVersionProjectDescriptionCustomizerTests.java
        GradleDslProjectDescriptionCustomizerTests.java
        extension
        dependency
        springamqp
        SpringAmqpProjectGenerationConfigurationTests.java
        SpringRabbitTestBuildCustomizerTests.java
        observability
        ObservabilityBuildCustomizerTests.java
        WavefrontHelpDocumentCustomizerTests.java
        ObservabilityProjectGenerationConfigurationTests.java
        solace
        SolaceBinderBuildCustomizerTests.java
        springintegration
        SpringIntegrationTestBuildCustomizerTests.java
        SpringIntegrationProjectGenerationConfigurationTests.java
        lombok
        LombokGradleBuildCustomizerTests.java
        springdata
        R2dbcBuildCustomizerTests.java
        R2dbcHelpDocumentCustomizerTests.java
        springsecurity
        SpringSecurityRSocketBuildCustomizerTests.java
        SpringSecurityTestBuildCustomizerTests.java
        springrestdocs
        SpringRestDocsProjectGenerationConfigurationTests.java
        SpringRestDocsGradleBuildCustomizerTests.java
        SpringRestDocsMavenBuildCustomizerTests.java
        SpringRestDocsBuildCustomizerTests.java
        flyway
        FlywayProjectContributorTests.java
        springsession
        SpringSessionBuildCustomizerTests.java
        liquibase
        LiquibaseProjectContributorTests.java
        springbatch
        SpringBatchTestBuildCustomizerTests.java
        springcloud
        SpringCloudContractGradleBuildCustomizerTests.java
        SpringCloudNetflixMaintenanceModeHelpDocumentCustomizerTests.java
        SpringCloudProjectGenerationConfigurationTests.java
        SpringCloudGcpBomBuildCustomizerTests.java
        SpringCloudContractMavenBuildCustomizerTests.java
        SpringCloudFunctionBuildCustomizerTests.java
        SpringCloudContractDirectoryProjectContributorTests.java
        SpringCloudContractPluginGradleTests.java
        SpringCloudFunctionHelpDocumentCustomizerTests.java
        SpringCloudCircuitBreakerBuildCustomizerTests.java
        SpringCloudContractPluginMavenTests.java
        SpringCloudStreamBuildCustomizerTests.java
        SpringCloudProjectVersionResolverTests.java
        AbstractSpringCloudContractPluginTests.java
        reactor
        ReactorTestBuildCustomizerTests.java
        springboot
        DevToolsGradleBuildCustomizerTests.java
        DevToolsMavenBuildCustomizerTests.java
        springkafka
        SpringKafkaBuildCustomizerTests.java
        description
        InvalidJvmVersionHelpDocumentCustomizerTests.java
        InvalidPackageNameHelpDocumentCustomizerTests.java
        code
        kotlin
        ManagedDependenciesKotlinVersionResolverTests.java
        KotlinCoroutinesCustomizerTests.java
        ReactorKotlinExtensionTests.java
        build
        gradle
        ManagedDependenciesDependencyManagementPluginVersionResolverTests.java
        GradleBuildSystemHelpDocumentCustomizerTests.java
        maven
        MavenBuildSystemHelpDocumentCustomizerTests.java
        AbstractExtensionTests.java
        StartApplicationIntegrationTests.java
  - pom.xml
- pom.xml
- mvnw
- CODE_OF_CONDUCT.adoc
- start-site-verification
  - src
    - test
      - resources
        junit-platform.properties
      - java
        io
        spring
        start
        site
        DependencyResolver.java
        MetadataVerificationTests.java
  - pom.xml
- README.adoc
- .mvn
  - wrapper
    - maven-wrapper.jar
    - MavenWrapperDownloader.java
    - maven-wrapper.properties
- start-client
  - setupJest.js
  - src
    - images
    - components
      - utils
        __tests__
        Version.js
        Zip.js
        ApiUtils.js
        Version.js
        Zip.js
        Theme.js
        ApiUtils.js
        Hash.js
        WindowsUtils.js
      - Application.js
      - common
        dependency
        Dependency.js
        Dialog.js
        List.js
        Item.js
        index.js
        icons
        Icons.js
        index.js
        IconSpring.js
        layout
        Logo.js
        Header.js
        SideLeft.js
        HeaderMobile.js
        LogoMobile.js
        Social.js
        SideRight.js
        index.js
        builder
        Control.js
        Warnings.js
        HotKeys.js
        Placeholder.js
        Actions.js
        FieldInput.js
        FieldRadio.js
        Loading.js
        FieldError.js
        index.js
        Fields.js
        form
        Form.js
        Overlay.js
        Radio.js
        Button.js
        Close.js
        index.js
        explore
        Code.js
        Tree.js
        Select.js
        Loading.js
        index.js
        Explore.js
        share
        Share.js
        Popover.js
        index.js
      - reducer
        __tests__
        Initializr.js
        App.js
        Initializr.js
        App.js
    - App.js
    - fonts
      - metropolis-light-webfont.woff
      - metropolis-bold-webfont.woff
      - metropolis-extrabold-webfont.woff2
      - metropolis-thin-webfont.woff2
      - metropolis-thin-webfont.eot
      - metropolis-light-webfont.eot
      - metropolis-bold-webfont.woff2
      - metropolis-bold-webfont.eot
      - metropolis-medium-webfont.woff
      - metropolis-medium-webfont.woff2
      - metropolis-regular-webfont.woff2
      - metropolis-regular-webfont.eot
      - metropolis-regular-webfont.woff
      - metropolis-extrabold-webfont.eot
      - metropolis-thin-webfont.woff
      - metropolis-extrabold-webfont.woff
      - metropolis-light-webfont.woff2
      - metropolis-medium-webfont.eot
    - styles
      - explore.scss
      - _variables.scss
      - _hamburgers.scss
      - _prism.scss
      - _responsive.scss
      - share.scss
      - app.scss
      - _toast.scss
      - _mixins.scss
      - _main.scss
      - _fonts.scss
      - _dark.scss
    - Extend.json
  - webpack.dev.js
  - pom.xml
  - webpack.prod.js
  - .eslintrc
  - webpack.common.js
  - dev
    - api.json
  - .babelrc
  - package.json
  - .prettierignore
  - static
    - images
      - initializr-card.jpg
    - index.html
- ci
  - parameters.yml
  - images
    - start-site-ci-image
      - Dockerfile
    - setup.sh
  - config
    - kubeconfig.yml
    - elastic.yml
    - secret.yml
    - deployment.yml
  - README.adoc
  - tasks
    - verify-service.yml
    - build-service.yml
    - update-deployment.yml
    - get-blob-url.yml
    - deploy.yml
  - scripts
    - common.sh
    - build-service.sh
    - verify-service.sh
    - get-blob-url.sh
    - deploy.sh
    - update-deployment.sh
  - pipeline.yml
- .gitignore
- LICENSE.txt
- mvnw.cmd

