Rewrite artifact resolution and validate build plug-ins #46
- Introduced CompositeSkipper to compose any number of SkipFilters with semantics requiring all SkipFilters to be satisfied. This isolates all logic for checking filters inside the CompositeSkipper. - Moved most logic regarding artifact resolution to ArtifactResolver. - Logic for dependency/plugin signature resolution remains in PGPVerifyMojo, for now.
- Discovers project dependencies. - Discovers build plug-ins. - Discovers dependencies of build plug-ins. - Filters all dependencies using existing skip filters mechanism. - Uses resolved versions as determined by Maven dependency resolution process. - Preserves order of artifact discovering throughout the process for readability.
Maven does not have any other resource that contains build plug-in resolution information, hence if we cannot resolve build plug-ins at first try, there is no retry with different version/specification. Hence, when failing to resolve build plug-in, immediately fail.
Thank you for the feedback.
You are correct. I have this fixed, on my local machine. Unfortunately, maven does not help you in the same way to resolve build plug-in dependencies. This is my main focus at the moment. I may split off build dependencies for later time. (With these changes, all IT tests succeed, so no noticable regressions then.)
I am aware. Your IT test caught it, so thank you for that :-). It is tricky as there are multiple ways of resolving plug-ins each with their own disadvantages.
Also, in case you had not noticed: the PR is currently a draft. As long as I have it set as draft, it will not be ready to merge. (Just FYI)
Now using a different mechanism to resolve dependencies and plugins. This mechanism seems to be the intended way in Maven. It does not, however, resolve build plug-in dependencies. This is not implemented at this stage and will need to be added later. The dependency and plugin artifacts already have resolved the leading artifact version. We do perform additional filtering according to configuration.
@slawekjaranowski you might want to double-check your multi-threading fix. I seem to still have the occasional
Instead of sharing filters and filtering over all artifacts, we now independently discover and filter dependencies. Then, if necessary according to configuration parameter 'verifyPlugins', discover plugins. Currently, there are no filters specifically for plug-ins. This simplifies the existing SkipFilter implementations, as they need not take into account maven build plug-ins as possible artifacts.