Spring 引导核心依赖项被 maven-dependency-plugin 视为未使用

Question

maven-dependency-plugin检测到 spring 引导依赖项未使用，但实际上需要它们才能运行我的应用程序。 我会做错什么吗？

我的 pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">

    <modelVersion>4.0.0</modelVersion>
    <artifactId>my-service</artifactId>
    <packaging>jar</packaging>
    <name>my-service</name>
    <description>my service</description>

    <parent>
        <groupId>com.my</groupId>
        <artifactId>parent</artifactId>
        <version>0.2.0-SNAPSHOT</version>
    </parent>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-actuator</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-eureka</artifactId>
            <exclusions>
                <exclusion>
                    <groupId>javax.ws.rs</groupId>
                    <artifactId>jsr311-api</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-configuration-processor</artifactId>
            <optional>true</optional>
        </dependency>
        <dependency>
            <groupId>org.apache.tomcat.embed</groupId>
            <artifactId>tomcat-embed-core</artifactId>
        </dependency>
        <dependency>
            <groupId>org.slf4j</groupId>
            <artifactId>slf4j-api</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.security.oauth</groupId>
            <artifactId>spring-security-oauth2</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-core</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-context</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-webmvc</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-commons</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-beans</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-autoconfigure</artifactId>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-compiler-plugin</artifactId>
                <configuration>
                    <source>1.8</source>
                    <target>1.8</target>
                </configuration>
            </plugin>
            <!--Analyze maven dependencies at verify phase-->
            <plugin>
                <artifactId>maven-dependency-plugin</artifactId>
                <version>2.10</version>
                <executions>
                    <execution>
                        <id>analyze</id>
                        <goals>
                            <goal>analyze-only</goal>
                        </goals>
                        <configuration>
                            <ignoreNonCompile>true</ignoreNonCompile>
                            <failOnWarning>false</failOnWarning>
                            <outputXML>true</outputXML>
                        </configuration>
                    </execution>
                </executions>
            </plugin>
        </plugins>
    </build>

</project>

我的日志

[INFO] --- maven-dependency-plugin:2.10:analyze-only (analyze) @ resource-service ---
[WARNING] Unused declared dependencies found:
[WARNING]    org.springframework.boot:spring-boot-starter-actuator:jar:1.3.5.RELEASE:compile
[WARNING]    org.springframework.cloud:spring-cloud-starter-oauth2:jar:1.1.0.RELEASE:compile
[WARNING]    org.springframework.boot:spring-boot-configuration-processor:jar:1.3.5.RELEASE:compile
[WARNING]    org.springframework.cloud:spring-cloud-starter-eureka:jar:1.1.0.RELEASE:compile
[INFO] ------------------------------------------------------------------------

Answer 1

如果要将这些依赖项标记为已使用。

编辑你的pom.xml，如下所示

<plugin>
    <artifactId>maven-dependency-plugin</artifactId>
    <version>2.10</version>
    <executions>
        <execution>
            <id>analyze</id>
            <goals>
                <goal>analyze-only</goal>
            </goals>
            <configuration>
                <ignoreNonCompile>true</ignoreNonCompile>
                <failOnWarning>false</failOnWarning>
                <outputXML>true</outputXML>
                <usedDependencies>
                    <usedDependency>org.springframework.boot:spring-boot-starter-actuator</usedDependency>
                    <usedDependency>org.springframework.cloud:spring-cloud-starter-oauth2</usedDependency>
                    <usedDependency>org.springframework.boot:spring-boot-configuration-processor</usedDependency>
                    <usedDependency>org.springframework.cloud:spring-cloud-starter-eureka</usedDependency>
                </usedDependencies>
            </configuration>
        </execution>
    </executions>
</plugin>

Answer 2

@Kerem 答案的增强功能是一次排除所有 spring 依赖项（使用正则表达式），而不是将它们一一列出，这需要未来注意未使用/使用的依赖项。

<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<version>${maven-dependency-plugin.version}</version>
<executions>
    <execution>
        <id>analyze-dependencies</id>
        <goals>
            <goal>analyze-only</goal>
        </goals>
        <configuration>
            <failOnWarning>true</failOnWarning>

            <ignoredUnusedDeclaredDependencies>
                <!-- Because of SpringBoot auto-configurations, the configuration is happening outside of your application code, so Maven believes these dependencies to be unused -->
                <!-- Static code analysis tools like (maven-dependency-plugin) can not detect runtime dependencies, so you should instruct them about runtime dependencies -->
                <!-- https://stackoverflow.com/questions/37528928/spring-boot-core-dependencies-seen-as-unused-by-maven-dependency-plugin -->
                <ignoredUnusedDeclaredDependency>org.springframework*:*</ignoredUnusedDeclaredDependency>
            </ignoredUnusedDeclaredDependencies>

        </configuration>
    </execution>
</executions>

Answer 3

这是正常的，因为您的代码不直接利用任何这些依赖项。 Spring Boot的工作方式是分析你的类路径，并通过添加相应的依赖项为你自动配置许多不同的东西。 由于配置发生在应用程序代码之外，因此Maven认为这些依赖项未被使用。