build: add bundled dependencies as provided in pom.xml

sergej-koscejev · sergej-koscejev · commit 9b6473fcf52a · 2025-11-12T18:03:13.000+01:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,12 @@ All notable changes to this project are documented in this file.
 Format of the log is _loosely_ based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 The project does _not_ follow Semantic Versioning and the changes are documented in reverse chronological order, grouped by calendar month.
 
+## November 2025
+
+### Added
+- The Maven POM now contains all bundled JARs as dependencies with `provided` scope to help with automated license and
+  vulnerability scanning.
+
 ## October 2025
 
 ### Added
diff --git a/build.gradle b/build.gradle
@@ -383,7 +383,7 @@ task packageDistroWithDependencies(type: Zip, dependsOn: buildDistroWithDependen
 
 assemble.dependsOn packageLanguages, packageTests
 
-static def addDependency(Object pom, Object groupId, Object artifactId, Object version, Object type = null) {
+static def addDependency(Object pom, Object groupId, Object artifactId, Object version, Object type = null, String scope = null) {
     pom.withXml { XmlProvider prov ->
         Node root = prov.asNode()
         Node deps = root.dependencies[0] ?: root.appendNode("dependencies")
@@ -394,14 +394,16 @@ static def addDependency(Object pom, Object groupId, Object artifactId, Object v
         if (type != null) {
             dep.appendNode("type", type)
         }
+        if (scope != null) {
+            dep.appendNode("scope", scope)
+        }
     }
 }
 
-static def addDependency(Object pom, Configuration config) {
+static def addDependency(MavenPom pom, Configuration config, String scope = null) {
     config.resolvedConfiguration.firstLevelModuleDependencies.each {
-        addDependency(pom, it.moduleGroup, it.moduleName, it.moduleVersion, it.moduleArtifacts[0].type)
+        addDependency(pom, it.moduleGroup, it.moduleName, it.moduleVersion, it.moduleArtifacts[0].type, scope)
     }
-
 }
 
 ext.additionalPomInfo = {
@@ -425,6 +427,12 @@ ext.additionalPomInfo = {
     }
 }
 
+ext.addBundledDependencies = { MavenPom pom ->
+    bundledDeps.each {
+        addDependency(pom, configurations[it.configName], 'provided')
+    }
+}
+
 publishing {
     repositories {
         maven {
@@ -458,6 +466,8 @@ publishing {
 
             addDependency(pom, configurations.languageLibs)
 
+            pom addBundledDependencies
+
             pom additionalPomInfo
         }
 

Original file line number	Diff line number	Diff line change
`@@ -383,7 +383,7 @@ task packageDistroWithDependencies(type: Zip, dependsOn: buildDistroWithDependen`
`383`	`383`
`384`	`384`	`assemble.dependsOn packageLanguages, packageTests`
`385`	`385`
`386`		`-static def addDependency(Object pom, Object groupId, Object artifactId, Object version, Object type = null) {`
	`386`	`+static def addDependency(Object pom, Object groupId, Object artifactId, Object version, Object type = null, String scope = null) {`
`387`	`387`	`pom.withXml { XmlProvider prov ->`
`388`	`388`	`Node root = prov.asNode()`
`389`	`389`	`Node deps = root.dependencies[0] ?: root.appendNode("dependencies")`
`@@ -394,14 +394,16 @@ static def addDependency(Object pom, Object groupId, Object artifactId, Object v`
`394`	`394`	`if (type != null) {`
`395`	`395`	`dep.appendNode("type", type)`
`396`	`396`	`}`
	`397`	`+ if (scope != null) {`
	`398`	`+ dep.appendNode("scope", scope)`
	`399`	`+ }`
`397`	`400`	`}`
`398`	`401`	`}`
`399`	`402`
`400`		`-static def addDependency(Object pom, Configuration config) {`
	`403`	`+static def addDependency(MavenPom pom, Configuration config, String scope = null) {`
`401`	`404`	`config.resolvedConfiguration.firstLevelModuleDependencies.each {`
`402`		`- addDependency(pom, it.moduleGroup, it.moduleName, it.moduleVersion, it.moduleArtifacts[0].type)`
	`405`	`+ addDependency(pom, it.moduleGroup, it.moduleName, it.moduleVersion, it.moduleArtifacts[0].type, scope)`
`403`	`406`	`}`
`404`		`-`
`405`	`407`	`}`
`406`	`408`
`407`	`409`	`ext.additionalPomInfo = {`
`@@ -425,6 +427,12 @@ ext.additionalPomInfo = {`
`425`	`427`	`}`
`426`	`428`	`}`
`427`	`429`
	`430`	`+ext.addBundledDependencies = { MavenPom pom ->`
	`431`	`+ bundledDeps.each {`
	`432`	`+ addDependency(pom, configurations[it.configName], 'provided')`
	`433`	`+ }`
	`434`	`+}`
	`435`	`+`
`428`	`436`	`publishing {`
`429`	`437`	`repositories {`
`430`	`438`	`maven {`
`@@ -458,6 +466,8 @@ publishing {`
`458`	`466`
`459`	`467`	`addDependency(pom, configurations.languageLibs)`
`460`	`468`
	`469`	`+ pom addBundledDependencies`
	`470`	`+`
`461`	`471`	`pom additionalPomInfo`
`462`	`472`	`}`
`463`	`473`