[ https://issues.apache.org/jira/browse/MNG-7754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17708564#comment-17708564 ]
ASF GitHub Bot commented on MNG-7754: ------------------------------------- slawekjaranowski commented on code in PR #1079: URL: https://github.com/apache/maven/pull/1079#discussion_r1157704267 ########## maven-core/src/main/java/org/apache/maven/plugin/internal/Maven2DependenciesValidator.java: ########## @@ -0,0 +1,61 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.maven.plugin.internal; + +import javax.inject.Inject; +import javax.inject.Named; +import javax.inject.Singleton; + +import java.util.Set; +import java.util.stream.Collectors; + +import org.apache.maven.execution.MavenSession; +import org.apache.maven.plugin.PluginValidationManager; +import org.apache.maven.plugin.descriptor.MojoDescriptor; +import org.codehaus.plexus.component.repository.ComponentDependency; + +/** + * Detects Maven2 plugins. + * + * @since 3.9.2 + */ +@Singleton +@Named +class Maven2DependenciesValidator extends AbstractMavenPluginDependenciesValidator { + + @Inject + Maven2DependenciesValidator(PluginValidationManager pluginValidationManager) { + super(pluginValidationManager); + } + + @Override + protected void doValidate(MavenSession mavenSession, MojoDescriptor mojoDescriptor) { + Set<String> maven2Versions = mojoDescriptor.getPluginDescriptor().getDependencies().stream() + .filter(d -> "org.apache.maven".equals(d.getGroupId())) + .filter(d -> !"maven-archiver".equals(d.getArtifactId())) Review Comment: In plugin-tools we have: ```java private List<String> expectedProvidedScopeExclusions = Arrays.asList( "org.apache.maven:maven-archiver", "org.apache.maven:maven-jxr", "org.apache.maven:plexus-utils"); ``` ########## maven-core/src/main/java/org/apache/maven/plugin/internal/AbstractMavenPluginParametersValidator.java: ########## @@ -94,19 +98,19 @@ protected boolean isIgnoredProperty(String strValue) { protected abstract String getParameterLogReason(Parameter parameter); - protected void logParameter(Parameter parameter) { - MessageBuilder messageBuilder = MessageUtils.buffer() - .warning("Parameter '") - .warning(parameter.getName()) - .warning('\''); + protected String formatParameter(Parameter parameter) { + StringBuilder messageBuilder = new StringBuilder() Review Comment: now is stringBuilder not messageBuilder ########## maven-core/src/main/java/org/apache/maven/plugin/internal/AbstractMavenPluginParametersValidator.java: ########## @@ -94,19 +98,19 @@ protected boolean isIgnoredProperty(String strValue) { protected abstract String getParameterLogReason(Parameter parameter); - protected void logParameter(Parameter parameter) { - MessageBuilder messageBuilder = MessageUtils.buffer() - .warning("Parameter '") - .warning(parameter.getName()) - .warning('\''); + protected String formatParameter(Parameter parameter) { Review Comment: Everything will be logged at the end, so probable reason of remove formatting here ########## maven-core/src/main/java/org/apache/maven/plugin/internal/MavenMixedDependenciesValidator.java: ########## @@ -0,0 +1,60 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.maven.plugin.internal; + +import javax.inject.Inject; +import javax.inject.Named; +import javax.inject.Singleton; + +import java.util.Set; +import java.util.stream.Collectors; + +import org.apache.maven.execution.MavenSession; +import org.apache.maven.plugin.PluginValidationManager; +import org.apache.maven.plugin.descriptor.MojoDescriptor; +import org.codehaus.plexus.component.repository.ComponentDependency; + +/** + * Detects mixed Maven versions in plugins. + * + * @since 3.9.2 + */ +@Singleton +@Named +class MavenMixedDependenciesValidator extends AbstractMavenPluginDependenciesValidator { + + @Inject + MavenMixedDependenciesValidator(PluginValidationManager pluginValidationManager) { + super(pluginValidationManager); + } + + @Override + protected void doValidate(MavenSession mavenSession, MojoDescriptor mojoDescriptor) { + Set<String> mavenVersions = mojoDescriptor.getPluginDescriptor().getDependencies().stream() + .filter(d -> "org.apache.maven".equals(d.getGroupId())) + .filter(d -> !"maven-archiver".equals(d.getArtifactId())) Review Comment: Should it be the same as in Maven2DependenciesValidator? ########## maven-core/src/main/java/org/apache/maven/plugin/internal/MavenScopeDependenciesValidator.java: ########## @@ -0,0 +1,62 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.maven.plugin.internal; + +import javax.inject.Inject; +import javax.inject.Named; +import javax.inject.Singleton; + +import java.util.Set; +import