You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ro...@apache.org on 2014/04/05 17:24:42 UTC
svn commit: r1585100 - /qpid/qpid-parent-pom/trunk/pom.xml
Author: robbie
Date: Sat Apr 5 15:24:42 2014
New Revision: 1585100
URL: http://svn.apache.org/r1585100
Log:
QPID-5048: add a dependency change verifcation profile to the parent pom
Work by me and Andrew MacBean <an...@gmail.com>.
Modified:
qpid/qpid-parent-pom/trunk/pom.xml
Modified: qpid/qpid-parent-pom/trunk/pom.xml
URL: http://svn.apache.org/viewvc/qpid/qpid-parent-pom/trunk/pom.xml?rev=1585100&r1=1585099&r2=1585100&view=diff
==============================================================================
--- qpid/qpid-parent-pom/trunk/pom.xml (original)
+++ qpid/qpid-parent-pom/trunk/pom.xml Sat Apr 5 15:24:42 2014
@@ -528,7 +528,7 @@
<version>${clirr-maven-plugin-version}</version>
</plugin>
- <!-- the below are not in the parent pom -->
+ <!-- the below are not in the parent pom -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
@@ -611,5 +611,142 @@
</repository>
</repositories>
+ <profiles>
+ <profile>
+ <id>dependency-check</id>
+ <!-- Use this profile with the packaging phase, to perform some checks on the module dependencies.
+
+ Verifies that only the explicitly included licences have been used for any compile or runtime dependencies,
+ and additionally for any modules that set 'dependency-change-verification' true also checks for a change in
+ dependencies against a previous reference output that might signal need for updates to LICENSE and/or NOTICE
+ files inlcuded in their binary assembly files.
+ -->
+ <properties>
+ <license-maven-plugin-output-dir>${project.build.directory}/license-maven-plugin</license-maven-plugin-output-dir>
+ <dependency-verification-output-dir>${project.build.directory}/dependency-change-verification</dependency-verification-output-dir>
+ <dependency-verification-generated-file>${dependency-verification-output-dir}/PROCESSED_DEPENDENCIES_INFO</dependency-verification-generated-file>
+ <dependency-verification-reference-file>${basedir}/src/main/assembly/dependency-verification/DEPENDENCIES_REFERENCE</dependency-verification-reference-file>
+ <dependency-change-verification>false</dependency-change-verification>
+ </properties>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>license-maven-plugin</artifactId>
+ <!-- version specified in pluginManagement -->
+ <configuration>
+ <failIfWarning>true</failIfWarning>
+ <excludedScopes>provided</excludedScopes>
+ <outputDirectory>${license-maven-plugin-output-dir}</outputDirectory>
+ <includedLicenses>
+ <includedLicense>Apache Software License, Version 2.0</includedLicense>
+ <includedLicense>The MIT License</includedLicense>
+ <includedLicense>BSD License</includedLicense>
+ <includedLicense>Eclipse Public License - Version 1.0</includedLicense>
+ <includedLicense>Common Public License Version 1.0</includedLicense>
+ <includedLicense>Academic Free License v2.1</includedLicense>
+ </includedLicenses>
+ <licenseMerges>
+ <licenseMerge>Apache Software License, Version 2.0|The Apache Software License, Version 2.0|Apache Software License - Version 2.0|Apache v2|Apache 2</licenseMerge>
+ <licenseMerge>The MIT License|MIT License</licenseMerge>
+ <licenseMerge>BSD License|New BSD</licenseMerge>
+ </licenseMerges>
+ </configuration>
+ <executions>
+ <execution>
+ <id>check-third-party-licensing</id>
+ <phase>prepare-package</phase>
+ <goals>
+ <goal>add-third-party</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <!--version specified in pluginManagement -->
+ <executions>
+ <execution>
+ <id>dependency-change-verification</id>
+ <phase>prepare-package</phase>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ <configuration>
+ <target if="${dependency-change-verification}">
+ <!-- Set the output location for the generated file -->
+ <condition property="dependency-verification-output-file" value="${dependency-verification-reference-file}" else="${dependency-verification-generated-file}">
+ <istrue value="${update-dependency-reference}"/>
+ </condition>
+ <!-- Output the ALv2 header and a title, then append the DEPENDENCIES file contents,
+ processing to strip out the qpid module version info -->
+ <echo>Generating dependency info at: ${dependency-verification-output-file}</echo>
+ <concat destfile="${dependency-verification-output-file}" append="false">
+ <header filtering="no" trimleading="yes">
+ #
+ # Licensed to the Apache Software Foundation (ASF) under one
+ # or more contributor license agreements. See the NOTICE file
+ # distributed with this work for additional information
+ # regarding copyright ownership. The ASF licenses this file
+ # to you under the Apache License, Version 2.0 (the
+ # "License"); you may not use this file except in compliance
+ # with the License. You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing,
+ # software distributed under the License is distributed on an
+ # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ # KIND, either express or implied. See the License for the
+ # specific language governing permissions and limitations
+ # under the License.
+ #
+
+ #// ------------------------------------------------------------------
+ # TRIMMED 3RD PARTY DEPENDENCY INFORMATION FOR MODIFICATION CHECKS
+ #
+ </header>
+ <path path="${project.build.outputDirectory}/META-INF/DEPENDENCIES"/>
+ </concat>
+
+ <replaceregexp file="${dependency-verification-output-file}" flags="gm" replace="">
+ <regexp id="stripqpidcontentheader" pattern="^\/\/\ .*\n|^Qpid\ .*\n"/>
+ </replaceregexp>
+ <replaceregexp file="${dependency-verification-output-file}" flags="gm">
+ <regexp id="stripqpidcontentversions" pattern="(^.*org.apache.qpid:.*:.*):.*"/>
+ <substitution expression="\1"/>
+ </replaceregexp>
+ <!-- Ensure the reference file is present -->
+ <fail message="Dependency info reference file was not present at: ${dependency-verification-reference-file}.
+You can generate an initial reference file by running again with -Dupdate-dependency-reference.">
+ <condition>
+ <not>
+ <available file="${dependency-verification-reference-file}"/>
+ </not>
+ </condition>
+ </fail>
+ <!-- Compare output to the reference file to check they are the same, fail if they arent -->
+ <echo>Comparing to against reference info at: ${dependency-verification-reference-file}</echo>
+ <fail message="Generated dependency info does not match the reference.
+Ensure LICENCE and NOTICE files are correct and then update the reference by running again with -Dupdate-dependency-reference.
+Generated file: '${dependency-verification-output-file}'. Reference file: '${dependency-verification-reference-file}'.">
+ <condition>
+ <not>
+ <filesmatch file1="${dependency-verification-output-file}" file2="${dependency-verification-reference-file}" textfile="true"/>
+ </not>
+ </condition>
+ </fail>
+ </target>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
+ </profiles>
</project>
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org