[MDEP-317] - add mojo to analyze invalid exclusions #362
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vbreivik
force-pushed
the
MDEP-317/invalid_exclude
branch
2 times, most recently
from
8d2de4c
to
6410931
Compare
This mojo reports if exclusions are defined on a dependency, but that dependency does not pull in said artifacts.
vbreivik
force-pushed
the
MDEP-317/invalid_exclude
branch
from
6410931
to
11e5055
Compare
|
@vbreivik thanks for idea and PR ... I will try to review in a few days |
I cannot take credit for the idea. I just saw it in Jira and was a bit bored. :) |
slawekjaranowski
requested changes
Mar 22, 2024
src/main/java/org/apache/maven/plugins/dependency/exclusion/Coordinates.java
Show resolved
Hide resolved
src/main/java/org/apache/maven/plugins/dependency/exclusion/ExclusionChecker.java
Outdated
Show resolved
Hide resolved
src/test/java/org/apache/maven/plugins/dependency/exclusion/AnalyzeExclusionsMojoTest.java
Outdated
Show resolved
Hide resolved
src/test/java/org/apache/maven/plugins/dependency/exclusion/AnalyzeExclusionsMojoTest.java
Outdated
Show resolved
Hide resolved
Bumped dependency versions used in invoker test Renamed test from snake_case to camelCase Removed usage of Guava
Aligned test set up with changed in c9e488b
|
@slawekjaranowski I have updated the test that started failing after c9e488b, can you trigger the build again? |
src/main/java/org/apache/maven/plugins/dependency/exclusion/AnalyzeExclusionsMojo.java
Outdated
Show resolved
Hide resolved
- remove fork additional executions - remove clean from test execution
|
I think about extend test with scenario, for multimodule project: root pom - dependencyManagement with exclusion
|
Add testcase for multimodule project with invalid dependency managed exclusion where one of the child modules uses this dependency Add project name in output when violations are found.
vbreivik
force-pushed
the
MDEP-317/invalid_exclude
branch
from
5f8c0be
to
38d34f8
Compare
I added a test case with this scenario. I ended up putting the module name in the warning to make the test more clear. |
src/main/java/org/apache/maven/plugins/dependency/exclusion/AnalyzeExclusionsMojo.java
Outdated
Show resolved
Hide resolved
This time changing the correct parameter, reverting the skip parameter back to its correct value.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This mojo reports if exclusions are defined on a dependency, but that dependency does not pull in said artifacts.
Following this checklist to help us incorporate your
contribution quickly and easily:
for the change (usually before you start working on it). Trivial changes like typos do not
require a JIRA issue. Your pull request should address just this issue, without
pulling in other changes.
[MDEP-XXX] - Fixes bug in ApproximateQuantiles,where you replace
MDEP-XXXwith the appropriate JIRA issue. Best practiceis to use the JIRA issue title in the pull request title and in the first line of the
commit message.
mvn clean verifyto make sure basic checks pass. A more thorough check willbe performed on your pull request automatically.
mvn -Prun-its clean verify).If your pull request is about ~20 lines of code you don't need to sign an
Individual Contributor License Agreement if you are unsure
please ask on the developers list.
To make clear that you license your contribution under
the Apache License Version 2.0, January 2004
you have to acknowledge this by using the following check-box.
I hereby declare this contribution to be licensed under the Apache License Version 2.0, January 2004
In any other case, please file an Apache Individual Contributor License Agreement.
Logs out a warning, alternatively fail when failOnError flag is set, when a dependency defines an exclusion that is not valid.
Some notes
The failOnWarning property is the same property as for analyze, keep it that way or make its own property?
I placed the logic in its own package and made it its own execution, it can be moved to be a part of analyze if wanted. Having it as its own will make upgrading not change current behavior.
The exclusion glob pattern logic is copied from ExclusionArtifactFilter added in maven-core in jira MNG-7843.