Added option to choose dependency source for BOM

[ragnarruutel]

There is a problem when creating BOM for module in multi module project. If for example dependency is included in parent project dependency management and not used by module for which you want to create BOM, then unused dependency will be included into bom-pom.xml I've added integration test src/it/multi-module-pom to illustrate this problem.

PS. To run integration tests hit mvn clean install invoker:run

[emmartins]

@ragnarruutel the source of the BOM dependencyManagement should always be the builder's dependencyManagement, which you then filter using <includeDependencies/> and <excludeDependencies/> (which on multiproject you may combine/override through combine.children="..." and combine.self="...").

I have yet to give it a deep look at what you report as not working, but by definition I would prefer that we don't throw the builder's dependencies in the mix to build the BOM, cause those may be there for other purposes (another plugin for instance). As a matter of fact we once had issues with Maven dependencies itself and had to deeply rework the internal resolving wrt exclusions.

Anyway like I said, will need more time to look at this, just wanted you to know that by definition you are going in a direction (using builder dependencies) that is problematic, that you should try to solve it with current plugin configuration means.

PS: We are reworking WildFly BOMs and we are introducing significant multi module relations, feel free to have a look how we are doing at wildfly/wildfly#17990 , we tend to prefer using includeDependencies over excludeDependencies tho

[ragnarruutel]

@emmartins I didn't do a good job explaining my problem so I will try to give an example. I have multi module project with this structure:

\project\
  - \module1\
    -  pom.xml
  - \module2\  
    - pom.xml
  - \module3\  
    - pom.xml
  - pom.xml

This is what the pom.xml in root folder looks like (I omitted irrelevant entries for brevity and to emphasize that I am declaring dependencies shared by multiple modules in parent dependency management, also plugin is declared in parent pom):

<project xmlns="...
  <groupId>tld.domain</groupId>
  <artifactId>parent</artifactId>
  <version>1.0.0</version>
  <packaging>pom</packaging>
  <modules>
    <module>module1</module>
    <module>module2</module>
    <module>module3</module>
  </modules>
  ...
  <dependencyManagement>
    <dependencies>
      <! -- used by module1 and module3 -->
      <dependency>
        <groupId>tld.domain</groupId>
        <artifactId>dep1</artifactId>
        <version>1.2.3</version>
      </dependency>
      <! -- used by module2 and module3 -->
      <dependency>
        <groupId>tld.domain</groupId>
        <artifactId>dep2</artifactId>
        <version>1.2.3</version>
      </dependency>
    </dependencies>  
  </dependencyManagement>
  <build>
    <pluginManagement>
      <plugins>
        <plugin>
          <groupId>org.wildfly.plugins</groupId>
          <artifactId>wildfly-bom-builder-plugin</artifactId>
          <version>2.0.8.Final</version>
          <executions>
            <execution>
                <id>build-bom</id>
                <goals>
                  <goal>build-bom</goal>
                </goals>
            </execution>
          </executions>
          <configuration>
              <bomGroupId>tld.domain</bomGroupId>
              <!-- actually provided as argument -->
              <bomArtifactId>module1</bomArtifactId>
              <bomVersion>1.0.0</bomVersion>
          </configuration>
        </plugin>
      </plugins>
    </pluginManagement>
  </build>
</project>

The pom.xml for module1 looks like this:

<project xmlns="...
  <modelVersion>4.0.0</modelVersion>
  <parent>
    <groupId>tld.domain</groupId>
    <artifactId>parent</artifactId>
    <version>1.0.0</version>
  </parent>
  <artifactId>module1</artifactId>
  ...

  <dependencies>
    <dependency>
      <groupId>tld.domain</groupId>
      <artifactId>dep1</artifactId>
    </dependency>
  </dependencies>  
  ...
</project>

If I run mvn -pl module1 org.wildfly.plugins:wildfly-bom-builder-plugin:build-bom on project root then BOM for module1 will contain dep2 which is not used by module1.

I suppose one solution could be to explicitly use <includeDependencies/> and <excludeDependencies/> with combine property but that seems like extra maintenance burden and possible source of errors (if I add dependency but your forget add include tag).

PS. I looked at your PR and it seems this approach is extensively used for Wildfly but I would argue that using project dependencies would ease maintenance for projects that build BOMs from pom.xml files.

[emmartins]

@ragnarruutel I am going to merge this, the change impact in default behavior is null, and there is no need to maintain any additional code. Still, please understand this new way to use the plugin can become a mess if the bom builder project has a need for dependencies, or uses a parent with dependencies that you don't control, use it carefully.

Thanks a lot for the integration testsuite contribution.