[jira] (MENFORCER-185) Require Release Dependencies ignorant about aggregator build
[ https://jira.codehaus.org/browse/MENFORCER-185?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Curtis Rueden updated MENFORCER-185: Attachment: seuss.zip mvn validate [INFO] Scanning for projects... [INFO] [INFO] Reactor Build Order: [INFO] [INFO] pom [INFO] green-eggs [INFO] ham [INFO] [INFO] [INFO] Building pom 0.0.0-SNAPSHOT [INFO] [INFO] [INFO] --- maven-enforcer-plugin:1.3.1:enforce (enforce-rules) @ pom --- [INFO] [INFO] [INFO] Building green-eggs 0.0.0-SNAPSHOT [INFO] [INFO] [INFO] --- maven-enforcer-plugin:1.3.1:enforce (enforce-rules) @ green-eggs --- [WARNING] Rule 0: org.apache.maven.plugins.enforcer.RequireReleaseDeps failed with message: Parent Cannot be a snapshot: seuss:pom:pom:0.0.0-SNAPSHOT [INFO] [INFO] Reactor Summary: [INFO] [INFO] pom SUCCESS [ 0.462 s] [INFO] green-eggs . FAILURE [ 0.003 s] [INFO] ham SKIPPED [INFO] [INFO] BUILD FAILURE [INFO] Require Release Dependencies ignorant about aggregator build Key: MENFORCER-185 URL: https://jira.codehaus.org/browse/MENFORCER-185 Project: Maven Enforcer Plugin Issue Type: Bug Components: Standard Rules Affects Versions: 1.3.1 Reporter: Thomas Diesler Attachments: seuss.zip If A depends on B it is ok for A-1.0.0-SNAPSHOT to have snapshot dependency on B-1.0.0-SNAPSHOT if B was build before A during the same reactor build. Using the requireReleaseDeps rule it seems that SNAPSHOTS are generally not allowed even when they belong to the same project and were built during the same reactor build. We have a complex project with 100+ modules. I want to enforce that no module has dependencies on project SNAPSHOTS that were not included in the build. In such case A would use a stale version of B that happened to be available in the local/remote maven repository. -- This message was sent by Atlassian JIRA (v6.1.6#6162)
[jira] (MENFORCER-185) Require Release Dependencies ignorant about aggregator build
[ https://jira.codehaus.org/browse/MENFORCER-185?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=358949#comment-358949 ] Curtis Rueden commented on MENFORCER-185: - +1. My group's projects also use requireReleaseDeps, which works great for single-module projects. I attached a nearly MCVE for illustration. Require Release Dependencies ignorant about aggregator build Key: MENFORCER-185 URL: https://jira.codehaus.org/browse/MENFORCER-185 Project: Maven Enforcer Plugin Issue Type: Bug Components: Standard Rules Affects Versions: 1.3.1 Reporter: Thomas Diesler Attachments: seuss.zip If A depends on B it is ok for A-1.0.0-SNAPSHOT to have snapshot dependency on B-1.0.0-SNAPSHOT if B was build before A during the same reactor build. Using the requireReleaseDeps rule it seems that SNAPSHOTS are generally not allowed even when they belong to the same project and were built during the same reactor build. We have a complex project with 100+ modules. I want to enforce that no module has dependencies on project SNAPSHOTS that were not included in the build. In such case A would use a stale version of B that happened to be available in the local/remote maven repository. -- This message was sent by Atlassian JIRA (v6.1.6#6162)
[jira] (MENFORCER-185) Require Release Dependencies ignorant about aggregator build
