New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rewrite artifact resolution and validate build plug-ins #46
Rewrite artifact resolution and validate build plug-ins #46
Conversation
- Introduced CompositeSkipper to compose any number of SkipFilters with semantics requiring all SkipFilters to be satisfied. This isolates all logic for checking filters inside the CompositeSkipper. - Moved most logic regarding artifact resolution to ArtifactResolver. - Logic for dependency/plugin signature resolution remains in PGPVerifyMojo, for now.
- Discovers project dependencies. - Discovers build plug-ins. - Discovers dependencies of build plug-ins. - Filters all dependencies using existing skip filters mechanism. - Uses resolved versions as determined by Maven dependency resolution process. - Preserves order of artifact discovering throughout the process for readability.
dd68795
to
03df59a
Compare
for (Artifact artifact : artifacts) { | ||
final Artifact ascArtifact = resolveSignature(artifact, requirement); | ||
|
||
if (ascArtifact != null || requirement == SignatureRequirement.STRICT) { | ||
artifactToAsc.put(artifact, ascArtifact); | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe java8 strem will be ok
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are there any concerns?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, right! I misunderstood your comment. I'll have a look, see if it makes sense. It should be okay.
Maven does not have any other resource that contains build plug-in resolution information, hence if we cannot resolve build plug-ins at first try, there is no retry with different version/specification. Hence, when failing to resolve build plug-in, immediately fail.
Please look at build result ... it look like transitive dependencies for projects are not resolved. Current version of plugin check all transitive dependencies. |
Thank you for the feedback.
You are correct. I have this fixed, on my local machine. Unfortunately, maven does not help you in the same way to resolve build plug-in dependencies. This is my main focus at the moment. I may split off build dependencies for later time. (With these changes, all IT tests succeed, so no noticable regressions then.)
I am aware. Your IT test caught it, so thank you for that :-). It is tricky as there are multiple ways of resolving plug-ins each with their own disadvantages. Also, in case you had not noticed: the PR is currently a draft. As long as I have it set as draft, it will not be ready to merge. (Just FYI) |
Now using a different mechanism to resolve dependencies and plugins. This mechanism seems to be the intended way in Maven. It does not, however, resolve build plug-in dependencies. This is not implemented at this stage and will need to be added later. The dependency and plugin artifacts already have resolved the leading artifact version. We do perform additional filtering according to configuration.
@slawekjaranowski you might want to double-check your multi-threading fix. I seem to still have the occasional |
9a69033
to
ba23301
Compare
Instead of sharing filters and filtering over all artifacts, we now independently discover and filter dependencies. Then, if necessary according to configuration parameter 'verifyPlugins', discover plugins. Currently, there are no filters specifically for plug-ins. This simplifies the existing SkipFilter implementations, as they need not take into account maven build plug-ins as possible artifacts.
@slawekjaranowski you might need to check Travis CI merge request build, because the results seem to be there but the results aren't picked up by the "Travis CI Pull Request" action above. AFAICT, this work is ready to be merged. |
Redesigned artifact dependency resolution (#45), including build plug-in resolution (#5) and further refactoring.
@slawekjaranowski Could you have a look at the approach I've taken now? I've redesigned the artifact resolution to use non-deprecated API. It would help if you can do an early review as you probably know a lot better what is happening than I do, as I haven't done anything with Maven plug-in development up to now.
Functionality:
TODO:
Ensure dependency resolution is transitive.ResolveFIXME
markers.Careful examination of error handling.Add unit tests.Fix and extend integration tests.Removefinal
from arguments.Provide configuration parameters for verifying: build plug-insUpdate copyright years.Re-check ifquiet
configuration parameter is respected in all cases.