/*
 * Copyright 2019 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package io.spring.start.site;

import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.stream.Collectors;
import java.util.stream.Stream;

import io.spring.initializr.metadata.BillOfMaterials;
import org.apache.maven.repository.internal.MavenRepositorySystemUtils;
import org.eclipse.aether.DefaultRepositorySystemSession;
import org.eclipse.aether.RepositorySystem;
import org.eclipse.aether.RepositorySystemSession;
import org.eclipse.aether.artifact.DefaultArtifact;
import org.eclipse.aether.collection.CollectRequest;
import org.eclipse.aether.connector.basic.BasicRepositoryConnectorFactory;
import org.eclipse.aether.graph.Dependency;
import org.eclipse.aether.impl.DefaultServiceLocator;
import org.eclipse.aether.internal.impl.DefaultRepositorySystem;
import org.eclipse.aether.repository.LocalRepository;
import org.eclipse.aether.repository.RemoteRepository;
import org.eclipse.aether.repository.RemoteRepository.Builder;
import org.eclipse.aether.repository.RepositoryPolicy;
import org.eclipse.aether.resolution.ArtifactDescriptorException;
import org.eclipse.aether.resolution.ArtifactDescriptorRequest;
import org.eclipse.aether.resolution.ArtifactResult;
import org.eclipse.aether.resolution.DependencyRequest;
import org.eclipse.aether.resolution.DependencyResolutionException;
import org.eclipse.aether.resolution.DependencyResult;
import org.eclipse.aether.spi.connector.RepositoryConnectorFactory;
import org.eclipse.aether.spi.connector.transport.GetTask;
import org.eclipse.aether.spi.connector.transport.PeekTask;
import org.eclipse.aether.spi.connector.transport.PutTask;
import org.eclipse.aether.spi.connector.transport.Transporter;
import org.eclipse.aether.spi.connector.transport.TransporterFactory;
import org.eclipse.aether.spi.locator.ServiceLocator;
import org.eclipse.aether.transfer.NoTransporterException;
import org.eclipse.aether.transport.http.HttpTransporterFactory;
import org.eclipse.aether.util.artifact.JavaScopes;
import org.eclipse.aether.util.filter.DependencyFilterUtils;
import org.eclipse.aether.util.repository.SimpleArtifactDescriptorPolicy;