[ https://jira.codehaus.org/browse/MENFORCER-185?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=358949#comment-358949 ] Curtis Rueden edited comment on MENFORCER-185 at 12/11/14 1:29 PM: --- +1. My group's projects also use requireReleaseDeps, which works great for single-module projects, but not multi-module ones without hacky exclusions. I attached a nearly MCVE for illustration. was (Author: ctrueden): +1. My group's projects also use requireReleaseDeps, which works great for single-module projects. I attached a nearly MCVE for illustration. Require Release Dependencies ignorant about aggregator build Key: MENFORCER-185 URL: https://jira.codehaus.org/browse/MENFORCER-185 Project: Maven Enforcer Plugin Issue Type: Bug Components: Standard Rules Affects Versions: 1.3.1 Reporter: Thomas Diesler Attachments: seuss.zip If A depends on B it is ok for A-1.0.0-SNAPSHOT to have snapshot dependency on B-1.0.0-SNAPSHOT if B was build before A during the same reactor build. Using the requireReleaseDeps rule it seems that SNAPSHOTS are generally not allowed even when they belong to the same project and were built during the same reactor build. We have a complex project with 100+ modules. I want to enforce that no module has dependencies on project SNAPSHOTS that were not included in the build. In such case A would use a stale version of B that happened to be available in the local/remote maven repository. -- This message was sent by Atlassian JIRA (v6.1.6#6162)
[jira] (MENFORCER-185) Require Release Dependencies ignorant about aggregator build
[
https://jira.codehaus.org/browse/MENFORCER-185?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=358959#comment-358959
]
Karl-Heinz Marbaise commented on MENFORCER-185:
---
So first thanks Curtis for your feedback. So after taking a look into that i
found some things we need to mention.
The
[documentation|http://maven.apache.org/enforcer/enforcer-rules/requireReleaseDeps.html]
says that by default the {{onlyWhenRelease}} configuration element is set to
{{false}} which means the check will be done always. Furthermore the
documentation also says the default for {{failWhenParentIsSnapshot}}
configuration element is set to {{true}} which means it will check the parent
always. These are the reasons why the example build fails.
I have created a [github
project|https://github.com/khmarbaise/menforcer/tree/master/menforcer-185] with
the above example and enhanced it a little with an dependency to {{ham}} in
{{green-egs}} module but with the wrong version which is not from the current
reactor. The newly implemented rule {{reactorModuleConvergence}} will exactly
show this problem.
{code}
[WARNING] Rule 0: org.apache.maven.plugins.enforcer.ReactorModuleConvergence
failed with message:
Reactor modules contains dependencies which do not reference the reactor.
There is a problem in your reactor.
module: seuss:green-eggs:jar:0.0.0-SNAPSHOT
dependency: seuss:ham:0.0.1-SNAPSHOT
{code}
This is of course not the check for SNAPSHOT dependencies what you like to do.
So this looks to me that we need to (re)implement the
{{requireReleaseDependencies}} rule in a complete different way...cause the doc
stated:
??This rule checks the dependencies and fails if any snapshots are found.??
Based on that i would interpret that in the way to check only the dependencies
and check if they are not part of the reactor to fail.
PS.: The title of the issue is a little bit misleading, cause we are talking
about a multi module build and not about an aggregator build.
Require Release Dependencies ignorant about aggregator build
Key: MENFORCER-185
URL: https://jira.codehaus.org/browse/MENFORCER-185
Project: Maven Enforcer Plugin
Issue Type: Bug
Components: Standard Rules
Affects Versions: 1.3.1
Reporter: Thomas Diesler
Attachments: seuss.zip
If A depends on B it is ok for A-1.0.0-SNAPSHOT to have snapshot dependency
on B-1.0.0-SNAPSHOT if B was build before A during the same reactor build.
Using the requireReleaseDeps rule it seems that SNAPSHOTS are generally not
allowed even when they belong to the same project and were built during the
same reactor build.
We have a complex project with 100+ modules. I want to enforce that no module
has dependencies on project SNAPSHOTS that were not included in the build. In
such case A would use a stale version of B that happened to be available in
the local/remote maven repository.
