You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "Robert Scholte (Jira)" <ji...@apache.org> on 2020/06/14 14:23:00 UTC

[jira] [Commented] (MNG-6562) WARN if plugins injected by default lifecycle bindings don't have their version locked in pom.xml or parent

    [ https://issues.apache.org/jira/browse/MNG-6562?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17135178#comment-17135178 ] 

Robert Scholte commented on MNG-6562:
-------------------------------------

I expect we can use the [inputLocation of the plugin|https://github.com/apache/maven/blob/9567da2bc889a94f5c3b692b4afb310ddbacd6e5/maven-core/src/main/java/org/apache/maven/lifecycle/internal/DefaultLifecyclePluginAnalyzer.java#L146-L151]
Once the plugin is called, we should verify if it was defined in the pom or not based on the location.
I'll look into this.

> WARN if plugins injected by default lifecycle bindings don't have their version locked in pom.xml or parent
> -----------------------------------------------------------------------------------------------------------
>
>                 Key: MNG-6562
>                 URL: https://issues.apache.org/jira/browse/MNG-6562
>             Project: Maven
>          Issue Type: Improvement
>          Components: Plugins and Lifecycle
>    Affects Versions: 3.6.0
>            Reporter: Herve Boutemy
>            Assignee: Herve Boutemy
>            Priority: Major
>             Fix For: 3.7.0
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> Currently, when building from a basic pom.xml:
> {code:xml}<project>
>   <modelVersion>4.0.0</modelVersion>
>   <groupId>com.mycompany.app</groupId>
>   <artifactId>my-app</artifactId>
>   <version>1.0-SNAPSHOT</version>
> </project>{code}
> many plugins are used, but their version is not locked by the user: the default plugins versions depend on Maven version used, which is not stable over different Maven versions.
> Adding a warning for this stability issue will help users know that they need to lock down plugins versions in their pom (or parent), something like:
> {noformat}[WARNING] 
> [WARNING] Some problems were encountered while building the effective model for com.mycompany.app:my-app:jar:1.0-SNAPSHOT
> [WARNING] Version not locked for default bindings plugins [maven-install-plugin, maven-resources-plugin, maven-surefire-plugin, maven-compiler-plugin, maven-jar-plugin, maven-deploy-plugin, maven-site-plugin], you should define versions in pluginManagement section of your pom.xml or parent
> [WARNING] 
> [WARNING] It is highly recommended to fix these problems because they threaten the stability of your build.
> [WARNING] 
> [WARNING] For this reason, future Maven versions might no longer support building such malformed projects.{noformat}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)