gnodet opened a new pull request, #22509: URL: https://github.com/apache/camel/pull/22509
## Summary - Adds [Maveniverse Scalpel](https://github.com/maveniverse/scalpel) as a parallel POM dependency detection mechanism in `incremental-build.sh` - Scalpel compares effective POM models between base and PR branches, catching managed dependencies, plugin version changes, BOM imports, and transitive dependency impacts that the existing grep approach misses - Both methods run in parallel; results are merged (union) before testing. If Scalpel fails, the script falls back to grep-only with no regression ### What this fixes The grep-based approach has 5 structural limitations (documented in CI-ARCHITECTURE.md). For example, when Dependabot bumps `azure-sdk-bom-version` (PR #21744), grep finds only `camel-azure/pom.xml` but **misses all 12 child Azure modules** that inherit via the BOM without explicit `${property}` references. Scalpel catches all of them via effective POM model comparison. ### How it works 1. Temporarily injects Scalpel extension (`0.1.0-SNAPSHOT`) into `.mvn/extensions.xml` 2. Creates a settings file with the Sonatype Central Portal snapshots repository 3. Runs `mvn validate -Dscalpel.mode=report` (~60-90s, no compilation needed) 4. Parses `target/scalpel-report.json` for affected modules, changed properties, managed deps/plugins 5. Merges results with grep detection (union, deduplicated) 6. Restores `extensions.xml` via trap (fail-safe) ### PR comment enhancements The CI comment now shows Scalpel-detected information: changed managed dependencies, changed managed plugins, and a note crediting Scalpel when it contributes to detection. ## Test plan - [ ] Verify Scalpel extension resolves from Sonatype Central Portal snapshots - [ ] Verify report generation and jq parsing on a PR that bumps a version in `parent/pom.xml` - [ ] Verify grep-only fallback when Scalpel fails (e.g., extension resolution failure) - [ ] Compare grep vs Scalpel detection on Dependabot PRs (#22397, #21744) to validate Scalpel catches additional modules - [ ] Verify no regression on PRs with no POM changes (Scalpel step is skipped) 🤖 Generated with [Claude Code](https://claude.com/claude-code) _Claude Code on behalf of Guillaume Nodet_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
