Update Maven Enforcer, add Animal Sniffer and Test annotations #14
Conversation
The most of the configurations come from Plugin POM. In longer term we need to merge two POMs somehow (e.g. make this POM a parent for Plugin POM), but now I just moved the common Enforcer and Animal Sniffer checks
|
This pull request originates from a CloudBees employee. At CloudBees, we require that all pull requests be reviewed by other CloudBees employees before we seek to have the change accepted. If you want to learn more about our process please see this explanation. |
|
Hmm... @olamy @aheritier Is is as designed In Apache? Meven Embedded 3.5.0 bundles Maven Core 3.3.1 |
|
Nope it's strange
Le mar. 8 août 2017 à 12:12, Oleg Nenashev <notifications@github.com> a
écrit :
Hmm... @olamy <https://github.com/olamy> @aheritier
<https://github.com/aheritier> Is is as designed In Apache? Meven
Embedded 3.5.0 bundles Maven Core 3.3.1
+-org.jenkins-ci.main.maven:maven35-agent:1.12-SNAPSHOT
+-org.apache.maven:maven-embedder:3.5.0
+-org.apache.maven:maven-core:3.3.1
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#14 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAKqCEhSHMI6BY5g7CEL_kJ5iPP-Igz4ks5sWDSYgaJpZM4Owdz->
.
--
-----
Arnaud Héritier
http://aheritier.net
Mail/GTalk: aheritier AT gmail DOT com
Twitter/Skype : aheritier
|
|
@aheritier Yes, my guess, it's a bug in Apache Maven Embedder dependencies. In jenkinsci/maven-interceptors#12 I made the things working, but I will definitely raise a defect to the MEMBEDDER |
pom.xml
Outdated
| <!-- findbugs dep managed to provided and optional so is not shipped and missing annotations ok --> | ||
| <exclude>com.google.code.findbugs:annotations</exclude> | ||
| </excludes> | ||
| <!-- To add exclusions in a Jenkins plugin, use: |
There was a problem hiding this comment.
component, generally not a Jenkins plugin
There was a problem hiding this comment.
Agreed, will patch
pom.xml
Outdated
| --> | ||
| <requireReleaseDeps> | ||
| <message>No Snapshots Allowed For Release Versions</message> | ||
| <onlyWhenRelease>true</onlyWhenRelease> |
There was a problem hiding this comment.
Note that maven-release-plugin enforces this on its own anyway.
pom.xml
Outdated
|
|
||
| <!-- TODO: Disabled. Ideally it should be enforced for ANY library bundled into the Jenkins core, | ||
| But right now there no good way to determine whether it is bundled or not. | ||
| It should be done via profles somehow |
There was a problem hiding this comment.
I do not see any need for profiles for this.
There was a problem hiding this comment.
What would be your proposal?
There was a problem hiding this comment.
Any module, or intermediate parent POM, which requires bannedDependencies can add it on its own. Anyway
- the list of
excludesis unlikely to be sharable across classes of modules (it makes sense inplugin-pom) - a module POM cannot inherit a profile from its parent in a way that would be useful here (since you cannot activate it automatically; longstanding Maven limitation)
Just delete the commented-out block IMO.
There was a problem hiding this comment.
We could add another parent POM for in-Jenkins components. Everybody likes Russian dolls, right? :/
There was a problem hiding this comment.
Created https://issues.jenkins-ci.org/browse/JENKINS-46237 for it in order to follow-up later
There was a problem hiding this comment.
Some minor complaints. More broadly, this needs downstream PRs demonstrating the effect on the most important consumers: jenkinsci/jenkins/pom.xml, plugin-pom/pom.xml, and some representative plugin using plugin-pom. Presumably the direct downstream PRs should be able to delete a bunch of now-redundant configuration.
pom.xml
Outdated
| </dependency> | ||
| </dependencies> | ||
| </dependencyManagement> | ||
| <dependencies> |
There was a problem hiding this comment.
Never add any dependencies to a parent POM unless (like plugin-pom) it is designed solely for a specific packaging and class of module. A module using this parent may add the dependency if it wants it.
pom.xml
Outdated
| <groupId>org.codehaus.mojo</groupId> | ||
| <artifactId>animal-sniffer-annotations</artifactId> | ||
| <scope>provided</scope> | ||
| <optional>true</optional><!-- no need to have this at runtime --> |
There was a problem hiding this comment.
Is there a purpose in being both provided and optional? I see that plugin-pom does this but I wonder if it is a mistake. @stephenc would know best.
There was a problem hiding this comment.
provided should be enough but I have a doubt. Maybe a hack used in others cases (maybe with the maven-hpi-plugin)
pom.xml
Outdated
| <dependency> | ||
| <groupId>org.jenkins-ci</groupId> | ||
| <artifactId>test-annotations</artifactId> | ||
| <version>${test-annotations.version}</version> |
There was a problem hiding this comment.
This would be a natural candidate for dependencyManagement.
There was a problem hiding this comment.
