remove dependency on org.reflections

[jsvd]

This removes the annoying log info:

[2025-10-14T16:46:35,085][INFO ][org.reflections.Reflections] Reflections took 44 ms to scan 1 urls, producing 149 keys and 523 values

Given we only use reflectiong to grab locally installed java plugin classes by annotation, we implement here a tiny scanner to do the same, and then we can remove the dependency.

exhaustive test suite run: https://buildkite.com/elastic/logstash-exhaustive-tests-pipeline/builds/2701/steps/canvas

[github-actions]

🤖 GitHub comments

Expand to view the GitHub comments

Just comment with:

• run docs-build : Re-trigger the docs validation. (use unformatted text in the comment!)

[mergify]

This pull request does not have a backport label. Could you fix it @jsvd? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

• backport-8./d is the label to automatically backport to the 8./d branch. /d is the digit.
• If no backport is necessary, please add the backport-skip label

[elasticmachine]

💛 Build succeeded, but was flaky

• Buildkite Build
• Commit: 26942ce

Failed CI Steps

• 🥼 IT Persistent Queues / part 4-of-6

[Copilot]

Pull Request Overview

This PR removes the dependency on org.reflections library and replaces it with a custom lightweight package scanner. The change eliminates verbose logging from the reflections library while maintaining the same plugin discovery functionality.

Key Changes:

• Implemented a custom PackageScanner class to scan for annotated plugin classes
• Refactored PluginRegistry to use the new scanner instead of the reflections library
• Removed the org.reflections:reflections dependency from build configuration and licensing files

Reviewed Changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
logstash-core/src/main/java/org/logstash/plugins/discovery/PackageScanner.java	New custom scanner implementation for finding annotated classes in packages
logstash-core/src/main/java/org/logstash/plugins/discovery/PluginRegistry.java	Updated to use PackageScanner instead of reflections library, simplified plugin discovery logic
logstash-core/src/test/java/org/logstash/plugins/discovery/PluginRegistryTest.java	New test suite verifying plugin discovery works for built-in plugins
logstash-core/build.gradle	Removed org.reflections:reflections dependency
tools/dependencies-report/src/main/resources/licenseMapping.csv	Removed license mapping entry for reflections
tools/dependencies-report/src/main/resources/notices/org.reflections!reflections-NOTICE.txt	Removed license notice file
NOTICE.TXT	Removed reflections library attribution

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

The check resource.toString().contains(\"!\") is fragile and could match false positives. Consider using a more robust approach to detect JAR URLs, such as checking if the URL can be cast to JarURLConnection.

Suggested change

	} else if ("jar".equals(protocol) || resource.toString().contains("!")) {
	scanJar(resource, resourcePath, classNames);
	} else if ("jar".equals(protocol)) {
	scanJar(resource, resourcePath, classNames);
	} else {
	// Attempt to detect JAR resources more robustly
	try {
	if (resource.openConnection() instanceof JarURLConnection) {
	scanJar(resource, resourcePath, classNames);
	}
	} catch (IOException e) {
	throw new UncheckedIOException("Failed to open connection for resource: " + resource, e);
	}

[Copilot]

[nitpick] Consider adding a comment explaining why caching is disabled for JAR connections, as this may have performance implications during plugin discovery.

Suggested change

	JarURLConnection connection = (JarURLConnection) resource.openConnection();
	JarURLConnection connection = (JarURLConnection) resource.openConnection();
	// Disable caching to prevent file locking issues (especially on Windows) and to ensure
	// that the JAR file can be closed and deleted after use.

[Copilot]

The null check for annotation at line 87 is redundant since scanForAnnotation already filters for classes with the LogstashPlugin annotation. This check can be removed to simplify the code.

Suggested change

	if (annotation == null) {
	continue;
	}