Rewrite artifact resolution and validate build plug-ins#46
Conversation
- Introduced CompositeSkipper to compose any number of SkipFilters with semantics requiring all SkipFilters to be satisfied. This isolates all logic for checking filters inside the CompositeSkipper. - Moved most logic regarding artifact resolution to ArtifactResolver. - Logic for dependency/plugin signature resolution remains in PGPVerifyMojo, for now.
- Discovers project dependencies. - Discovers build plug-ins. - Discovers dependencies of build plug-ins. - Filters all dependencies using existing skip filters mechanism. - Uses resolved versions as determined by Maven dependency resolution process. - Preserves order of artifact discovering throughout the process for readability.
cobratbq
changed the title
cobratbq
force-pushed
the
rewrite-artifact-resolution
branch
from
dd68795 to
03df59a
Compare
| for (Artifact artifact : artifacts) { | ||
| final Artifact ascArtifact = resolveSignature(artifact, requirement); | ||
|
|
||
| if (ascArtifact != null || requirement == SignatureRequirement.STRICT) { | ||
| artifactToAsc.put(artifact, ascArtifact); | ||
| } | ||
| } |
There was a problem hiding this comment.
maybe java8 strem will be ok
There was a problem hiding this comment.
Are there any concerns?
There was a problem hiding this comment.
Ah, right! I misunderstood your comment. I'll have a look, see if it makes sense. It should be okay.
Maven does not have any other resource that contains build plug-in resolution information, hence if we cannot resolve build plug-ins at first try, there is no retry with different version/specification. Hence, when failing to resolve build plug-in, immediately fail.
|
Please look at build result ... it look like transitive dependencies for projects are not resolved. Current version of plugin check all transitive dependencies. |
|
Thank you for the feedback.
You are correct. I have this fixed, on my local machine. Unfortunately, maven does not help you in the same way to resolve build plug-in dependencies. This is my main focus at the moment. I may split off build dependencies for later time. (With these changes, all IT tests succeed, so no noticable regressions then.)
I am aware. Your IT test caught it, so thank you for that :-). It is tricky as there are multiple ways of resolving plug-ins each with their own disadvantages. Also, in case you had not noticed: the PR is currently a draft. As long as I have it set as draft, it will not be ready to merge. (Just FYI) |
Now using a different mechanism to resolve dependencies and plugins. This mechanism seems to be the intended way in Maven. It does not, however, resolve build plug-in dependencies. This is not implemented at this stage and will need to be added later. The dependency and plugin artifacts already have resolved the leading artifact version. We do perform additional filtering according to configuration.
|
@slawekjaranowski you might want to double-check your multi-threading fix. I seem to still have the occasional |
cobratbq
force-pushed
the
rewrite-artifact-resolution
branch
from
9a69033 to
ba23301
Compare
cobratbq
changed the title
Instead of sharing filters and filtering over all artifacts, we now independently discover and filter dependencies. Then, if necessary according to configuration parameter 'verifyPlugins', discover plugins. Currently, there are no filters specifically for plug-ins. This simplifies the existing SkipFilter implementations, as they need not take into account maven build plug-ins as possible artifacts.
|
@slawekjaranowski you might need to check Travis CI merge request build, because the results seem to be there but the results aren't picked up by the "Travis CI Pull Request" action above. AFAICT, this work is ready to be merged. |
slawekjaranowski
added
code quality
[MRESOLVER-105] update plexus
2 participants
Redesigned artifact dependency resolution (#45), including build plug-in resolution (#5) and further refactoring.
@slawekjaranowski Could you have a look at the approach I've taken now? I've redesigned the artifact resolution to use non-deprecated API. It would help if you can do an early review as you probably know a lot better what is happening than I do, as I haven't done anything with Maven plug-in development up to now.
Functionality:
TODO:
Ensure dependency resolution is transitive.ResolveFIXMEmarkers.Careful examination of error handling.Add unit tests.Fix and extend integration tests.Removefinalfrom arguments.Provide configuration parameters for verifying: build plug-insUpdate copyright years.Re-check ifquietconfiguration parameter is respected in all cases.