You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@maven.apache.org by "Paolo.Mosna" <pa...@gmail.com> on 2009/07/06 15:27:50 UTC
Maven dependency check
Dear folks, I'm using Maven (and maven-ant-task) to check project
dependencies.
I have a project A-1.0.0 which depends by an artifact B-1.0.0 and C-1.0.1.
At the same time artifact B-1.0.0 depends by artifact C-1.0.0.
Artifacts C-1.0.0 and C-1.0.1 are not interchangeable, so or I use version
1.0.0 or version 1.0.1.
I cannot use them altogether.
Here is the pom.xml for project A-1.0.0:
<project>
<modelVersion>4.0.0</modelVersion>
<groupId>A</groupId>
<artifactId>A</artifactId>
<name>hsfdk</name>
<version>1.0.0</version>
<dependencies>
<dependency>
<groupId>C</groupId>
<artifactId>C</artifactId>
<version>1.0.1</version>
<type>dll</type>
<scope>compile</scope>
<optional>false</optional>
</dependency>
<dependency>
<groupId>B</groupId>
<artifactId>B</artifactId>
<version>1.0.0</version>
<type>ocx</type>
<scope>runtime</scope>
<optional>false</optional>
</dependency>
</dependencies>
</project>
Follow pom.xml for artifact B-1.0.0
<project>
<modelVersion>4.0.0</modelVersion>
<groupId>B</groupId>
<artifactId>B</artifactId>
<name>B</name>
<version>1.0.0</version>
<dependencies>
<dependency>
<groupId>C</groupId>
<artifactId>C</artifactId>
<version>1.0.0</version>
<type>dll</type>
<scope>runtime</scope>
<optional>false</optional>
</dependency>
</dependencies>
</project>
Is there a way to intercept the dependency problem I have in this case?
I did try with dependency plug-in but I get the following output:
$ mvn dependency:analyze-dep-mgt
[INFO] Scanning for projects...
[INFO] Searching repository for plugin with prefix: 'dependency'.
[INFO]
------------------------------------------------------------------------
[INFO] Building hsfdk
[INFO] task-segment: [dependency:analyze-dep-mgt]
[INFO]
------------------------------------------------------------------------
[INFO] [dependency:analyze-dep-mgt {execution: default-cli}]
[INFO] Found Resolved Dependency / DependencyManagement mismatches:
[INFO] Nothing in DepMgt.
[INFO]
------------------------------------------------------------------------
[INFO] BUILD SUCCESSFUL
[INFO]
------------------------------------------------------------------------
[INFO] Total time: 4 seconds
[INFO] Finished at: Mon Jul 06 15:24:56 CEST 2009
[INFO] Final Memory: 8M/18M
[INFO]
------------------------------------------------------------------------
which doesn't show any problem with artifact dependency.
Any help is welcome...
Thanks in advance.
Paolo.
--
View this message in context: http://www.nabble.com/Maven-dependency-check-tp24355410p24355410.html
Sent from the Maven - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: Maven dependency check
Posted by Anders Hammar <an...@hammar.net>.
I'm not saying it is the case here, but sometimes the doc/examples (of
any software) isn't 100% correct. Try executing Maven with the "-e" or
the "-X" flag to possibly get some more info.
/Anders
On Mon, Jul 6, 2009 at 16:51, Paolo.Mosna<pa...@gmail.com> wrote:
>
>
> Thanks Anders,
> I think your proposed solution would work.
>
> Now I did put the following in the pom.xml of project A:
>
> <build>
> <plugins>
> <plugin>
> <groupId>org.apache.maven.plugins</groupId>
> <artifactId>maven-enforcer-plugin</artifactId>
> <version>1.0-beta-1</version>
> <executions>
> <execution>
> <id>enforce-banned-dependencies</id>
> <goals>
> <goal>enforce</goal>
> </goals>
> <configuration>
> <rules>
> <bannedDependencies>
> <excludes>
> <exclude>C:C:*</exclude>
> </excludes>
> <includes>
> <!--only 1.0 of badArtifact is allowed-->
> <include>C:C:1.0.0</include>
> <include>B:B:1.0.0</include>
> </includes>
> </bannedDependencies>
> </rules>
> <fail>true</fail>
> </configuration>
> </execution>
> </executions>
> </plugin>
> </plugins>
> </build>
>
> The idea is to exclude all version of C and to force to keep only version
> 1.0.0 of C artifact.
