You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by kw...@apache.org on 2022/06/23 18:07:27 UTC
[sling-maven-enforcer-rules] branch feature/requireDependencyScope created (now ba6520f)
This is an automated email from the ASF dual-hosted git repository.
kwin pushed a change to branch feature/requireDependencyScope
in repository https://gitbox.apache.org/repos/asf/sling-maven-enforcer-rules.git
at ba6520f Rule to enforce that all dependencies have an explicitly set scope
This branch includes the following new commits:
new ba6520f Rule to enforce that all dependencies have an explicitly set scope
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[sling-maven-enforcer-rules] 01/01: Rule to enforce that all dependencies have an explicitly set scope
Posted by kw...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
kwin pushed a commit to branch feature/requireDependencyScope
in repository https://gitbox.apache.org/repos/asf/sling-maven-enforcer-rules.git
commit ba6520fb7441f5b6da419a263a9456173f5f129f
Author: Konrad Windszus <kw...@apache.org>
AuthorDate: Thu Jun 23 20:07:23 2022 +0200
Rule to enforce that all dependencies have an explicitly set scope
---
README.md | 47 +++++++++++-
src/it/require-dependency-scope/invoker.properties | 18 +++++
src/it/require-dependency-scope/pom.xml | 87 ++++++++++++++++++++++
src/it/require-dependency-scope/verify.groovy | 22 ++++++
.../enforcer/RequireExplicitDependencyScope.java | 69 +++++++++++++++++
5 files changed, 242 insertions(+), 1 deletion(-)
diff --git a/README.md b/README.md
index a081b5e..cbf7378 100644
--- a/README.md
+++ b/README.md
@@ -68,7 +68,52 @@ All parameters are optional.
</excludes>
</requireProvidedDependenciesInRuntimeClasspath>
</rules>
- <fail>true</fail>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+ [...]
+</project>
+```
+
+### Require Explicit Dependency Scope
+
+Checks that all dependencies have an explicitly declared scope in the non-effective pom (i.e. without taking inheritance or dependency management into account). Useful in case when the scope is no longer part of the dependencyManagement or in general to force making developers a distinct decision (prevents the default scope compile from being used for test dependencies)
+
+#### Parameters
+
+This rule does not support any parameters.
+
+#### Sample Plugin Configuration:
+
+```
+<project>
+ [...]
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-enforcer-plugin</artifactId>
+ <version>3.0.0</version>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>maven-enforcer-rules</artifactId>
+ <version>LATEST</version>
+ </dependency>
+ </dependencies>
+ <executions>
+ <execution>
+ <id>require-explicit-dependency-scope</id>
+ <goals>
+ <goal>enforce</goal>
+ </goals>
+ <configuration>
+ <rules>
+ <requireExplicitDependencyScope implementation="org.apache.sling.maven.enforcer.RequireExplicitDependencyScope" />
+ </rules>
</configuration>
</execution>
</executions>
diff --git a/src/it/require-dependency-scope/invoker.properties b/src/it/require-dependency-scope/invoker.properties
new file mode 100644
index 0000000..c19c711
--- /dev/null
+++ b/src/it/require-dependency-scope/invoker.properties
@@ -0,0 +1,18 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+invoker.buildResult = failure
\ No newline at end of file
diff --git a/src/it/require-dependency-scope/pom.xml b/src/it/require-dependency-scope/pom.xml
new file mode 100644
index 0000000..a6b4d51
--- /dev/null
+++ b/src/it/require-dependency-scope/pom.xml
@@ -0,0 +1,87 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <groupId>org.apache.sling.maven.enforcer.it</groupId>
+ <artifactId>require-explicit-dependency-scope</artifactId>
+ <packaging>pom</packaging>
+ <version>@project.version@</version>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-enforcer-plugin</artifactId>
+ <version>3.0.0</version>
+ <dependencies>
+ <dependency>
+ <groupId>@project.groupId@</groupId>
+ <artifactId>@project.artifactId@</artifactId>
+ <version>@project.version@</version>
+ </dependency>
+ </dependencies>
+ <executions>
+ <execution>
+ <id>require-dependency-scope</id>
+ <goals>
+ <goal>enforce</goal>
+ </goals>
+ <configuration>
+ <rules>
+ <requireExplicitDependencyScope
+ implementation="org.apache.sling.maven.enforcer.RequireExplicitDependencyScope" />
+ </rules>
+ <fail>true</fail>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencyManagement>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.jackrabbit.vault</groupId>
+ <artifactId>vault-cli</artifactId>
+ <version>3.6.0</version>
+ <scope>provided</scope>
+ </dependency>
+ </dependencies>
+ </dependencyManagement>
+ <dependencies>
+ <!-- missing explicit scope -->
+ <dependency>
+ <groupId>org.apache.jackrabbit.vault</groupId>
+ <artifactId>vault-cli</artifactId>
+ </dependency>
+
+ <!-- test scope -->
+ <dependency>
+ <groupId>org.hamcrest</groupId>
+ <artifactId>hamcrest</artifactId>
+ <version>2.2</version>
+ <scope>test</scope>
+ </dependency>
+
+ </dependencies>
+</project>
\ No newline at end of file
diff --git a/src/it/require-dependency-scope/verify.groovy b/src/it/require-dependency-scope/verify.groovy
new file mode 100644
index 0000000..6140965
--- /dev/null
+++ b/src/it/require-dependency-scope/verify.groovy
@@ -0,0 +1,22 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+File buildLog = new File(basedir, 'build.log')
+assert buildLog.text.contains('Found 1 missing dependency scope. Look at the warnings emitted above for the details.')
