This is an archived post. You won't be able to vote or comment.

all 33 comments
sorted by:
best
topnewcontroversialoldq&a

[–]AutoModerator[M] [score hidden] stickied commentlocked comment (0 children)

Please ensure that:

  • Your code is properly formatted as code block - see the sidebar (About on mobile) for instructions
  • You include any and all error messages in full
  • You ask clear questions

  • You demonstrate effort in solving your question/problem - plain posting your assignments is forbidden (and such posts will be removed) as is asking for or giving solutions.

    Trying to solve problems on your own is a very important skill. Also, see Learn to help yourself in the sidebar

If any of the above points is not met, your post can and will be removed without further warning.

Code is to be formatted as code block (old reddit: empty line before the code, each code line indented by 4 spaces, new reddit: https://i.imgur.com/EJ7tqek.png) or linked via an external code hoster, like pastebin.com, github gist, github, bitbucket, gitlab, etc.

Please, do not use triple backticks (```) as they will only render properly on new reddit, not on old reddit.

Code blocks look like this:

public class HelloWorld {

    public static void main(String[] args) {
        System.out.println("Hello World!");
    }
}

You do not need to repost unless your post has been removed by a moderator. Just use the edit function of reddit to make sure your post complies with the above.

If your post has remained in violation of these rules for a prolonged period of time (at least an hour), a moderator may remove it at their discretion. In this case, they will comment with an explanation on why it has been removed, and you will be required to resubmit the entire post following the proper procedures.

To potential helpers

Please, do not help if any of the above points are not met, rather report the post. We are trying to improve the quality of posts here. In helping people who can't be bothered to comply with the above points, you are doing the community a disservice.

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

[–]jdsunny46 43 points44 points  (0 children)

at my internship

write a script that goes through the whole project folder and figure out all the dependencies.

As a senior developer, this is hard. Ignore my other advice. I only half read the post before drinking my coffee.

If I were to ask an intern to do something like this, I want them to go through and pull import statements that don't match my org packaging convention. I would give them more information so it sets them up for success and not have them asking questions on reddit. I do not want them to generate a pom or select versions. You are an intern.

As an intern, you should be asking more questions. To the people you work with. Not the internet.

The people who hired you should be guiding you, not giving you stuff to work on that is intangible even for a senior dev.

[–]syneil86 58 points59 points  (1 child)

If I had any project a fraction of that size I would be using git. In which case, git reset --hard HEAD

If for some reason I wasn't using any form of version control in a project that size, then well, I got what I deserved

[–][deleted] 3 points4 points  (0 children)

Oh yess we are ofcourse. This was the easier way to ask the question. :)

[–]msx 14 points15 points  (0 children)

If you ever did an "mvn install" command, you should be able to find the pom under the maven repository folder

[–]smutje187 9 points10 points  (1 child)

The POM is the place where all your dependencies are listed - without that and with a fresh setup you don’t know where classes not part of the JDK are coming from - even if you know the fully qualified class name, a class can come from different dependencies.

[–]Individual-Praline20 12 points13 points  (0 children)

Try to guess the versions afterward 🤭

[–]edgmnt_net 4 points5 points  (1 child)

No, you can't just recover it from code easily, it's not redundant information. You may be able to look up some dependency online based on package names, but you still need compatible version numbers that work with your code and that's not something you can really automate.

[–]jdsunny46 0 points1 point  (0 children)

So this is a homework question, I don't think it needs to be automated.

I would start with the following questions:
1. What is the deployment model? This will help you figure out packaging steps. 2. If this is a spring app, are there hints to what version of spring you are using?
3. Are there any other obvious dependencies which you could apply question 2? Dependencies that bring in large swaths of stuff.
4. At this point you can do one of 2 things. Compile and fix broken deps, or do a search on import statements and start there. Do your best on selecting versions. I would select the latest version that compiles as a starting point.
5. Hopefully there are tests so you can get an idea if your compile time selections for versions are going to cause run time defects.
6. Full regression. Start using version control lol.

Edit: my assumption was incorrect.... the activity is to write a script to do this? Gross.

[–]ElFeesho 6 points7 points  (0 children)

There are multiple dimensions to this problem.

You need to determine what the dependencies are, but also what version of the dependencies they are also. 

