Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rewrite artifact resolution and validate build plug-ins #46

Merged
merged 28 commits into from Nov 25, 2019

Conversation

@cobratbq
Copy link
Contributor

cobratbq commented Nov 18, 2019

Redesigned artifact dependency resolution (#45), including build plug-in resolution (#5) and further refactoring.

@slawekjaranowski Could you have a look at the approach I've taken now? I've redesigned the artifact resolution to use non-deprecated API. It would help if you can do an early review as you probably know a lot better what is happening than I do, as I haven't done anything with Maven plug-in development up to now.

Functionality:

  • Dependency version resolution by Maven.
  • Artifacts of type:
    • project dependencies
    • build plug-ins (NOTE: build plug-in dependencies are not yet validated.)
  • Artifacts resolved according to information in MavenProject contents, then updated according to maven's dependency resolution mechanism, for those dependencies that have been resolved.
  • Artifacts processed in determinate order for readability.
  • Version as defined in dependency-management sections should have been preprocessed by Maven, so should transparently be respected.

TODO:

  • Ensure dependency resolution is transitive.
  • Resolve FIXME markers.
  • Careful examination of error handling.
  • Add unit tests.
  • Fix and extend integration tests.
  • Determine whether or not this solves #24.
  • Remove final from arguments.
  • Provide configuration parameters for verifying: build plug-ins
  • Update copyright years.
  • Re-check if quiet configuration parameter is respected in all cases.
cobratbq added 5 commits Nov 16, 2019
- Introduced CompositeSkipper to compose any number of SkipFilters with
semantics requiring all SkipFilters to be satisfied. This isolates all
logic for checking filters inside the CompositeSkipper.
- Moved most logic regarding artifact resolution to ArtifactResolver.
- Logic for dependency/plugin signature resolution remains in
PGPVerifyMojo, for now.
- Discovers project dependencies.
- Discovers build plug-ins.
- Discovers dependencies of build plug-ins.
- Filters all dependencies using existing skip filters mechanism.
- Uses resolved versions as determined by Maven dependency resolution process.
- Preserves order of artifact discovering throughout the process for readability.
@cobratbq cobratbq changed the title Rewrite artifact resolution Rewrite artifact resolution and validate build plug-ins and their dependencies Nov 18, 2019
@cobratbq cobratbq force-pushed the cobratbq:rewrite-artifact-resolution branch from dd68795 to 03df59a Nov 18, 2019
for (Artifact artifact : artifacts) {
final Artifact ascArtifact = resolveSignature(artifact, requirement);

if (ascArtifact != null || requirement == SignatureRequirement.STRICT) {
artifactToAsc.put(artifact, ascArtifact);
}
}
Comment on lines +126 to +132

This comment has been minimized.

Copy link
@slawekjaranowski

slawekjaranowski Nov 18, 2019

Contributor

maybe java8 strem will be ok

This comment has been minimized.

Copy link
@cobratbq

cobratbq Nov 19, 2019

Author Contributor

Are there any concerns?

This comment has been minimized.

Copy link
@cobratbq

cobratbq Nov 19, 2019

Author Contributor

Ah, right! I misunderstood your comment. I'll have a look, see if it makes sense. It should be okay.

cobratbq added 8 commits Nov 19, 2019
Maven does not have any other resource that contains build plug-in
resolution information, hence if we cannot resolve build plug-ins at
first try, there is no retry with different version/specification.
Hence, when failing to resolve build plug-in, immediately fail.
@slawekjaranowski

This comment has been minimized.

Copy link
Contributor

slawekjaranowski commented Nov 21, 2019

Please look at build result ... it look like transitive dependencies for projects are not resolved.

Current version of plugin check all transitive dependencies.

@cobratbq

This comment has been minimized.

Copy link
Contributor Author

cobratbq commented Nov 21, 2019

Thank you for the feedback.

Please look at build result ... it look like transitive dependencies for projects are not resolved.

You are correct. I have this fixed, on my local machine. Unfortunately, maven does not help you in the same way to resolve build plug-in dependencies. This is my main focus at the moment. I may split off build dependencies for later time. (With these changes, all IT tests succeed, so no noticable regressions then.)

Current version of plugin check all transitive dependencies.

I am aware. Your IT test caught it, so thank you for that :-). It is tricky as there are multiple ways of resolving plug-ins each with their own disadvantages.

Also, in case you had not noticed: the PR is currently a draft. As long as I have it set as draft, it will not be ready to merge. (Just FYI)

Now using a different mechanism to resolve dependencies and plugins.
This mechanism seems to be the intended way in Maven. It does not,
however, resolve build plug-in dependencies. This is not implemented at
this stage and will need to be added later.

The dependency and plugin artifacts already have resolved the leading
artifact version. We do perform additional filtering according to
configuration.
@cobratbq

This comment has been minimized.

Copy link
Contributor Author

cobratbq commented Nov 21, 2019

@slawekjaranowski you might want to double-check your multi-threading fix. I seem to still have the occasional NullPointerException while retrieving PGP keys. I'll copy a stack trace next time I have the issue. (It could be related to my own changes of course, but I don't believe I have touched these regions of code.)

@cobratbq cobratbq force-pushed the cobratbq:rewrite-artifact-resolution branch from 9a69033 to ba23301 Nov 23, 2019
cobratbq added 8 commits Nov 23, 2019
…ignature.
@cobratbq cobratbq marked this pull request as ready for review Nov 23, 2019
@cobratbq cobratbq changed the title Rewrite artifact resolution and validate build plug-ins and their dependencies Rewrite artifact resolution and validate build plug-ins Nov 23, 2019
Instead of sharing filters and filtering over all artifacts, we now
independently discover and filter dependencies. Then, if necessary
according to configuration parameter 'verifyPlugins', discover plugins.
Currently, there are no filters specifically for plug-ins.
This simplifies the existing SkipFilter implementations, as they need
not take into account maven build plug-ins as possible artifacts.
cobratbq added 3 commits Nov 25, 2019
@cobratbq

This comment has been minimized.

Copy link
Contributor Author

cobratbq commented Nov 25, 2019

@slawekjaranowski you might need to check Travis CI merge request build, because the results seem to be there but the results aren't picked up by the "Travis CI Pull Request" action above.

AFAICT, this work is ready to be merged.

@slawekjaranowski slawekjaranowski added this to the v1.5.0 milestone Nov 25, 2019
@slawekjaranowski slawekjaranowski merged commit 40266ac into s4u:master Nov 25, 2019
2 of 3 checks passed
2 of 3 checks passed
Travis CI - Pull Request Build Created
Details
SonarCloud Code Analysis Quality Gate passed
Details
Travis CI - Pull Request Build Passed
Details
@cobratbq cobratbq deleted the cobratbq:rewrite-artifact-resolution branch Nov 25, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants
You can’t perform that action at this time.