--
This message was sent by Atlassian JIRA
(v6.1.6#6162)
[jira] (MENFORCER-185) Require Release Dependencies ignorant about aggregator build
[
https://jira.codehaus.org/browse/MENFORCER-185?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=358960#comment-358960
]
Curtis Rueden commented on MENFORCER-185:
-
Thanks for the quick reply, Karl. I want to clarify that this is a fringe issue
for my group's projects, since we have switched almost completely to
single-module projects in separate Git repositories. We have only a couple of
multi-module projects left that get bitten. That said, I agree with the OP that
if you have a 100-module build, and it is important that it have only release
dependencies outside the reactor, it would be awesome if this rule could
support that use case. My personal tack would be to add another boolean
property {{allowSnapshotsInReactor}} which defaults to {{false}} for backwards
compatibility, but can be set to {{true}} to get the desired behavior.
Looking at the source, I wouldn't think a full rewrite is required, but rather
some case logic carefully injected in a couple of places. For example, in
{{RequireReleaseDeps.java}}, in the {{if ( failWhenParentIsSnapshot )}} block,
do not throw the exception if {{allowSnapshotsInReactor}} is set and the parent
is part of the multi-module build. And in the {{checkDependencies}} method, do
not add the artifact to the {{foundSnapshots}} structure if the artifact is
part of the multi-module build.
I'm certainly no expert on the codebase though, so perhaps it is more
complicated than that.
Require Release Dependencies ignorant about aggregator build
Key: MENFORCER-185
URL: https://jira.codehaus.org/browse/MENFORCER-185
Project: Maven Enforcer Plugin
Issue Type: Bug
Components: Standard Rules
Affects Versions: 1.3.1
Reporter: Thomas Diesler
Attachments: seuss.zip
If A depends on B it is ok for A-1.0.0-SNAPSHOT to have snapshot dependency
on B-1.0.0-SNAPSHOT if B was build before A during the same reactor build.
Using the requireReleaseDeps rule it seems that SNAPSHOTS are generally not
allowed even when they belong to the same project and were built during the
same reactor build.
We have a complex project with 100+ modules. I want to enforce that no module
has dependencies on project SNAPSHOTS that were not included in the build. In
such case A would use a stale version of B that happened to be available in
the local/remote maven repository.
--
This message was sent by Atlassian JIRA
(v6.1.6#6162)
[jira] (MENFORCER-185) Require Release Dependencies ignorant about aggregator build
[ https://jira.codehaus.org/browse/MENFORCER-185?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Karl-Heinz Marbaise updated MENFORCER-185: -- Fix Version/s: more-investigation Require Release Dependencies ignorant about aggregator build Key: MENFORCER-185 URL: https://jira.codehaus.org/browse/MENFORCER-185 Project: Maven Enforcer Plugin Issue Type: Bug Components: Standard Rules Affects Versions: 1.3.1 Reporter: Thomas Diesler Fix For: more-investigation Attachments: seuss.zip If A depends on B it is ok for A-1.0.0-SNAPSHOT to have snapshot dependency on B-1.0.0-SNAPSHOT if B was build before A during the same reactor build. Using the requireReleaseDeps rule it seems that SNAPSHOTS are generally not allowed even when they belong to the same project and were built during the same reactor build. We have a complex project with 100+ modules. I want to enforce that no module has dependencies on project SNAPSHOTS that were not included in the build. In such case A would use a stale version of B that happened to be available in the local/remote maven repository. -- This message was sent by Atlassian JIRA (v6.1.6#6162)
[jira] (MENFORCER-185) Require Release Dependencies ignorant about aggregator build
[ https://jira.codehaus.org/browse/MENFORCER-185?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=343873#comment-343873 ] jieryn commented on MENFORCER-185: -- Karl, MENFORCER-186 is not what we need for the original problem here. The requireReleaseDeps rule will fail the build if modules in the same reactor depend on one another and are at -SNAPSHOT release levels. This kind of thing is typical in a multi-module build. I think we do want MENFORCER-186 to validate -SNAPSHOT sanity within a reactor, but we also want to be tolerant of -SNAPSHOT versions for dependencies when we are in the same reactor; It is perfectly fine to fail the build if it has -SNAPSHOT outside of the reactor. This requireReleaseDeps is practically useless as it stands today. Require Release Dependencies ignorant about aggregator build Key: MENFORCER-185 URL: https://jira.codehaus.org/browse/MENFORCER-185 Project: Maven Enforcer Plugin Issue Type: Bug Components: Standard Rules Affects Versions: 1.3.1 Reporter: Thomas Diesler If A depends on B it is ok for A-1.0.0-SNAPSHOT to have snapshot dependency on B-1.0.0-SNAPSHOT if B was build before A during the same reactor build. Using the requireReleaseDeps rule it seems that SNAPSHOTS are generally not allowed even when they belong to the same project and were built during the same reactor build. We have a complex project with 100+ modules. I want to enforce that no module has dependencies on project SNAPSHOTS that were not included in the build. In such case A would use a stale version of B that happened to be available in the local/remote maven repository. -- This message was sent by Atlassian JIRA (v6.1.6#6162)
[jira] (MENFORCER-185) Require Release Dependencies ignorant about aggregator build
[ https://jira.codehaus.org/browse/MENFORCER-185?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=342917#comment-342917 ] Karl Heinz Marbaise commented on MENFORCER-185: --- See MENFORCER-186 which is exactly what you need. I'm currently working on such rule. Require Release Dependencies ignorant about aggregator build Key: MENFORCER-185 URL: https://jira.codehaus.org/browse/MENFORCER-185 Project: Maven Enforcer Plugin Issue Type: Bug Components: Standard Rules Affects Versions: 1.3.1 Reporter: Thomas Diesler If A depends on B it is ok for A-1.0.0-SNAPSHOT to have snapshot dependency on B-1.0.0-SNAPSHOT if B was build before A during the same reactor build. Using the requireReleaseDeps rule it seems that SNAPSHOTS are generally not allowed even when they belong to the same project and were built during the same reactor build. We have a complex project with 100+ modules. I want to enforce that no module has dependencies on project SNAPSHOTS that were not included in the build. In such case A would use a stale version of B that happened to be available in the local/remote maven repository. -- This message was sent by Atlassian JIRA (v6.1.6#6162)
[jira] (MENFORCER-185) Require Release Dependencies ignorant about aggregator build
Thomas Diesler created MENFORCER-185: Summary: Require Release Dependencies ignorant about aggregator build Key: MENFORCER-185 URL: https://jira.codehaus.org/browse/MENFORCER-185 Project: Maven Enforcer Plugin Issue Type: Bug Components: Standard Rules Affects Versions: 1.3.1 Reporter: Thomas Diesler If A depends on B it is ok for A-1.0.0-SNAPSHOT to have snapshot dependency on B-1.0.0-SNAPSHOT if B was build before A during the same reactor build. Using the requireReleaseDeps rule it seems that SNAPSHOTS are generally not allowed even when they belong to the same project and were built during the same reactor build. We have a complex project with 100+ modules. I want to enforce that no module has dependencies on project SNAPSHOTS that were not included in the build. In such case A would use a stale version of B that happened to be available in the local/remote maven repository. -- This message was sent by Atlassian JIRA (v6.1.6#6162)
[jira] (MENFORCER-185) Require Release Dependencies ignorant about aggregator build
[ https://jira.codehaus.org/browse/MENFORCER-185?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=342051#comment-342051 ] Thomas Diesler commented on MENFORCER-185: -- Cross reference: https://issues.jboss.org/browse/FABRIC-884 Require Release Dependencies ignorant about aggregator build Key: MENFORCER-185 URL: https://jira.codehaus.org/browse/MENFORCER-185 Project: Maven Enforcer Plugin Issue Type: Bug Components: Standard Rules Affects Versions: 1.3.1 Reporter: Thomas Diesler If A depends on B it is ok for A-1.0.0-SNAPSHOT to have snapshot dependency on B-1.0.0-SNAPSHOT if B was build before A during the same reactor build. Using the requireReleaseDeps rule it seems that SNAPSHOTS are generally not allowed even when they belong to the same project and were built during the same reactor build. We have a complex project with 100+ modules. I want to enforce that no module has dependencies on project SNAPSHOTS that were not included in the build. In such case A would use a stale version of B that happened to be available in the local/remote maven repository. -- This message was sent by Atlassian JIRA (v6.1.6#6162)