> unfortunately now I get this message:
>
> $ mvn enforcer:enforce
> [INFO] Scanning for projects...
> [INFO]
> ------------------------------------------------------------------------
> [INFO] Building A
> [INFO] task-segment: [enforcer:enforce]
> [INFO]
> ------------------------------------------------------------------------
> [INFO]
> ------------------------------------------------------------------------
> [ERROR] BUILD ERROR
> [INFO]
> ------------------------------------------------------------------------
> [INFO] One or more required plugin parameters are invalid/missing for
> 'enforcer:enforce'
>
> [0] Inside the definition for plugin 'maven-enforcer-plugin' specify the
> following:
>
> <configuration>
> ...
> <rules>VALUE</rules>
> </configuration>.
>
> [INFO]
> ------------------------------------------------------------------------
> [INFO] For more information, run Maven with the -e switch
> [INFO]
> ------------------------------------------------------------------------
> [INFO] Total time: 1 second
> [INFO] Finished at: Mon Jul 06 16:42:39 CEST 2009
> [INFO] Final Memory: 5M/11M
> [INFO]
> ------------------------------------------------------------------------
>
> But I did copy the example from web site:
> http://maven.apache.org/enforcer/enforcer-rules/bannedDependencies.html
>
> Any idea?
> Thanks.
>
>
>
> Anders Hammar wrote:
>>
>> Hi,
>>
>> I guess you could use the enforcer plugin:
>> http://maven.apache.org/plugins/maven-enforcer-plugin/
>>
>> I think the bannedDependencies rule could be added to project A (for
>> C-1.0.0). Haven't tried it though.
>>
>> /Anders
>>
>> On Mon, Jul 6, 2009 at 15:27, Paolo.Mosna<pa...@gmail.com> wrote:
>>>
>>> Dear folks, I'm using Maven (and maven-ant-task) to check project
>>> dependencies.
>>> I have a project A-1.0.0 which depends by an artifact B-1.0.0 and
>>> C-1.0.1.
>>> At the same time artifact B-1.0.0 depends by artifact C-1.0.0.
>>>
>>> Artifacts C-1.0.0 and C-1.0.1 are not interchangeable, so or I use
>>> version
>>> 1.0.0 or version 1.0.1.
>>> I cannot use them altogether.
>>>
>>> Here is the pom.xml for project A-1.0.0:
>>> <project>
>>> <modelVersion>4.0.0</modelVersion>
>>> <groupId>A</groupId>
>>> <artifactId>A</artifactId>
>>> <name>hsfdk</name>
>>> <version>1.0.0</version>
>>>
>>> <dependencies>
>>> <dependency>
>>> <groupId>C</groupId>
>>> <artifactId>C</artifactId>
>>> <version>1.0.1</version>
>>> <type>dll</type>
>>> <scope>compile</scope>
>>> <optional>false</optional>
>>> </dependency>
>>> <dependency>
>>> <groupId>B</groupId>
>>> <artifactId>B</artifactId>
>>> <version>1.0.0</version>
>>> <type>ocx</type>
>>> <scope>runtime</scope>
>>> <optional>false</optional>
>>> </dependency>
>>> </dependencies>
>>>
>>> </project>
>>>
>>> Follow pom.xml for artifact B-1.0.0
>>>
>>> <project>
>>> <modelVersion>4.0.0</modelVersion>
>>> <groupId>B</groupId>
>>> <artifactId>B</artifactId>
>>> <name>B</name>
>>> <version>1.0.0</version>
>>>
>>> <dependencies>
>>> <dependency>
>>> <groupId>C</groupId>
>>> <artifactId>C</artifactId>
>>> <version>1.0.0</version>
>>> <type>dll</type>
>>> <scope>runtime</scope>
>>> <optional>false</optional>
>>> </dependency>
>>> </dependencies>
>>>
>>> </project>
>>>
>>>
>>> Is there a way to intercept the dependency problem I have in this case?
