You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by rf...@apache.org on 2021/01/03 12:09:04 UTC

[maven] 01/05: [MNG-7060] Let build fail fast in case any maven-gpg-plugin goal is called

This is an automated email from the ASF dual-hosted git repository.

rfscholte pushed a commit to branch MNG-7060
in repository https://gitbox.apache.org/repos/asf/maven.git

commit 47eb355facdcc7d027cb0ae51a8ed2b5794d9cdf
Author: rfscholte <rf...@apache.org>
AuthorDate: Wed Dec 30 21:09:24 2020 +0100

    [MNG-7060] Let build fail fast in case any maven-gpg-plugin goal is called
---
 .../maven/lifecycle/internal/builder/BuilderCommon.java | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/maven-core/src/main/java/org/apache/maven/lifecycle/internal/builder/BuilderCommon.java b/maven-core/src/main/java/org/apache/maven/lifecycle/internal/builder/BuilderCommon.java
index c0cd289..70a97ad 100644
--- a/maven-core/src/main/java/org/apache/maven/lifecycle/internal/builder/BuilderCommon.java
+++ b/maven-core/src/main/java/org/apache/maven/lifecycle/internal/builder/BuilderCommon.java
@@ -20,8 +20,10 @@ package org.apache.maven.lifecycle.internal.builder;
  */
 
 import java.util.List;
+import java.util.Optional;
 import java.util.Set;
 import java.util.stream.Collectors;
+import java.util.stream.Stream;
 
 import javax.inject.Inject;
 import javax.inject.Named;
@@ -80,7 +82,6 @@ public class BuilderCommon
     @Inject
     private Logger logger;
 
-
     public BuilderCommon()
     {
     }
@@ -105,6 +106,20 @@ public class BuilderCommon
 
         lifecycleDebugLogger.debugProjectPlan( project, executionPlan );
 
+        // With Maven 4's build/consumer the POM will always rewrite during distribution.
+        // The maven-gpg-plugin uses the original POM, causing an invalid signature.
+        // Fail as long as there's no solution available yet
+        Optional<MojoExecution> gpgMojo = executionPlan.getMojoExecutions().stream()
+                .filter( m -> "org.apache.maven.plugins".equals( m.getGroupId() ) )
+                .filter( m -> "maven-gpg-plugin".equals( m.getArtifactId() ) )
+                .findAny();
+
+        if ( gpgMojo.isPresent() )
+        {
+            throw new LifecycleExecutionException( "The maven-gpg-plugin is not supported by Maven 4."
+                + " Verify if there is a compatible signing solution or use Maven 3" );
+        }
+
         if ( session.getRequest().getDegreeOfConcurrency() > 1 )
         {
             final Set<Plugin> unsafePlugins = executionPlan.getNonThreadSafePlugins();