New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ignore maven prerequisite when invoking display-plugin-updates goal #195

Closed
glhez opened this Issue Aug 14, 2017 · 11 comments

Comments

Projects
None yet
5 participants
@glhez
Copy link

glhez commented Aug 14, 2017

Since Maven 3.5.0, the prerequisite was deprecated for non plugin project.

This enter in conflict with the version plugin which will base itself on prerequisite to determine the targeted maven version. In case were said prerequisite is not found, the plugin will list all versions from 2.0 to latest as shown below.

This is not practical and I (as an user) would expect the plugin to consider that I'm using Maven 3.5.0 hence my target should be Maven 3.5.0.

$ mvn org.codehaus.mojo:versions-maven-plugin:2.4:display-plugin-updates -N
[INFO] --- versions-maven-plugin:2.4:display-plugin-updates (default-cli) @ parent ---
[INFO]
[INFO] All plugins with a version specified are using the latest versions.
[INFO]
[INFO] All plugins have a version specified.
[INFO]
[WARNING] Project does not define minimum Maven version, default is: 2.0
[INFO] Plugins require minimum Maven version of: 3.0
[INFO]
[ERROR] Project does not define required minimum version of Maven.
[ERROR] Update the pom.xml to contain maven-enforcer-plugin to
[ERROR] force the maven version which is needed to build this project.
[ERROR] See https://maven.apache.org/enforcer/enforcer-rules/requireMavenVersion.html
[ERROR] Using the minimum version of Maven: 3.0
[INFO]
[INFO] Require Maven 2.0.2 to use the following plugin updates:
[INFO]   maven-site-plugin ........................................ 2.0-beta-7
[INFO]
[INFO] Require Maven 2.0.6 to use the following plugin updates:
[INFO]   maven-clean-plugin .............................................. 2.5
[INFO]   maven-deploy-plugin ........................................... 2.8.1
[INFO]   maven-install-plugin .......................................... 2.5.1
[INFO]   maven-site-plugin ............................................. 2.0.1
[INFO]
[INFO] Require Maven 2.1.0 to use the following plugin updates:
[INFO]   maven-site-plugin ............................................. 2.1.1
[INFO]
[INFO] Require Maven 2.2.0 to use the following plugin updates:
[INFO]   maven-site-plugin ............................................... 3.0
[INFO]
[INFO] Require Maven 2.2.1 to use the following plugin updates:
[INFO]   maven-clean-plugin ............................................ 2.6.1
[INFO]   maven-deploy-plugin ........................................... 2.8.2
[INFO]   maven-install-plugin .......................................... 2.5.2
[INFO]   maven-site-plugin ............................................... 3.4
[INFO]
[INFO] Require Maven 3.0 to use the following plugin updates:
[INFO]   maven-clean-plugin ............................................ 3.0.0
[INFO]   maven-site-plugin ............................................... 3.6
@glhez

This comment has been minimized.

Copy link
Author

glhez commented Aug 14, 2017

See PR for a proposed change.
I tested it in local and the result is this one:

  • The pom.xml build part:
  <build>
    <pluginManagement>
      <plugins>
        <plugin> <artifactId>maven-clean-plugin</artifactId>   <version>2.6.2</version> </plugin>
        <plugin> <artifactId>maven-deploy-plugin</artifactId>  <version>2.8.2</version> </plugin>
        <plugin> <artifactId>maven-install-plugin</artifactId> <version>2.5.2</version> </plugin>
        <plugin> <artifactId>maven-site-plugin</artifactId>    <version>3.6</version>   </plugin>
      </plugins>
    </pluginManagement>
  </build>
$ mvn org.codehaus.mojo:versions-maven-plugin:2.5-SNAPSHOT:display-plugin-updates  -N
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building parent 1.0.0
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] --- versions-maven-plugin:2.5-SNAPSHOT:display-plugin-updates (default-cli) @ parent ---
Downloading: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.6.2/maven-clean-plugin-2.6.2.pom
[INFO]
[INFO] The following plugin updates are available:
[INFO]   maven-clean-plugin ................................... 2.6.2 -> 3.0.0
[INFO]
[INFO] All plugins have a version specified.
[INFO]
[INFO] Project inherits minimum Maven version as: 3.5.0
[INFO] Plugins require minimum Maven version of: 3.0
[INFO]
[INFO] No plugins require a newer version of Maven than specified by the pom.
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.470 s
[INFO] Finished at: 2017-08-14T19:31:16+02:00
[INFO] Final Memory: 18M/310M

Side note: I don't see maven-compiler-plugin 3.6.2 with child project using that plugin.

@runeflobakk

This comment has been minimized.

Copy link

runeflobakk commented Aug 23, 2017

I vote for this as well. It is very cumbersome to use the display-plugin-updates goal now.

It is a bit strange that the plugin is obviously aware that one should use the enforcer plugin (not prerequisites, as the equivalent logged error stated in earlier versions) to set the minimum Maven version, but still are not able to detect that it has indeed been configured as documented.

Does the propsed fix resolve the minimum Maven version if it is configured with the enforcer plugin? I still like the intended behavior that the plugin should warn if one has configured a plugin which requires a newer Maven version than required. The display-plugin-updates should be "all green" only in the case of both

  • one has configured maven-enforcer-plugin to require a minimum Maven version
  • all plugins use versions compatible with the minimum Maven version

And then list any updated versions together with, if any, needed updated minimum Maven versions.