>>> I did try with dependency plug-in but I get the following output:
>>> $ mvn dependency:analyze-dep-mgt
>>> [INFO] Scanning for projects...
>>> [INFO] Searching repository for plugin with prefix: 'dependency'.
>>> [INFO]
>>> ------------------------------------------------------------------------
>>> [INFO] Building hsfdk
>>> [INFO] task-segment: [dependency:analyze-dep-mgt]
>>> [INFO]
>>> ------------------------------------------------------------------------
>>> [INFO] [dependency:analyze-dep-mgt {execution: default-cli}]
>>> [INFO] Found Resolved Dependency / DependencyManagement mismatches:
>>> [INFO] Nothing in DepMgt.
>>> [INFO]
>>> ------------------------------------------------------------------------
>>> [INFO] BUILD SUCCESSFUL
>>> [INFO]
>>> ------------------------------------------------------------------------
>>> [INFO] Total time: 4 seconds
>>> [INFO] Finished at: Mon Jul 06 15:24:56 CEST 2009
>>> [INFO] Final Memory: 8M/18M
>>> [INFO]
>>> ------------------------------------------------------------------------
>>>
>>> which doesn't show any problem with artifact dependency.
>>>
>>> Any help is welcome...
>>>
>>> Thanks in advance.
>>> Paolo.
>>> --
>>> View this message in context:
>>> http://www.nabble.com/Maven-dependency-check-tp24355410p24355410.html
>>> Sent from the Maven - Users mailing list archive at Nabble.com.
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
>>> For additional commands, e-mail: users-help@maven.apache.org
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
>> For additional commands, e-mail: users-help@maven.apache.org
>>
>>
>>
>
> --
> View this message in context: http://www.nabble.com/Maven-dependency-check-tp24355410p24356756.html
> Sent from the Maven - Users mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> For additional commands, e-mail: users-help@maven.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: Maven dependency check
Posted by "Paolo.Mosna" <pa...@gmail.com>.
Thanks Anders,
I think your proposed solution would work.
Now I did put the following in the pom.xml of project A:
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>1.0-beta-1</version>
<executions>
<execution>
<id>enforce-banned-dependencies</id>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<bannedDependencies>
<excludes>
<exclude>C:C:*</exclude>
</excludes>
<includes>
<!--only 1.0 of badArtifact is allowed-->
<include>C:C:1.0.0</include>
<include>B:B:1.0.0</include>
</includes>
</bannedDependencies>
</rules>
<fail>true</fail>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
The idea is to exclude all version of C and to force to keep only version
1.0.0 of C artifact.
unfortunately now I get this message:
$ mvn enforcer:enforce
[INFO] Scanning for projects...
[INFO]
------------------------------------------------------------------------
[INFO] Building A
[INFO] task-segment: [enforcer:enforce]
[INFO]
------------------------------------------------------------------------
[INFO]
------------------------------------------------------------------------
[ERROR] BUILD ERROR
[INFO]
------------------------------------------------------------------------
[INFO] One or more required plugin parameters are invalid/missing for
'enforcer:enforce'
[0] Inside the definition for plugin 'maven-enforcer-plugin' specify the
following:
<configuration>
...
<rules>VALUE</rules>
</configuration>.