import org.springframework.util.FileSystemUtils;

final class DependencyResolver {

	private static final Collection<DependencyResolver> instances = new ArrayList<>();

	private static final ThreadLocal<DependencyResolver> instanceForThread = ThreadLocal.withInitial(() -> {
		DependencyResolver instance = new DependencyResolver();
		instances.add(instance);
		return instance;
	});

	private static final RepositoryPolicy repositoryPolicy = new RepositoryPolicy(true,
			RepositoryPolicy.UPDATE_POLICY_NEVER, RepositoryPolicy.CHECKSUM_POLICY_IGNORE);

	static final RemoteRepository mavenCentral = createRemoteRepository("central", "https://repo1.maven.org/maven2",
			false);

	private static final Map<String, List<Dependency>> managedDependencies = new ConcurrentHashMap<>();

	private final Path localRepositoryLocation;

	private final RepositorySystemSession repositorySystemSession;

	private final RepositorySystem repositorySystem;

	DependencyResolver() {
		try {
			ServiceLocator serviceLocator = createServiceLocator();
			DefaultRepositorySystemSession session = MavenRepositorySystemUtils.newSession();
			session.setArtifactDescriptorPolicy(new SimpleArtifactDescriptorPolicy(false, false));
			this.localRepositoryLocation = Files.createTempDirectory("metadata-validation-m2");
			LocalRepository localRepository = new LocalRepository(this.localRepositoryLocation.toFile());
			this.repositorySystem = serviceLocator.getService(RepositorySystem.class);
			session.setLocalRepositoryManager(
					this.repositorySystem.newLocalRepositoryManager(session, localRepository));
			session.setReadOnly();
			this.repositorySystemSession = session;
		}
		catch (Exception ex) {
			throw new RuntimeException(ex);
		}
	}

	static RemoteRepository createRemoteRepository(String id, String url, boolean snapshot) {
		Builder repositoryBuilder = new Builder(id, "default", url);
		if (snapshot) {
			repositoryBuilder.setSnapshotPolicy(repositoryPolicy);
		}
		else {
			repositoryBuilder.setReleasePolicy(repositoryPolicy);
		}
		return repositoryBuilder.build();
	}

	static List<String> resolveDependencies(String groupId, String artifactId, String version,
			List<BillOfMaterials> boms, List<RemoteRepository> repositories) {
		DependencyResolver instance = instanceForThread.get();
		List<Dependency> managedDependencies = instance.getManagedDependencies(boms, repositories);
		Dependency aetherDependency = new Dependency(new DefaultArtifact(groupId, artifactId, "pom",
				instance.getVersion(groupId, artifactId, version, managedDependencies)), "compile");
		CollectRequest collectRequest = new CollectRequest((org.eclipse.aether.graph.Dependency) null,
				Collections.singletonList(aetherDependency), repositories);
		collectRequest.setManagedDependencies(managedDependencies);
		DependencyRequest dependencyRequest = new DependencyRequest(collectRequest,
				DependencyFilterUtils.classpathFilter(JavaScopes.COMPILE, JavaScopes.RUNTIME));
		try {
			return instance.resolveDependencies(dependencyRequest).getArtifactResults().stream()
					.map(ArtifactResult::getArtifact)
					.map((artifact) -> artifact.getGroupId() + ":" + artifact.getArtifactId())
					.collect(Collectors.toList());
		}
		catch (DependencyResolutionException ex) {
			throw new RuntimeException(ex);
		}
	}