@glhez

This comment has been minimized.

Copy link
Author

glhez commented Aug 23, 2017

My change does not try to read maven-enforcer-plugin (I don't use it and I don't know if that is "simple" to implements): it simply read the maven.version system property, which returns the current maven version.

@cowwoc

This comment has been minimized.

Copy link

cowwoc commented Aug 23, 2017

@glhez The point of the original check was to ensure that the pom.xml is valid regardless of who runs it. Checking maven.version doesn't achieve that goal. We need to add a maven-enforced-plugin check, or remove this check altogether.

@glhez

This comment has been minimized.

Copy link
Author

glhez commented Aug 27, 2017

The fix is more about: Maven 3.5.0 deprecated the prerequisite for non plugin project, so what's the default value of a prerequisite? And I think that the current maven version is a pretty good candidate for that.

Using maven-enforcer-plugin requires more work:

  • prerequisite was one minimum version
  • The maven-enforcer-plugin is a version range spanning across a myriad of maven version.
    I guess that the maven-version-plugin already does that and we should restrict the possible maven version against the enforcer range.

But I personally don't see the problem with using maven.version whenever there are no maven-enforcer-plugin:

  • maven-enforcer-plugin would fail with an invalid version. Unless you use a range, you are forced to use a specific version of maven which means you should run the maven-version-plugin with this maven.
  • Do you honestly work with different version of maven on the same repository/branch ? I recon that I work with maven 2 and 3, but they are different branches, different JDK (6/8) and we used the last 3.* baseline. The only case I could see would be a shared parent project across several repositories.
  • Maven is not often updated: Last version 3.5.0 was released two years after the previous. And that's in 3.5.0 that the prerequisite became deprecated.
@cowwoc

This comment has been minimized.

Copy link

cowwoc commented Aug 27, 2017

There is logic to your insanity ;) I withdraw my objection.

@runeflobakk

This comment has been minimized.

Copy link

runeflobakk commented Aug 28, 2017

I also agree with the logic 😃

I would like to add that there is a subtlety with the version range specified for maven-enforcer-plugin: Specifying a version enforces a minimum version. I guess this was implemented as a convenience from the standard version range syntax, as this is probably by far the most common use case.

It would be nice to be able to detect if one is requiring a too old Maven version compared to what the configured plugins require, but maybe this is out of scope here? As an example: I use Maven 3.5 on my machine, but the maven-enforcer-plugin specified Maven 3.0 as the minimum version. Using the versions-maven-plugin I discovered that I had configured a plugin which required Maven 3.0.3. If the versions-maven-plugin used maven.version as the minimum Maven version it would not be able to tell me about this configuration discrepancy.

Of course, if one has not configured a required Maven version using maven-enforcer-plugin, the plugin should probably just assume that one does not care to automatically enforce these version consistencies, and as you say, using maven.version is fine to use. Again, detecting the presence of the enforcer plugin may well be out of scope for this fix.

As a final note (and I digress, I know), I really think it was a bit unfortunate to deprecate the first class use of prerequisites for non-plugin projects, and instead opt for a generic plugin solution for this, as I regard the version requirements of the build tool as an important part of the project definition, and something that is interesting for other tooling (e.g. the versions-maven-plugin) to use.

@glhez

This comment has been minimized.

Copy link
Author

glhez commented Aug 28, 2017

Another solution is to use the fact that the versions-maven-plugin itself use a minimum version.
That would means that people won't be able to get the latest version only if they use a very old maven version (more than two years ?:)).

@dje1990

This comment has been minimized.

Copy link
Contributor

dje1990 commented Sep 26, 2017

I started fixing this but do not have time to complete it. I finished implementing a solution but did not have time to test it manually or complete writing unit or integration tests.
Please see my four commits at https://github.com/dje1990/versions-maven-plugin/commits/master
I do not intend to resume working on this anytime soon, but feel free to view the implementation for inspiration/ideas.
The javadoc of implementation:

/**
 * Finds the minimum Maven version required by a Maven project.
 * Checks for the existence of both the prerequisites.maven property and for maven-enforcer-plugin:enforce goal.
 * Returns null if no minimum version is found.
 * Checks project and it's parents recursively.
 *
 * Pros: works with Maven 3.5.0 which throws a warning if prerequisites.maven is set for a non Maven-Plugin project.
 * Cons: tightly coupled with the maven-enforcer-plugin and the Xpp3Dom configuration tag.
 */

This class would be used instead of the getRequiredMavenVersion(...) method in class DisplayPluginUpdatesMojo.

@rhwood

This comment has been minimized.

Copy link

rhwood commented Oct 22, 2017

Do you honestly work with different version of maven on the same repository/branch ? I recon that I work with maven 2 and 3, but they are different branches, different JDK (6/8) and we used the last 3.* baseline. The only case I could see would be a shared parent project across several repositories.

The CI services that a project I work on uses (AppVeyor and Travis CI) are pre-populated with different versions of maven, and developers are likely to default to using whichever version of maven is available as a package for their chosen platform, so, yes, I know that some projects work with different versions of maven on the same repository.

@glhez

This comment has been minimized.

Copy link
Author

glhez commented Nov 19, 2017

@rhwood: and I'm now wrong: there is a maven 3.5.2. So my guess 'bout Maven not being updated often falls apart. That said, I still think this would be strange to mix this plugin and maven enforcer rules altogether.
The #230 seems good to me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment