[
https://issues.apache.org/jira/browse/MNG-7754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17708564#comment-17708564
]
ASF GitHub Bot commented on MNG-7754:
-------------------------------------
slawekjaranowski commented on code in PR #1079:
URL: https://github.com/apache/maven/pull/1079#discussion_r1157704267
##########
maven-core/src/main/java/org/apache/maven/plugin/internal/Maven2DependenciesValidator.java:
##########
@@ -0,0 +1,61 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.maven.plugin.internal;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import javax.inject.Singleton;
+
+import java.util.Set;
+import java.util.stream.Collectors;
+
+import org.apache.maven.execution.MavenSession;
+import org.apache.maven.plugin.PluginValidationManager;
+import org.apache.maven.plugin.descriptor.MojoDescriptor;
+import org.codehaus.plexus.component.repository.ComponentDependency;
+
+/**
+ * Detects Maven2 plugins.
+ *
+ * @since 3.9.2
+ */
+@Singleton
+@Named
+class Maven2DependenciesValidator extends
AbstractMavenPluginDependenciesValidator {
+
+ @Inject
+ Maven2DependenciesValidator(PluginValidationManager
pluginValidationManager) {
+ super(pluginValidationManager);
+ }
+
+ @Override
+ protected void doValidate(MavenSession mavenSession, MojoDescriptor
mojoDescriptor) {
+ Set<String> maven2Versions =
mojoDescriptor.getPluginDescriptor().getDependencies().stream()
+ .filter(d -> "org.apache.maven".equals(d.getGroupId()))
+ .filter(d -> !"maven-archiver".equals(d.getArtifactId()))
Review Comment:
In plugin-tools we have:
```java
private List<String> expectedProvidedScopeExclusions = Arrays.asList(
"org.apache.maven:maven-archiver", "org.apache.maven:maven-jxr",
"org.apache.maven:plexus-utils");
```
##########
maven-core/src/main/java/org/apache/maven/plugin/internal/AbstractMavenPluginParametersValidator.java:
##########
@@ -94,19 +98,19 @@ protected boolean isIgnoredProperty(String strValue) {
protected abstract String getParameterLogReason(Parameter parameter);
- protected void logParameter(Parameter parameter) {
- MessageBuilder messageBuilder = MessageUtils.buffer()
- .warning("Parameter '")
- .warning(parameter.getName())
- .warning('\'');
+ protected String formatParameter(Parameter parameter) {
+ StringBuilder messageBuilder = new StringBuilder()
Review Comment:
now is stringBuilder not messageBuilder
##########
maven-core/src/main/java/org/apache/maven/plugin/internal/AbstractMavenPluginParametersValidator.java:
##########
@@ -94,19 +98,19 @@ protected boolean isIgnoredProperty(String strValue) {
protected abstract String getParameterLogReason(Parameter parameter);
- protected void logParameter(Parameter parameter) {
- MessageBuilder messageBuilder = MessageUtils.buffer()
- .warning("Parameter '")
- .warning(parameter.getName())
- .warning('\'');
+ protected String formatParameter(Parameter parameter) {
Review Comment:
Everything will be logged at the end, so probable reason of remove
formatting here
##########
maven-core/src/main/java/org/apache/maven/plugin/internal/MavenMixedDependenciesValidator.java:
##########
@@ -0,0 +1,60 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.maven.plugin.internal;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import javax.inject.Singleton;
+
+import java.util.Set;
+import java.util.stream.Collectors;
+
+import org.apache.maven.execution.MavenSession;
+import org.apache.maven.plugin.PluginValidationManager;
+import org.apache.maven.plugin.descriptor.MojoDescriptor;
+import org.codehaus.plexus.component.repository.ComponentDependency;
+
+/**
+ * Detects mixed Maven versions in plugins.
+ *
+ * @since 3.9.2
+ */
+@Singleton
+@Named
+class MavenMixedDependenciesValidator extends
AbstractMavenPluginDependenciesValidator {
+
+ @Inject
+ MavenMixedDependenciesValidator(PluginValidationManager
pluginValidationManager) {
+ super(pluginValidationManager);
+ }
+
+ @Override
+ protected void doValidate(MavenSession mavenSession, MojoDescriptor
mojoDescriptor) {
+ Set<String> mavenVersions =
mojoDescriptor.getPluginDescriptor().getDependencies().stream()
+ .filter(d -> "org.apache.maven".equals(d.getGroupId()))
+ .filter(d -> !"maven-archiver".equals(d.getArtifactId()))
Review Comment:
Should it be the same as in Maven2DependenciesValidator?
##########
maven-core/src/main/java/org/apache/maven/plugin/internal/MavenScopeDependenciesValidator.java:
##########
@@ -0,0 +1,62 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.maven.plugin.internal;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import javax.inject.Singleton;
+
+import java.util.Set;
+import java.util.stream.Collectors;
+
+import org.apache.maven.execution.MavenSession;
+import org.apache.maven.plugin.PluginValidationManager;
+import org.apache.maven.plugin.descriptor.MojoDescriptor;
+
+/**
+ * Detects Maven3 artifacts in bad scope in plugins.
+ *
+ * @since 3.9.2
+ */
+@Singleton
+@Named
+class MavenScopeDependenciesValidator extends
AbstractMavenPluginDependenciesValidator {
+
+ @Inject
+ MavenScopeDependenciesValidator(PluginValidationManager
pluginValidationManager) {
+ super(pluginValidationManager);
+ }
+
+ @Override
+ protected void doValidate(MavenSession mavenSession, MojoDescriptor
mojoDescriptor) {
+ Set<String> mavenArtifacts =
mojoDescriptor.getPluginDescriptor().getDependencies().stream()
+ .filter(d -> "org.apache.maven".equals(d.getGroupId()))
+ .filter(d -> !"maven-archiver".equals(d.getArtifactId()))
Review Comment:
next place for common list to filter - the same as in plugin-tools
##########
maven-core/src/main/java/org/apache/maven/plugin/internal/DefaultPluginValidationManager.java:
##########
@@ -0,0 +1,232 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.maven.plugin.internal;
+
+import javax.inject.Named;
+import javax.inject.Singleton;
+
+import java.io.File;
+import java.util.LinkedHashMap;
+import java.util.LinkedHashSet;
+import java.util.concurrent.ConcurrentHashMap;
+
+import org.apache.maven.AbstractMavenLifecycleParticipant;
+import org.apache.maven.execution.MavenSession;
+import org.apache.maven.model.InputLocation;
+import org.apache.maven.model.Plugin;
+import org.apache.maven.plugin.PluginValidationManager;
+import org.apache.maven.plugin.descriptor.MojoDescriptor;
+import org.apache.maven.plugin.descriptor.PluginDescriptor;
+import org.apache.maven.project.MavenProject;
+import org.eclipse.aether.RepositorySystemSession;
+import org.eclipse.aether.util.ConfigUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+@Singleton
+@Named
+public final class DefaultPluginValidationManager extends
AbstractMavenLifecycleParticipant
+ implements PluginValidationManager {
+
+ private static final String ISSUES_KEY =
DefaultPluginValidationManager.class.getName() + ".issues";
+
+ private static final String MAVEN_PLUGIN_VALIDATION_ENABLED_KEY =
"maven.plugin.validation.enabled";
Review Comment:
New option should be documented somewhere ... maybe in message - who read a
docs 😄
##########
maven-core/src/main/java/org/apache/maven/plugin/internal/DefaultPluginDependenciesResolver.java:
##########
@@ -103,6 +107,19 @@ public Artifact resolve(Plugin plugin,
List<RemoteRepository> repositories, Repo
request.setTrace(trace);
ArtifactDescriptorResult result =
repoSystem.readArtifactDescriptor(pluginSession, request);
+ if (result.getDependencies() != null) {
+ for (org.eclipse.aether.graph.Dependency dependency :
result.getDependencies()) {
+ if
("org.apache.maven".equals(dependency.getArtifact().getGroupId())
+ &&
"maven-compat".equals(dependency.getArtifact().getArtifactId())
+ && !JavaScopes.TEST.equals(dependency.getScope()))
{
Review Comment:
No - provider allow to use in production code it is what we want to avoid
> Improvement and extension of plugin validation
> ----------------------------------------------
>
> Key: MNG-7754
> URL: https://issues.apache.org/jira/browse/MNG-7754
> Project: Maven
> Issue Type: Task
> Components: Core
> Affects Versions: 3.9.1
> Reporter: Tamas Cservenak
> Priority: Major
> Fix For: 3.9.2, 4.0.0-alpha-6, 4.0.0
>
>
> Some users when see following warning:
> {noformat}
> [INFO] --- remote-resources:1.7.0:process (process-resource-bundles) @ maven
> ---
> [WARNING] Parameter 'localRepository' is deprecated core expression; Avoid
> use of ArtifactRepository type. If you need access to local repository,
> switch to '${repositorySystemSession}' expression and get LRM from it
> instead. {noformat}
> on their console, immediately grep their {{$HOME}} to find out that they DO
> HAVE afore mentioned string present in their {{{}settings.xml{}}}, and then
> scratch their head how to get rid of it.
> Hence, we should improve error message – at least add some clue that message
> targets given Mojo developers (as message appears immediately under Mojo
> execution log message) and not users. Best users could do is nag Mojo
> developers, and not us, to make message disappear.
> Improvements:
> * report at end, instead multiple times same warning (for reactor builds)
> * possibility to suppress validation
> * new check: maven-compat, maven2, p-c-d, mixed maven verions,, wrong scopes
> (similar as m-p-p does on build time)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