+assert buildLog.text.contains('[WARNING] Dependency org.apache.jackrabbit.vault:vault-cli:jar does not have an explicit scope defined!')
+assert true
\ No newline at end of file
diff --git a/src/main/java/org/apache/sling/maven/enforcer/RequireExplicitDependencyScope.java b/src/main/java/org/apache/sling/maven/enforcer/RequireExplicitDependencyScope.java
new file mode 100644
index 0000000..ddeeb1c
--- /dev/null
+++ b/src/main/java/org/apache/sling/maven/enforcer/RequireExplicitDependencyScope.java
@@ -0,0 +1,69 @@
+package org.apache.sling.maven.enforcer;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+import java.text.ChoiceFormat;
+import java.util.List;
+
+import javax.annotation.Nonnull;
+
+import org.apache.maven.enforcer.rule.api.EnforcerRule2;
+import org.apache.maven.enforcer.rule.api.EnforcerRuleException;
+import org.apache.maven.enforcer.rule.api.EnforcerRuleHelper;
+import org.apache.maven.model.Dependency;
+import org.apache.maven.plugins.enforcer.AbstractNonCacheableEnforcerRule;
+import org.apache.maven.project.MavenProject;
+import org.apache.maven.shared.utils.logging.MessageBuilder;
+import org.apache.maven.shared.utils.logging.MessageUtils;
+import org.codehaus.plexus.component.configurator.expression.ExpressionEvaluationException;
+
+/**
+ * Checks that all dependencies have an explicitly declared scope in the non-effective pom (i.e. without taking inheritance or dependency management into account)/
+ */
+public class RequireExplicitDependencyScope extends AbstractNonCacheableEnforcerRule implements EnforcerRule2 {
+
+ @Override
+ public void execute(@Nonnull EnforcerRuleHelper helper) throws EnforcerRuleException {
+ try {
+ int numMissingDependencyScopes = 0;
+ MavenProject project = (MavenProject) helper.evaluate("${project}");
+ if (project == null) {
+ throw new ExpressionEvaluationException("Project is being null");
+ }
+ List<Dependency> dependencies = project.getOriginalModel().getDependencies(); // this is the non-effective model but the original one without inheritance and interpolation resolved
+ // check scope without considering inheritance
+ for (Dependency dependency : dependencies) {
+ if (dependency.getScope() == null) {
+ MessageBuilder msgBuilder = MessageUtils.buffer();
+ helper.getLog().warn(msgBuilder.a("Dependency ").strong(dependency.getManagementKey()).a(" does not have an explicit scope defined!").toString());
+ numMissingDependencyScopes++;
+ }
+ }
+ if (numMissingDependencyScopes > 0) {
+ ChoiceFormat scopesFormat = new ChoiceFormat("1#scope|1.0<scopes");
+ throw new EnforcerRuleException("Found " + numMissingDependencyScopes + " missing dependency " + scopesFormat.format(numMissingDependencyScopes) + ". Look at the warnings emitted above for the details.");
+ }
+ } catch (ExpressionEvaluationException eee) {
+ throw new EnforcerRuleException("Unable to retrieve Maven project ", eee);
+ }
+ }
+
+}