java.util.stream.Collectors; + +import org.apache.maven.execution.MavenSession; +import org.apache.maven.plugin.PluginValidationManager; +import org.apache.maven.plugin.descriptor.MojoDescriptor; + +/** + * Detects Maven3 artifacts in bad scope in plugins. + * + * @since 3.9.2 + */ +@Singleton +@Named +class MavenScopeDependenciesValidator extends AbstractMavenPluginDependenciesValidator { + + @Inject + MavenScopeDependenciesValidator(PluginValidationManager pluginValidationManager) { + super(pluginValidationManager); + } + + @Override + protected void doValidate(MavenSession mavenSession, MojoDescriptor mojoDescriptor) { + Set<String> mavenArtifacts = mojoDescriptor.getPluginDescriptor().getDependencies().stream() + .filter(d -> "org.apache.maven".equals(d.getGroupId())) + .filter(d -> !"maven-archiver".equals(d.getArtifactId())) Review Comment: next place for common list to filter - the same as in plugin-tools ########## maven-core/src/main/java/org/apache/maven/plugin/internal/DefaultPluginValidationManager.java: ########## @@ -0,0 +1,232 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.maven.plugin.internal; + +import javax.inject.Named; +import javax.inject.Singleton; + +import java.io.File; +import java.util.LinkedHashMap; +import java.util.LinkedHashSet; +import java.util.concurrent.ConcurrentHashMap; + +import org.apache.maven.AbstractMavenLifecycleParticipant; +import org.apache.maven.execution.MavenSession; +import org.apache.maven.model.InputLocation; +import org.apache.maven.model.Plugin; +import org.apache.maven.plugin.PluginValidationManager; +import org.apache.maven.plugin.descriptor.MojoDescriptor; +import org.apache.maven.plugin.descriptor.PluginDescriptor; +import org.apache.maven.project.MavenProject; +import org.eclipse.aether.RepositorySystemSession; +import org.eclipse.aether.util.ConfigUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +@Singleton +@Named +public final class DefaultPluginValidationManager extends AbstractMavenLifecycleParticipant + implements PluginValidationManager { + + private static final String ISSUES_KEY = DefaultPluginValidationManager.class.getName() + ".issues"; + + private static final String MAVEN_PLUGIN_VALIDATION_ENABLED_KEY = "maven.plugin.validation.enabled"; Review Comment: New option should be documented somewhere ... maybe in message - who read a docs 😄 ########## maven-core/src/main/java/org/apache/maven/plugin/internal/DefaultPluginDependenciesResolver.java: ########## @@ -103,6 +107,19 @@ public Artifact resolve(Plugin plugin, List<RemoteRepository> repositories, Repo request.setTrace(trace); ArtifactDescriptorResult result = repoSystem.readArtifactDescriptor(pluginSession, request); + if (result.getDependencies() != null) { + for (org.eclipse.aether.graph.Dependency dependency : result.getDependencies()) { + if ("org.apache.maven".equals(dependency.getArtifact().getGroupId()) + && "maven-compat".equals(dependency.getArtifact().getArtifactId()) + && !JavaScopes.TEST.equals(dependency.getScope())) { Review Comment: No - provider allow to use in production code it is what we want to avoid > Improvement and extension of plugin validation > ---------------------------------------------- > > Key: MNG-7754 > URL: https://issues.apache.org/jira/browse/MNG-7754 > Project: Maven > Issue Type: Task > Components: Core > Affects Versions: 3.9.1 > Reporter: Tamas Cservenak > Priority: Major > Fix For: 3.9.2, 4.0.0-alpha-6, 4.0.0 > > > Some users when see following warning: > {noformat} > [INFO] --- remote-resources:1.7.0:process (process-resource-bundles) @ maven > --- > [WARNING] Parameter 'localRepository' is deprecated core expression; Avoid > use of ArtifactRepository type. If you need access to local repository, > switch to '${repositorySystemSession}' expression and get LRM from it > instead. {noformat} > on their console, immediately grep their {{$HOME}} to find out that they DO > HAVE afore mentioned string present in their {{{}settings.xml{}}}, and then > scratch their head how to get rid of it. > Hence, we should improve error message – at least add some clue that message > targets given Mojo developers (as message appears immediately under Mojo > execution log message) and not users. Best users could do is nag Mojo > developers, and not us, to make message disappear. > Improvements: > * report at end, instead multiple times same warning (for reactor builds) > * possibility to suppress validation > * new check: maven-compat, maven2, p-c-d, mixed maven verions,, wrong scopes > (similar as m-p-p does on build time) -- This message was sent by Atlassian Jira (v8.20.10#820010)