feat(Maven): Filter source bundles from dependencies

In Tycho's dependency tree, source code bundles appear together with
regular dependencies and the suffix ".source". Filter out these
artifacts, as they are not really dependencies in the context of ORT.

In an upcoming commit, such source artifacts will be assigned to the
packages generated for dependencies.

Signed-off-by: Oliver Heger <[email protected]>

Author: oheger-bosch

plugins/package-managers/maven/src/main/kotlin/utils/DependencyTreeParser.kt

@@ -36,6 +36,9 @@ import org.eclipse.aether.repository.RemoteRepository
 /** The [Json] instance to use for parsing of dependency trees in JSON format. */
 internal val JSON = Json { ignoreUnknownKeys = true }
 
+/** The suffix that classifies an OSGi bundle as a source bundle. */
+private const val SOURCE_BUNDLE_SUFFIX = ".source"
+
 /**
  * A data class to represent a node in the JSON output generated by the Maven Dependency Plugin.
  */
@@ -79,10 +82,30 @@ internal fun parseDependencyTree(
 private fun DependencyTreeMojoNode.toDependencyNode(repositories: List<RemoteRepository>): DependencyNode {
     val artifact = DefaultArtifact(groupId, artifactId, classifier, type, version)
     val dependency = Dependency(artifact, scope)
-    val childNodes = children.map { it.toDependencyNode(repositories) }
+    val childNodes = children.filterSourceBundles().map { it.toDependencyNode(repositories) }
 
     return DefaultDependencyNode(dependency).apply {
         children = childNodes
         setRepositories(repositories)
     }
 }
+
+/**
+ * Filter out source bundles from this collection of [DependencyTreeMojoNode]s. Tycho reports source code bundles
+ * (denoted by the suffix ".source") as regular dependencies. As this does not make sense for ORT, remove them, but
+ * only if the corresponding binary bundle is present as well. This is to reduce the likelihood of dropping a
+ * relevant dependency by accident.
+ */
+private fun Collection<DependencyTreeMojoNode>.filterSourceBundles(): Collection<DependencyTreeMojoNode> {
+    if (none { isSourceBundle(it) }) return this
+
+    val bundleIds = mapTo(mutableSetOf()) { it.artifactId }
+    return filterNot { node ->
+        isSourceBundle(node) && node.artifactId.removeSuffix(SOURCE_BUNDLE_SUFFIX) in bundleIds
+    }
+}
+
+/**
+ * Return a flag whether the given [node] represents a source bundle.
+ */
+private fun isSourceBundle(node: DependencyTreeMojoNode): Boolean = node.artifactId.endsWith(SOURCE_BUNDLE_SUFFIX)

plugins/package-managers/maven/src/test/kotlin/utils/DependencyTreeParserTest.kt

@@ -339,6 +339,96 @@ class DependencyTreeParserTest : WordSpec({
                 compareNodes(projectNode1, it)
             }
         }
+
+        "remove source code bundles in dependencies" {
+            val projectNode = DependencyTreeMojoNode(
+                "org.ossreviewtoolkit",
+                "module",
+                "1.2.3-SNAPSHOT",
+                "pom",
+                "",
+                "",
+                listOf(
+                    DependencyTreeMojoNode(
+                        "org.apache.commons",
+                        "commons-configuration2",
+                        "2.11.0",
+                        "jar",
+                        "compile",
+                        ""
+                    ),
+                    DependencyTreeMojoNode(
+                        "p2.eclipse.plugin",
+                        "org.objectweb.asm",
+                        "9.1.0",
+                        "jar",
+                        "compile",
+                        ""
+                    ),
+                    DependencyTreeMojoNode(
+                        "p2.eclipse.plugin",
+                        "org.objectweb.asm.source",
+                        "9.1.0",
+                        "jar",
+                        "compile",
+                        ""
+                    )
+                )
+            )
+
+            val projectDependencies = parseDependencyTree(
+                inputStreamFor(projectNode),
+                listOf(createProject("module"))
+            ).toList()
+
+            projectDependencies.shouldBeSingleton { node ->
+                node.children.map { it.artifact.artifactId } shouldContainExactlyInAnyOrder listOf(
+                    "commons-configuration2",
+                    "org.objectweb.asm"
+                )
+            }
+        }
+
+        "only remove source code bundles if there is a matching regular bundle" {
+            val projectNode = DependencyTreeMojoNode(
+                "org.ossreviewtoolkit",
+                "module",
+                "1.2.3-SNAPSHOT",
+                "pom",
+                "",
+                "",
+                listOf(
+                    DependencyTreeMojoNode(
+                        "org.apache.commons",
+                        "commons-configuration2",
+                        "2.11.0",
+                        "jar",
+                        "compile",
+                        ""
+                    ),
+                    DependencyTreeMojoNode(
+                        "p2.eclipse.plugin",
+                        "org.objectweb.asm.source",
+                        "9.1.0",
+                        "jar",
+                        "compile",
+                        ""
+                    )
+                )
+            )
+
+            val projectDependencies = parseDependencyTree(
+                inputStreamFor(projectNode),
+                listOf(createProject("module"))
+            ).toList()
+
+            projectDependencies.shouldBeSingleton { node ->
+                node.children.map { it.artifact.artifactId } shouldContainExactlyInAnyOrder listOf(
+                    "commons-configuration2",
+                    "org.objectweb.asm.source"
+                )
+            }
+        }
     }
 })