	static void cleanUp() {
		instances.forEach(DependencyResolver::deleteLocalRepository);
	}

	void deleteLocalRepository() {
		try {
			FileSystemUtils.deleteRecursively(this.localRepositoryLocation);
		}
		catch (IOException ex) {
			// Continue
		}
	}

	private List<Dependency> getManagedDependencies(List<BillOfMaterials> boms, List<RemoteRepository> repositories) {
		return boms.stream().flatMap(
				(bom) -> getManagedDependencies(bom.getGroupId(), bom.getArtifactId(), bom.getVersion(), repositories))
				.collect(Collectors.toList());
	}

	private Stream<Dependency> getManagedDependencies(String groupId, String artifactId, String version,
			List<RemoteRepository> repositories) {
		String key = groupId + ":" + artifactId + ":" + version;
		List<org.eclipse.aether.graph.Dependency> managedDependencies = DependencyResolver.managedDependencies
				.computeIfAbsent(key,
						(coords) -> resolveManagedDependencies(groupId, artifactId, version, repositories));
		return managedDependencies.stream();
	}

	private List<org.eclipse.aether.graph.Dependency> resolveManagedDependencies(String groupId, String artifactId,
			String version, List<RemoteRepository> repositories) {
		try {
			return this.repositorySystem
					.readArtifactDescriptor(this.repositorySystemSession, new ArtifactDescriptorRequest(
							new DefaultArtifact(groupId, artifactId, "pom", version), repositories, null))
					.getManagedDependencies();
		}
		catch (ArtifactDescriptorException ex) {
			throw new RuntimeException(ex);
		}
	}

	private DependencyResult resolveDependencies(DependencyRequest dependencyRequest)
			throws DependencyResolutionException {
		DependencyResult resolved = this.repositorySystem.resolveDependencies(this.repositorySystemSession,
				dependencyRequest);
		return resolved;
	}

	private String getVersion(String groupId, String artifactId, String version,
			List<org.eclipse.aether.graph.Dependency> managedDependencies) {
		if (version != null) {
			return version;
		}
		for (org.eclipse.aether.graph.Dependency managedDependency : managedDependencies) {
			if (groupId.equals(managedDependency.getArtifact().getGroupId())
					&& artifactId.equals(managedDependency.getArtifact().getArtifactId())) {
				return managedDependency.getArtifact().getVersion();
			}
		}
		return null;
	}

	private static ServiceLocator createServiceLocator() {
		DefaultServiceLocator locator = MavenRepositorySystemUtils.newServiceLocator();
		locator.addService(RepositorySystem.class, DefaultRepositorySystem.class);
		locator.addService(RepositoryConnectorFactory.class, BasicRepositoryConnectorFactory.class);
		locator.addService(TransporterFactory.class, DependencyResolver.JarSkippingHttpTransporterFactory.class);
		return locator;
	}

	private static class JarSkippingHttpTransporterFactory implements TransporterFactory {

		private final HttpTransporterFactory delegate = new HttpTransporterFactory();

		@Override
		public Transporter newInstance(RepositorySystemSession session, RemoteRepository repository)
				throws NoTransporterException {
			return new JarGetSkippingTransporter(this.delegate.newInstance(session, repository));
		}

		@Override
		public float getPriority() {
			return 5.0f;
		}

		private static final class JarGetSkippingTransporter implements Transporter {

			private final Transporter delegate;

			private JarGetSkippingTransporter(Transporter delegate) {
				this.delegate = delegate;
			}

			@Override
			public int classify(Throwable error) {
				return this.delegate.classify(error);
			}

			@Override
			public void peek(PeekTask task) throws Exception {
				this.delegate.peek(task);
			}

			@Override
			public void get(GetTask task) throws Exception {
				if (task.getLocation().getPath().endsWith(".jar")) {
					return;
				}
				this.delegate.get(task);
			}

			@Override
			public void put(PutTask task) throws Exception {
				this.delegate.put(task);
			}

			@Override
			public void close() {
				this.delegate.close();
			}

		}

	}

}