maven-dependency-plugin icon indicating copy to clipboard operation
maven-dependency-plugin copied to clipboard

Published 20 hours ago verified publisher icon apache

[MDEP-317] - add mojo to analyze invalid exclusions

Open vbreivik opened this issue 1 year ago • 2 comments

This mojo reports if exclusions are defined on a dependency, but that dependency does not pull in said artifacts.

Following this checklist to help us incorporate your contribution quickly and easily:

  • [x] Make sure there is a JIRA issue filed for the change (usually before you start working on it). Trivial changes like typos do not require a JIRA issue. Your pull request should address just this issue, without pulling in other changes.
  • [x] Each commit in the pull request should have a meaningful subject line and body.
  • [x] Format the pull request title like [MDEP-XXX] - Fixes bug in ApproximateQuantiles, where you replace MDEP-XXX with the appropriate JIRA issue. Best practice is to use the JIRA issue title in the pull request title and in the first line of the commit message.
  • [x] Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
  • [x] Run mvn clean verify to make sure basic checks pass. A more thorough check will be performed on your pull request automatically.
  • [x] You have run the integration tests successfully (mvn -Prun-its clean verify).

If your pull request is about ~20 lines of code you don't need to sign an Individual Contributor License Agreement if you are unsure please ask on the developers list.

To make clear that you license your contribution under the Apache License Version 2.0, January 2004 you have to acknowledge this by using the following check-box.

Logs out a warning, alternatively fail when failOnError flag is set, when a dependency defines an exclusion that is not valid.

Some notes The failOnWarning property is the same property as for analyze, keep it that way or make its own property?

I placed the logic in its own package and made it its own execution, it can be moved to be a part of analyze if wanted. Having it as its own will make upgrading not change current behavior.

The exclusion glob pattern logic is copied from ExclusionArtifactFilter added in maven-core in jira MNG-7843.

vbreivik avatar Jan 01 '24 22:01 vbreivik

@vbreivik thanks for idea and PR ... I will try to review in a few days

slawekjaranowski avatar Mar 21 '24 21:03 slawekjaranowski

@vbreivik thanks for idea and PR ... I will try to review in a few days

I cannot take credit for the idea. I just saw it in Jira and was a bit bored. :)

vbreivik avatar Mar 21 '24 22:03 vbreivik

@slawekjaranowski I have updated the test that started failing after c9e488ba11516aa5b4be22fedd5b109ab11fa32c, can you trigger the build again?

vbreivik avatar Mar 25 '24 16:03 vbreivik

I think about extend test with scenario, for multimodule project:

root pom - dependencyManagement with exclusion

  • child module with using dependency

slawekjaranowski avatar Mar 28 '24 21:03 slawekjaranowski

I think about extend test with scenario, for multimodule project:

root pom - dependencyManagement with exclusion

  • child module with using dependency

I added a test case with this scenario. I ended up putting the module name in the warning to make the test more clear.

vbreivik avatar Mar 30 '24 20:03 vbreivik

Resolve #761

jira-importer avatar Jun 18 '25 07:06 jira-importer