[INFO]
------------------------------------------------------------------------
[INFO] For more information, run Maven with the -e switch
[INFO]
------------------------------------------------------------------------
[INFO] Total time: 1 second
[INFO] Finished at: Mon Jul 06 16:42:39 CEST 2009
[INFO] Final Memory: 5M/11M
[INFO]
------------------------------------------------------------------------
But I did copy the example from web site:
http://maven.apache.org/enforcer/enforcer-rules/bannedDependencies.html
Any idea?
Thanks.
Anders Hammar wrote:
>
> Hi,
>
> I guess you could use the enforcer plugin:
> http://maven.apache.org/plugins/maven-enforcer-plugin/
>
> I think the bannedDependencies rule could be added to project A (for
> C-1.0.0). Haven't tried it though.
>
> /Anders
>
> On Mon, Jul 6, 2009 at 15:27, Paolo.Mosna<pa...@gmail.com> wrote:
>>
>> Dear folks, I'm using Maven (and maven-ant-task) to check project
>> dependencies.
>> I have a project A-1.0.0 which depends by an artifact B-1.0.0 and
>> C-1.0.1.
>> At the same time artifact B-1.0.0 depends by artifact C-1.0.0.
>>
>> Artifacts C-1.0.0 and C-1.0.1 are not interchangeable, so or I use
>> version
>> 1.0.0 or version 1.0.1.
>> I cannot use them altogether.
>>
>> Here is the pom.xml for project A-1.0.0:
>> <project>
>> <modelVersion>4.0.0</modelVersion>
>> <groupId>A</groupId>
>> <artifactId>A</artifactId>
>> <name>hsfdk</name>
>> <version>1.0.0</version>
>>
>> <dependencies>
>> <dependency>
>> <groupId>C</groupId>
>> <artifactId>C</artifactId>
>> <version>1.0.1</version>
>> <type>dll</type>
>> <scope>compile</scope>
>> <optional>false</optional>
>> </dependency>
>> <dependency>
>> <groupId>B</groupId>
>> <artifactId>B</artifactId>
>> <version>1.0.0</version>
>> <type>ocx</type>
>> <scope>runtime</scope>
>> <optional>false</optional>
>> </dependency>
>> </dependencies>
>>
>> </project>
>>
>> Follow pom.xml for artifact B-1.0.0
>>
>> <project>
>> <modelVersion>4.0.0</modelVersion>
>> <groupId>B</groupId>
>> <artifactId>B</artifactId>
>> <name>B</name>
>> <version>1.0.0</version>
>>
>> <dependencies>
>> <dependency>
>> <groupId>C</groupId>
>> <artifactId>C</artifactId>
>> <version>1.0.0</version>
>> <type>dll</type>
>> <scope>runtime</scope>
>> <optional>false</optional>
>> </dependency>
>> </dependencies>
>>
>> </project>
>>
>>
>> Is there a way to intercept the dependency problem I have in this case?
>> I did try with dependency plug-in but I get the following output:
>> $ mvn dependency:analyze-dep-mgt
>> [INFO] Scanning for projects...
>> [INFO] Searching repository for plugin with prefix: 'dependency'.
>> [INFO]
>> ------------------------------------------------------------------------
>> [INFO] Building hsfdk
>> [INFO] task-segment: [dependency:analyze-dep-mgt]
>> [INFO]
>> ------------------------------------------------------------------------
>> [INFO] [dependency:analyze-dep-mgt {execution: default-cli}]
>> [INFO] Found Resolved Dependency / DependencyManagement mismatches:
>> [INFO] Nothing in DepMgt.
>> [INFO]
>> ------------------------------------------------------------------------
>> [INFO] BUILD SUCCESSFUL
>> [INFO]
>> ------------------------------------------------------------------------
>> [INFO] Total time: 4 seconds
>> [INFO] Finished at: Mon Jul 06 15:24:56 CEST 2009
>> [INFO] Final Memory: 8M/18M
>> [INFO]
>> ------------------------------------------------------------------------
>>
>> which doesn't show any problem with artifact dependency.
>>
>> Any help is welcome...
>>
>> Thanks in advance.
>> Paolo.
