概述

在这个教程中,我们将学习如何使用Maven命令检测pom.xml中的重复依赖项。我们还将了解如何使用Maven Enforcer插件在发现重复依赖时停止构建。

为什么检测重复依赖?

pom.xml中存在重复依赖的风险在于,项目构建路径可能不会应用到目标库的最新版本。例如,考虑以下的pom.xml

<project>
  [...]
  <dependencies>
    <dependency>
      <groupId>org.apache.commons</groupId>
      <artifactId>commons-lang3</artifactId>
      <version>3.12.0</version>
    </dependency>
    <dependency>
      <groupId>org.apache.commons</groupId>
      <artifactId>commons-lang3</artifactId>
      <version>3.11</version>
    </dependency>
  </dependencies>
   [...]
</project>

如图所示,有两个对同一库(commons-lang3)的依赖,尽管两个依赖的版本不同。

接下来,我们将学习如何使用Maven命令来检测这些重复依赖。

依赖树命令

现在,让我们在终端中运行mvn dependency:tree命令并查看输出。

$ mvn dependency:tree
[INFO] Scanning for projects...
[WARNING]
[WARNING] Some problems were encountered while building the effective model for com.baeldung:maven-duplicate-dependencies:jar:0
.0.1-SNAPSHOT
[WARNING] 'dependencies.dependency.(groupId:artifactId:type:classifier)' must be unique: org.apache.commons:commons-lang3:jar -
> version 3.12.0 vs 3.11 @ line 14, column 15
[WARNING]
[WARNING] It is highly recommended to fix these problems because they threaten the stability of your build.
[WARNING]
[WARNING] For this reason, future Maven versions might no longer support building such malformed projects.
[WARNING]
[INFO]
[INFO] -------------< com.baeldung:maven-duplicate-dependencies >--------------
[INFO] Building maven-duplicate-dependencies 0.0.1-SNAPSHOT
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ maven-duplicate-dependencies ---
[WARNING] The artifact xml-apis:xml-apis:jar:2.0.2 has been relocated to xml-apis:xml-apis:jar:1.0.b2
[INFO] com.baeldung:maven-duplicate-dependencies:jar:0.0.1-SNAPSHOT
[INFO] \- org.apache.commons:commons-lang3:jar:3.11:compile
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  1.136 s
[INFO] Finished at: 2021-12-20T09:45:20+05:30
[INFO] ------------------------------------------------------------------------

这里,我们看到警告,指出pom.xml中存在重复依赖。此外,我们注意到虽然项目中存在更高版本(3.12.0)的commons-lang3.jar,但Maven选择了较晚出现在pom.xml中的3.11版本。这是因为Maven选择了最后出现的依赖。

依赖analyze-duplicate命令

现在,运行mvn dependency:analyze-duplicate命令并查看输出。

$ mvn dependency:analyze-duplicate
[INFO] Scanning for projects...
[WARNING]
[WARNING] Some problems were encountered while building the effective model for com.baeldung:maven-duplicate-dependencies:jar:0
.0.1-SNAPSHOT
[WARNING] 'dependencies.dependency.(groupId:artifactId:type:classifier)' must be unique: org.apache.commons:commons-lang3:jar -
> version 3.12.0 vs 3.11 @ line 14, column 15
[WARNING]
[WARNING] It is highly recommended to fix these problems because they threaten the stability of your build.
[WARNING]
[WARNING] For this reason, future Maven versions might no longer support building such malformed projects.
[WARNING]
[INFO]
[INFO] -------------< com.baeldung:maven-duplicate-dependencies >--------------
[INFO] Building maven-duplicate-dependencies 0.0.1-SNAPSHOT
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-dependency-plugin:2.8:analyze-duplicate (default-cli) @ maven-duplicate-dependencies ---
[WARNING] The artifact xml-apis:xml-apis:jar:2.0.2 has been relocated to xml-apis:xml-apis:jar:1.0.b2
[INFO] List of duplicate dependencies defined in <dependencies/> in your pom.xml:
        o org.apache.commons:commons-lang3:jar
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  0.835 s
[INFO] Finished at: 2021-12-20T09:54:02+05:30
[INFO] ------------------------------------------------------------------------

在这里,我们注意到警告和信息日志都提到了重复依赖的存在。

如果存在重复依赖,构建失败

在上述示例中,我们已经了解了如何检测重复依赖,但构建仍然成功,这可能导致使用了不正确的jar版本。

通过使用Maven Enforcer插件,我们可以确保在存在重复依赖时构建失败。

为此,我们需要将此Maven插件添加到pom.xml中,并添加规则banDuplicatePomDependencyVersions

<project>
  [...]
  <build>
    <plugins>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-enforcer-plugin</artifactId>
        <version>3.0.0</version>
        <executions>
          <execution>
            <id>no-duplicate-declared-dependencies</id>
            <goals>
              <goal>enforce</goal>
            </goals>
            <configuration>
              <rules>
                <banDuplicatePomDependencyVersions/>
              </rules>
            </configuration>
          </execution>
        </executions>
      </plugin>
    </plugins>
  </build>
  [...]
</project>

现在,规则绑定到我们的Maven构建:

$ mvn verify
[INFO] Scanning for projects...
[WARNING]
[WARNING] Some problems were encountered while building the effective model for com.baeldung:maven-duplicate-dependencies:jar:0
.0.1-SNAPSHOT
[WARNING] 'dependencies.dependency.(groupId:artifactId:type:classifier)' must be unique: org.apache.commons:commons-lang3:jar -
> version 3.12.0 vs 3.11 @ line 14, column 14
[WARNING]
[INFO] -------------< com.baeldung:maven-duplicate-dependencies >--------------
[INFO] Building maven-duplicate-dependencies 0.0.1-SNAPSHOT
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-enforcer-plugin:3.0.0:enforce (no-duplicate-declared-dependencies) @ maven-duplicate-dependencies ---
[WARNING] Rule 0: org.apache.maven.plugins.enforcer.BanDuplicatePomDependencyVersions failed with message:
Found 1 duplicate dependency declaration in this project:
 - dependencies.dependency[org.apache.commons:commons-lang3:jar] ( 2 times )

[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  0.537 s
[INFO] Finished at: 2021-12-20T09:55:46+05:30
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-enforcer-plugin:3.0.0:enforce (no-duplicate-declared-dependencies) on project maven-duplicate-dependencie
s: Some Enforcer rules have failed. Look above for specific messages explaining why the rule failed.

删除重复依赖

一旦识别出重复依赖,最简单的方法是从pom.xml中删除它们,只保留项目实际使用的独特依赖。

总结

在这篇文章中,我们学习了如何使用mvn dependency:treemvn dependency:analyze-duplicate命令在Maven中检测重复依赖。我们还了解到如何使用Maven Enforcer插件通过内置规则在包含重复依赖的构建中失败。


« 上一篇: Java Weekly, 第417期