(maven-gpg-plugin) branch master updated: [MGPG-110] SignAndDeployFileMojo validation is off (#78)

Tue, 05 Mar 2024 06:58:17 -0800 

This is an automated email from the ASF dual-hosted git repository.

cstamas pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/maven-gpg-plugin.git


The following commit(s) were added to refs/heads/master by this push:
     new 0771b61  [MGPG-110] SignAndDeployFileMojo validation is off (#78)
0771b61 is described below

commit 0771b610492f0818c38d137f771182f51ff28f98
Author: Tamas Cservenak <ta...@cservenak.net>
AuthorDate: Tue Mar 5 15:57:51 2024 +0100

    [MGPG-110] SignAndDeployFileMojo validation is off (#78)
    
    It was validating POMs as "Maven2". These POMs should be handled as "new 
projects" and they must have strict validation in effect instead. Still, given 
"strict" validation is a moving target (it depends on currently running Maven 
version), we need to factor in Maven4 as well. Once beta, Maven4 should be 
added to build matrix. Currently was running locally the build with latest 
alpha-13 SNAPSHOT (it went OK) that showed one IT that was sensitive to it, 
fixed in this PR as well.
    
    ---
    
    https://issues.apache.org/jira/browse/MGPG-110
---
 src/it/sign-release-with-excludes/verify.groovy                     | 6 ++++++
 .../java/org/apache/maven/plugins/gpg/SignAndDeployFileMojo.java    | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/it/sign-release-with-excludes/verify.groovy 
b/src/it/sign-release-with-excludes/verify.groovy
index a19f510..eeeed65 100644
--- a/src/it/sign-release-with-excludes/verify.groovy
+++ b/src/it/sign-release-with-excludes/verify.groovy
@@ -30,6 +30,12 @@ var expectedFiles = [
 
 for (File file : artifactDir.listFiles()) {
     var fileName = file.getName()
+
+    //maven4: skip consumer POM
+    if (fileName.endsWith("consumer.pom") || 
fileName.endsWith("consumer.pom.asc")) {
+        continue
+    }
+
     println "Checking if file is expected: $file"
 
     var expected = false;
diff --git 
a/src/main/java/org/apache/maven/plugins/gpg/SignAndDeployFileMojo.java 
b/src/main/java/org/apache/maven/plugins/gpg/SignAndDeployFileMojo.java
index 26eb671..52f9828 100644
--- a/src/main/java/org/apache/maven/plugins/gpg/SignAndDeployFileMojo.java
+++ b/src/main/java/org/apache/maven/plugins/gpg/SignAndDeployFileMojo.java
@@ -456,7 +456,7 @@ public class SignAndDeployFileMojo extends AbstractGpgMojo {
         Model model = generateModel();
 
         ModelBuildingRequest request =
-                new 
DefaultModelBuildingRequest().setValidationLevel(ModelBuildingRequest.VALIDATION_LEVEL_MAVEN_2_0);
+                new 
DefaultModelBuildingRequest().setValidationLevel(ModelBuildingRequest.VALIDATION_LEVEL_STRICT);
 
         List<String> result = new ArrayList<>();

Reply via email to