>> --
>> View this message in context:
>> http://www.nabble.com/Maven-dependency-check-tp24355410p24355410.html
>> Sent from the Maven - Users mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
>> For additional commands, e-mail: users-help@maven.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> For additional commands, e-mail: users-help@maven.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/Maven-dependency-check-tp24355410p24356756.html
Sent from the Maven - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: Maven dependency check
Posted by Anders Hammar <an...@hammar.net>.
Hi,
I guess you could use the enforcer plugin:
http://maven.apache.org/plugins/maven-enforcer-plugin/
I think the bannedDependencies rule could be added to project A (for
C-1.0.0). Haven't tried it though.
/Anders
On Mon, Jul 6, 2009 at 15:27, Paolo.Mosna<pa...@gmail.com> wrote:
>
> Dear folks, I'm using Maven (and maven-ant-task) to check project
> dependencies.
> I have a project A-1.0.0 which depends by an artifact B-1.0.0 and C-1.0.1.
> At the same time artifact B-1.0.0 depends by artifact C-1.0.0.
>
> Artifacts C-1.0.0 and C-1.0.1 are not interchangeable, so or I use version
> 1.0.0 or version 1.0.1.
> I cannot use them altogether.
>
> Here is the pom.xml for project A-1.0.0:
> <project>
> <modelVersion>4.0.0</modelVersion>
> <groupId>A</groupId>
> <artifactId>A</artifactId>
> <name>hsfdk</name>
> <version>1.0.0</version>
>
> <dependencies>
> <dependency>
> <groupId>C</groupId>
> <artifactId>C</artifactId>
> <version>1.0.1</version>
> <type>dll</type>
> <scope>compile</scope>
> <optional>false</optional>
> </dependency>
> <dependency>
> <groupId>B</groupId>
> <artifactId>B</artifactId>
> <version>1.0.0</version>
> <type>ocx</type>
> <scope>runtime</scope>
> <optional>false</optional>
> </dependency>
> </dependencies>
>
> </project>
>
> Follow pom.xml for artifact B-1.0.0
>
> <project>
> <modelVersion>4.0.0</modelVersion>
> <groupId>B</groupId>
> <artifactId>B</artifactId>
> <name>B</name>
> <version>1.0.0</version>
>
> <dependencies>
> <dependency>
> <groupId>C</groupId>
> <artifactId>C</artifactId>
> <version>1.0.0</version>
> <type>dll</type>
> <scope>runtime</scope>
> <optional>false</optional>
> </dependency>
> </dependencies>
>
> </project>
>
>
> Is there a way to intercept the dependency problem I have in this case?
> I did try with dependency plug-in but I get the following output:
> $ mvn dependency:analyze-dep-mgt
> [INFO] Scanning for projects...
> [INFO] Searching repository for plugin with prefix: 'dependency'.
> [INFO]
> ------------------------------------------------------------------------
> [INFO] Building hsfdk
> [INFO] task-segment: [dependency:analyze-dep-mgt]
> [INFO]
> ------------------------------------------------------------------------
> [INFO] [dependency:analyze-dep-mgt {execution: default-cli}]
> [INFO] Found Resolved Dependency / DependencyManagement mismatches:
> [INFO] Nothing in DepMgt.
> [INFO]
> ------------------------------------------------------------------------
> [INFO] BUILD SUCCESSFUL
> [INFO]
> ------------------------------------------------------------------------
> [INFO] Total time: 4 seconds
> [INFO] Finished at: Mon Jul 06 15:24:56 CEST 2009
> [INFO] Final Memory: 8M/18M
> [INFO]
> ------------------------------------------------------------------------
>
> which doesn't show any problem with artifact dependency.
>
> Any help is welcome...
>
> Thanks in advance.
> Paolo.
> --
> View this message in context: http://www.nabble.com/Maven-dependency-check-tp24355410p24355410.html
> Sent from the Maven - Users mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> For additional commands, e-mail: users-help@maven.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org