Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.
Sign upRewrite artifact resolution and validate build plug-ins #46
Conversation
- Introduced CompositeSkipper to compose any number of SkipFilters with semantics requiring all SkipFilters to be satisfied. This isolates all logic for checking filters inside the CompositeSkipper. - Moved most logic regarding artifact resolution to ArtifactResolver. - Logic for dependency/plugin signature resolution remains in PGPVerifyMojo, for now.
- Discovers project dependencies. - Discovers build plug-ins. - Discovers dependencies of build plug-ins. - Filters all dependencies using existing skip filters mechanism. - Uses resolved versions as determined by Maven dependency resolution process. - Preserves order of artifact discovering throughout the process for readability.
cobratbq
changed the title
cobratbq
force-pushed the
cobratbq:rewrite-artifact-resolution
branch
from
dd68795
to
03df59a
| for (Artifact artifact : artifacts) { | ||
| final Artifact ascArtifact = resolveSignature(artifact, requirement); | ||
|
|
||
| if (ascArtifact != null || requirement == SignatureRequirement.STRICT) { | ||
| artifactToAsc.put(artifact, ascArtifact); | ||
| } | ||
| } |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
cobratbq
Nov 19, 2019
Author
Contributor
Ah, right! I misunderstood your comment. I'll have a look, see if it makes sense. It should be okay.
Maven does not have any other resource that contains build plug-in resolution information, hence if we cannot resolve build plug-ins at first try, there is no retry with different version/specification. Hence, when failing to resolve build plug-in, immediately fail.
This comment has been minimized.
This comment has been minimized.
|
Please look at build result ... it look like transitive dependencies for projects are not resolved. Current version of plugin check all transitive dependencies. |
This comment has been minimized.
This comment has been minimized.
|
Thank you for the feedback.
You are correct. I have this fixed, on my local machine. Unfortunately, maven does not help you in the same way to resolve build plug-in dependencies. This is my main focus at the moment. I may split off build dependencies for later time. (With these changes, all IT tests succeed, so no noticable regressions then.)
I am aware. Your IT test caught it, so thank you for that :-). It is tricky as there are multiple ways of resolving plug-ins each with their own disadvantages. Also, in case you had not noticed: the PR is currently a draft. As long as I have it set as draft, it will not be ready to merge. (Just FYI) |
Now using a different mechanism to resolve dependencies and plugins. This mechanism seems to be the intended way in Maven. It does not, however, resolve build plug-in dependencies. This is not implemented at this stage and will need to be added later. The dependency and plugin artifacts already have resolved the leading artifact version. We do perform additional filtering according to configuration.
This comment has been minimized.
This comment has been minimized.
|
@slawekjaranowski you might want to double-check your multi-threading fix. I seem to still have the occasional |
cobratbq
force-pushed the
cobratbq:rewrite-artifact-resolution
branch
from
9a69033
to
ba23301
cobratbq
changed the title
Instead of sharing filters and filtering over all artifacts, we now independently discover and filter dependencies. Then, if necessary according to configuration parameter 'verifyPlugins', discover plugins. Currently, there are no filters specifically for plug-ins. This simplifies the existing SkipFilter implementations, as they need not take into account maven build plug-ins as possible artifacts.
This comment has been minimized.
This comment has been minimized.
|
@slawekjaranowski you might need to check Travis CI merge request build, because the results seem to be there but the results aren't picked up by the "Travis CI Pull Request" action above. AFAICT, this work is ready to be merged. |
cobratbq commentedNov 18, 2019
•
edited
Redesigned artifact dependency resolution (#45), including build plug-in resolution (#5) and further refactoring.
@slawekjaranowski Could you have a look at the approach I've taken now? I've redesigned the artifact resolution to use non-deprecated API. It would help if you can do an early review as you probably know a lot better what is happening than I do, as I haven't done anything with Maven plug-in development up to now.
Functionality:
TODO:
Ensure dependency resolution is transitive.ResolveFIXMEmarkers.Careful examination of error handling.Add unit tests.Fix and extend integration tests.Removefinalfrom arguments.Provide configuration parameters for verifying: build plug-insUpdate copyright years.Re-check ifquietconfiguration parameter is respected in all cases.