No strong opinion. It seems to be useful to have it in all projects inheriting from this POM. In plugin POM we ship multiple deps in such way as well.
There was a problem hiding this comment.
I agree with @jglick advice to never add a dep in such high level pom because you cannot remove them in children. This is a mandatory rule for compile deps. For deps and provided like here it could be an exception I think.
There was a problem hiding this comment.
Note that plugin POM already adds a test dependency for Test Annotations: https://github.com/jenkinsci/plugin-pom/blob/master/pom.xml#L244-L247
I will move it to the dependency management for now
pom.xml
Outdated
| <version>(,3.0),[3.0.4,)</version> | ||
| <message>Build with Maven 3.0.4 or later. Maven 3.0 through 3.0.3 inclusive do not pass correct settings.xml to Maven Release Plugin.</message> | ||
| <version>[3.1.0,)</version> | ||
| <message>3.1.0 required at least.</message> |
There was a problem hiding this comment.
3.1.0 is pretty old; feel free to go older. (What do we actually test with?)
There was a problem hiding this comment.
3.1.0 is pretty old; feel free to go older
Did you mean to write this?
There was a problem hiding this comment.
By default the build on my machine runs with 3.3.3.
Requesting 3.3.9 or above could be reasonable.
There was a problem hiding this comment.
yes let's start at 3.3.9 nowadays.
pom.xml
Outdated
|
|
||
| <!-- TODO: Disabled. Ideally it should be enforced for ANY library bundled into the Jenkins core, | ||
| But right now there no good way to determine whether it is bundled or not. | ||
| It should be done via profles somehow |
There was a problem hiding this comment.
Any module, or intermediate parent POM, which requires bannedDependencies can add it on its own. Anyway
- the list of
excludesis unlikely to be sharable across classes of modules (it makes sense inplugin-pom) - a module POM cannot inherit a profile from its parent in a way that would be useful here (since you cannot activate it automatically; longstanding Maven limitation)
Just delete the commented-out block IMO.
pom.xml
Outdated
| <dependency> | ||
| <groupId>org.codehaus.mojo</groupId> | ||
| <artifactId>extra-enforcer-rules</artifactId> | ||
| <version>1.0-beta-4</version> |
There was a problem hiding this comment.
BTW 1.0-beta-6 is available. But beta 4 has the critical NPE fix.
Plugin POM does not inherit from this POM. As I said in the PR description, it should be done at some point, but now these POMs are independent (which is weird) |
pom.xml
Outdated
| <groupId>org.codehaus.mojo</groupId> | ||
| <artifactId>animal-sniffer-annotations</artifactId> | ||
| <scope>provided</scope> | ||
| <optional>true</optional><!-- no need to have this at runtime --> |
There was a problem hiding this comment.
provided should be enough but I have a doubt. Maybe a hack used in others cases (maybe with the maven-hpi-plugin)
pom.xml
Outdated
| <dependency> | ||
| <groupId>org.jenkins-ci</groupId> | ||
| <artifactId>test-annotations</artifactId> | ||
| <version>${test-annotations.version}</version> |
There was a problem hiding this comment.
I agree with @jglick advice to never add a dep in such high level pom because you cannot remove them in children. This is a mandatory rule for compile deps. For deps and provided like here it could be an exception I think.
pom.xml
Outdated
| <version>(,3.0),[3.0.4,)</version> | ||
| <message>Build with Maven 3.0.4 or later. Maven 3.0 through 3.0.3 inclusive do not pass correct settings.xml to Maven Release Plugin.</message> | ||
| <version>[3.1.0,)</version> | ||
| <message>3.1.0 required at least.</message> |
There was a problem hiding this comment.
yes let's start at 3.3.9 nowadays.
|
@jglick @aheritier Created pull requests to Jenkins core and Remoting as a reference. The work on my machine (c). |
But should not the switch to have |
|
@jglick Done. I would rather vote for having common dependencies declared in Maven POM, but maybe I should google for "Thinking in Maven" first |
|
@reviewbybees done |
|
I am about landing and releasing it to unblock the Maven plugin patches. Will do it on the evening if there is no -1s |
| <version>(,3.0),[3.0.4,)</version> | ||
| <message>Build with Maven 3.0.4 or later. Maven 3.0 through 3.0.3 inclusive do not pass correct settings.xml to Maven Release Plugin.</message> | ||
| <version>[3.3.9,)</version> | ||
| <message>3.3.9 is required at least.</message> |
There was a problem hiding this comment.
BTW was there any specific reason for this bump, or just to be on the safe side?
There was a problem hiding this comment.
See the discission in #14 (comment) . No specific reason for this version
The most of the configurations come from Plugin POM. In longer term we need to merge two POMs somehow (e.g. make this POM a parent for Plugin POM), but now I just moved the common Enforcer and Animal Sniffer checks
Downstream PRs:
@reviewbybees esp. @jglick since it enforces upper bounds in Jenkins core && may collide with jenkinsci/jenkins#2956