Generate pom.xml file (with dependency) for all the jars name/version I have in my text file

Question

I have huge number of jars listed in text file along with its versions. For ex:

• spring-jdbc-4.3.6.RELEASE.jar
• commons-codec.jar
• commons-fileupload.jar

. . . .

This list goes on for 500+ jars.

Problem: I need a pom.xml that comprises all these jars as dependency. I need this for GHAS scanning in github to determine the EOL's

Answer 1

Any jar file that is built by maven should have pom.properties file under META-INF\maven\${groupId}\${artifactId}. This pom.properties file should contain the groupId, artifactId and version of the jar

Personally I'd write a gradle/groovy script to iterate the list of jar files, extract the pom.properties file and write a pom.xml snippet (since gradle has really nice api's for iterating files and extracting from zipfiles etc).

This could also be done in java although it would be more verbose (using ZipInputStream)

Here's what a gradle script might look like to achieve this

tasks.register('xmlDependencies') {
   doLast {
      def textFile = file('c:/path/to/textfile.txt')
      def deps = []
      for (String line : textFile.readLines()) {
         File jar = file(line)
         Set<File> propFiles = zipTree(jar).matching { include 'META-INF/maven/**/pom.properties' }.files
         if (propFiles.size() != 1) {
            logger.lifecycle "Found ${propFiles.size()} pom.properties in ${jar}"
         } else {
            Properties props = new Properties();
            props.load(propFiles[0])

            deps << """|<dependency>
                       |   <groupId>${props.groupId}</groupId>            
                       |   <artifactId>${props.artifactId}</artifactId>            
                       |   <version>${props.version}</version>            
                       |</dependency>""".stripMargin()
         }
      }
      File pomFile = file("$buildDir/pom.xml")
      pomFile.text = deps.join('\r\n')
      logger.lifecycle "Wrote to $pomFile" 
   }
}