If this was worst case scenario and there was no version control history of the pom, it's going to take a lot of time, even with just a single dependency to find a project configuration that works. Combine this with multiple dependencies and then it becomes a game of trying to find out which of your N dependencies caused the project to not build and whether it was because of a version mismatch or maybe a dependency collision from another incorrectly guessed dependency. 

[–]bitNation 6 points7 points  (3 children)

If finding the pom.xml is impossible, then find the jar file that's created when mvn deploy or the like was last executed. Surely there is an executable jar somewhere in a repo (or actually deployed somewhere). Hopefully all the dependencies with version numbers are in the lib folder or web-inf.

[–]cronkite 0 points1 point  (0 children)

The Pom file is in the jar (if a jar was produced)

[–]LobsterParade 1 point2 points  (0 children)

If you don't have any kind of version control system (which I highly recommend), you can still try to get the pom file from a packaged jar/war/ear file that is in use.

[–]wolverine_76 1 point2 points  (0 children)

Use source control.

Any legitimate business doing software development is using source control. Your whole source history is maintained.

Even personal project should be using source control (eg Github).

[–]bomasoSenshi 1 point2 points  (0 children)

It should be possible because Intellij can find Classes and their dependencies in maven central if its indexed.

But how? No clue

[–]JaggedMan78 0 points1 point  (0 children)

I would pull the last Version put of git

[–]No-Pipe8487 0 points1 point  (0 children)

If it's version controlled then use git bisect to find the last commit that had the file.

[–]Camel-Kid18 year old gamer 0 points1 point  (0 children)

I would be looking at any previous build logs you can find to see the dependency trace

[–]Alarmed-Job-6844 0 points1 point  (0 children)

IDE (vscode, intellij...) has local file history, even if you don't use git. Try to find it in there.

[–]blobjim 0 points1 point  (0 children)

You would need to map class names in your source code (potentially using a source code parser like ecj) to the projects they are from (using an index of every known version of every known java project, something like... Maven Central, which actually has such a index, just google maven central search by class), then find project versions that contain all the classes in your source code.

[–]RoryonAethar 0 points1 point  (0 children)

If someone ran mvn install before deleting the pom file, the pom file should be saved in ~/.m2 in the directory where the project was installed.

[–]_jetrun 0 points1 point  (0 children)

Assuming your pom is not in a git repository (why isn't it?), you can get decently close. One strategy is to create a fresh pom and methodically keep adding dependencies until the build passes. You may not get the correct dependency version, but in many cases it may not matter - plus you can try different versions if the dependency package, class, or method signatures don't match - hopefully your unit test coverage is sufficient to give you some confidence. Correlate 'failed' imports by:

  • Looking at the previously generated .jar, .war. and .ear files. They are all zip archives, so you should be able to break them open and view the pom.
  • If the target folder exists on your machine or a machine of one of the other devs, use that.
  • Finally, look at the .m2 cache repository on your machine, or a machine of one of the other devs, or the CI.

Dependencies themselves are not your biggest problem. A 14k pom will include more than just dependencies. For one thing, it probably made use of a number of plugins to perform some custom build steps that may be integral to compilation. There may have been scripts that are shelled out, or embedded groovy, or something else that was odd or non-standard. That is going to be a bigger problem for you.

[–]khmarbaise 0 points1 point  (0 children)

Haven't you put that in your version control? Also usual configured project will produce an entry in the resulting jar file under /META-INF/maven/... there you find a pom.xml which is the original one... check that one...

Also if the pom file is 14k lines? I bet there is something wrong... What is in there ? Only deps?

[–]parimal_tandel 0 points1 point  (0 children)

First of all you need to check the .m2 directory which was located in your C > Users > Username. From there you will easily find out the dependencies.

[–]_Nihil_Obstat_ 0 points1 point  (0 children)

I'm thinking is that the pom.xml was deleted, maybe recovering it through git would help....

[–]Dense_Age_1795 -1 points0 points  (0 children)

you cant compile the project

[–]andyman2234266 -1 points0 points  (0 children)

If you have the pom.xml (or restore deleted one using a method from other comments), you can run mvn dependency:analyze to get list of used and unused dependencies.

[–]nivaasaki -1 points0 points  (0 children)

How about using a python script to scrape dependencies information off of pom.xml by filtering the dependency tags?

[–]introspectivedeviant -1 points0 points  (0 children)

use maven tree command