chore: Clean up dhis-api and other modules using it [TECH-801]

[enricocolasante]

The idea of this PR is to start from the bottom of the dependency tree and clean up the unused declared and the used undeclared dependencies in the pom.
mvn dependency:analyze-only is not trustable 100% so what I am doing is to exclude all the attached dependencies from the target module. In this case, something like this:
<dependency> <groupId>org.hisp.dhis</groupId> <artifactId>dhis-api</artifactId> <exclusions> <exclusion> <groupId>*</groupId> <artifactId>*</artifactId> </exclusion> </exclusions> </dependency>

Then fixing all the dependency problems.

In this PR there was also a problem in dhis-web-api-test tests because of the import of simlper logger from rule-engine. I exclude that from the dependency to make it work. Maybe this will need some more thought that are not part of this PR.

[teleivo]

awesome approach @enricocolasante 😄

regarding logging you are right there is some more work that we need to do at some point: https://jira.dhis2.org/browse/TECH-803

I also found that some of our code logs using simplelogger #9176 (quick fix to quiet these logs during testing). So I would wait merging this PR after dhis2/dhis2-rule-engine#81 is merged. Since you removed the simplelogger config tests would get noisy again.

What do you think of enforcing/banning simplelogger from being included via
https://maven.apache.org/enforcer/enforcer-rules/bannedDependencies.html It can also ban it if coming via transitive dependency 😋
?

[enricocolasante]

awesome approach @enricocolasante 😄

regarding logging you are right there is some more work that we need to do at some point: https://jira.dhis2.org/browse/TECH-803

I also found that some of our code logs using simplelogger #9176 (quick fix to quiet these logs during testing). So I would wait merging this PR after dhis2/dhis2-rule-engine#81 is merged. Since you removed the simplelogger config tests would get noisy again.

I removed simplelogger dependency from the system, so the file is no longer required.
Now log should follow the rules declared in the log4j files.

What do you think of enforcing/banning simplelogger from being included via https://maven.apache.org/enforcer/enforcer-rules/bannedDependencies.html It can also ban it if coming via transitive dependency 😋 ?

We can ban it, but maybe for now it is an overkill. It was imported just from rule-engine, removing it from there should be enough.

And yes, the change of rule-engine version was not meant to be part of the PR. I rebased and your comment disappeared.

[teleivo]

We can ban it, but maybe for now it is an overkill. It was imported just from rule-engine, removing it from there should be enough.

Every project I worked on that ran on a JVM had messed up logging 😂 😡 😅 Someone just needs to add another dependency and we are back at where we were. Thats why I vote for getting the enforcer in 🥺 I am happy to do it if this issue is already draining. It's a tough, tedious one 😅

Make sense.
I banned it ❌
And it works also for transitive dependencies. Removing the exclude from rule-engine dependency makes the build fail

[teleivo]

@enricocolasante weird it looks like you edited my comment #9302 (comment) 😂

[teleivo]

thank you very much for the enforcer change 😄
nice work!

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication