add check dependencies ci

.github/workflows/check-dependencies.yml

@@ -0,0 +1,26 @@
+name: third-party dependencies check
+
+on: [push, pull_request]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    env:
+      SCRIPT_DEPENDENCY: hugegraph-dist/scripts/dependency
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@v3
+      - name: Set up JDK 8
+        uses: actions/setup-java@v3
+        with:
+          java-version: '8'
+          distribution: 'adopt'
+      - name: mvn install
+        run: |
+          mvn install -DskipTests=true
+      - name: generate current dependencies
+        run: |
+          bash $SCRIPT_DEPENDENCY/regenerate_known_dependencies.sh current-dependencies.txt
+      - name: check third dependencies
+        run: |
+          bash $SCRIPT_DEPENDENCY/check_dependencies.sh

hugegraph-dist/scripts/dependency/check_dependencies.sh

@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+BASE_PATH=$(cd $(dirname $0); pwd)
+
+# check whether there are new third-party dependencies by diff command,
+# diff generated 'current-dependencies.txt' file with 'known-dependencies.txt' file.
+diff -w -B -U0 <(sort < ${BASE_PATH}/known-dependencies.txt) \
+<(sort < ${BASE_PATH}/current-dependencies.txt) > ${BASE_PATH}/result.txt
+
+# if has new third-party,the Action will fail and print diff
+if [ -s ${BASE_PATH}/result.txt ]; then
+  cat ${BASE_PATH}/result.txt
+  exit 1
+else
+  echo 'All third dependencies is known!'
+fi

hugegraph-dist/scripts/dependency/known-dependencies.txt

@@ -0,0 +1,86 @@
+animal-sniffer-annotations-1.18.jar
+annotations-4.1.1.4.jar
+aopalliance-repackaged-3.0.1.jar
+bolt-1.6.2.jar
+checker-qual-3.5.0.jar
+commons-beanutils-1.9.4.jar
+commons-codec-1.13.jar
+commons-collections-3.2.2.jar
+commons-configuration-1.10.jar
+commons-configuration2-2.8.0.jar
+commons-io-2.7.jar
+commons-lang-2.6.jar
+commons-lang3-3.12.0.jar
+commons-logging-1.1.1.jar
+commons-text-1.9.jar
+disruptor-3.3.7.jar
+error_prone_annotations-2.3.4.jar
+failureaccess-1.0.1.jar
+grpc-api-1.28.0.jar
+grpc-context-1.28.0.jar
+grpc-core-1.28.0.jar
+grpc-netty-shaded-1.28.0.jar
+grpc-protobuf-1.28.0.jar
+grpc-protobuf-lite-1.28.0.jar
+grpc-stub-1.28.0.jar
+gson-2.8.6.jar
+guava-30.0-jre.jar
+hamcrest-core-1.3.jar
+hessian-3.3.7.jar
+hk2-api-3.0.1.jar
+hk2-locator-3.0.1.jar
+hk2-utils-3.0.1.jar
+httpclient-4.5.13.jar
+httpcore-4.4.13.jar
+j2objc-annotations-1.3.jar
+jackson-annotations-2.14.0-rc1.jar
+jackson-core-2.14.0-rc1.jar
+jackson-databind-2.14.0-rc1.jar
+jackson-dataformat-yaml-2.9.3.jar
+jackson-jaxrs-base-2.14.0-rc1.jar
+jackson-jaxrs-json-provider-2.14.0-rc1.jar
+jackson-module-jaxb-annotations-2.14.0-rc1.jar
+jakarta.activation-2.0.1.jar
+jakarta.activation-api-1.2.2.jar
+jakarta.annotation-api-2.0.0.jar
+jakarta.inject-api-2.0.0.jar
+jakarta.ws.rs-api-3.0.0.jar
+jakarta.xml.bind-api-4.0.0-RC2.jar
+javassist-3.28.0-GA.jar
+javax.activation-api-1.2.0.jar
+javax.json-1.0.jar
+jaxb-api-2.3.1.jar
+jaxb-core-3.0.2.jar
+jaxb-impl-3.0.2.jar
+jersey-apache-connector-3.0.3.jar
+jersey-client-3.0.3.jar
+jersey-common-3.0.3.jar
+jersey-entity-filtering-3.0.3.jar
+jersey-hk2-3.0.3.jar
+jersey-media-json-jackson-3.0.3.jar
+joda-time-2.10.8.jar
+jsr305-3.0.1.jar
+junit-4.13.1.jar
+listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
+log4j-api-2.18.0.jar
+log4j-core-2.18.0.jar
+log4j-slf4j-impl-2.18.0.jar
+lookout-api-1.4.1.jar
+netty-all-4.1.42.Final.jar
+opentracing-api-0.22.0.jar
+opentracing-mock-0.22.0.jar
+opentracing-noop-0.22.0.jar
+opentracing-util-0.22.0.jar
+osgi-resource-locator-1.0.3.jar
+perfmark-api-0.19.0.jar
+proto-google-common-protos-1.17.0.jar
+protobuf-java-3.11.0.jar
+slf4j-api-1.7.25.jar
+snakeyaml-1.18.jar
+sofa-common-tools-1.0.12.jar
+sofa-rpc-all-5.7.6.jar
+swagger-annotations-1.5.18.jar
+swagger-core-1.5.18.jar
+swagger-models-1.5.18.jar
+tracer-core-3.0.8.jar
+validation-api-1.1.0.Final.jar

hugegraph-dist/scripts/dependency/regenerate_known_dependencies.sh

@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+BASE_PATH=$(cd $(dirname $0); pwd)
+DEP_PATH=$BASE_PATH/all_dependencies
+FILE_NAME=${1:-known-dependencies.txt}
+
+if [[ -d $DEP_PATH ]];then
+  echo "rm -r -f DEP_PATH"
+  rm -r -f $DEP_PATH
+fi
+
+cd $BASE_PATH/../../../
+
+mvn dependency:copy-dependencies -DincludeScope=runtime -DoutputDirectory=$DEP_PATH
+
+ls $DEP_PATH | egrep -v "^hugegraph|hubble" | sort -n > $BASE_PATH/$FILE_NAME
+rm -r -f $DEP_PATH