maven-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Eggers <its_toas...@yahoo.com>
Subject Enforcer plugin
Date Thu, 03 Apr 2014 00:25:51 GMT
Folks,

I've gotten my classifier artifact to build and install in our local 
repository. Specifying the classifier gets the appropriate artifact, and 
removing the classifier gets the [other] appropriate artifact.

Now I'm a bit paranoid that the artifact with the classifier will leak 
out into other releases, so I thought I would write an enforcer rule.

I thought that the following would work:

<bannedDependencies>
     <excludes>
         <exclude>org.mdeggers:*:*:*:*:DEBUG</exclude>
     </excludes>
</bannedDependencies>

based on:

http://maven.apache.org/enforcer/enforcer-rules/bannedDependencies.html

While this certainly blocked the following dependency:

<dependency>
     <groupId>org.mdeggers</groupId>
     <artifactId>SampleBuild</artifactId>
     <version>1.5</version>
     <type>war</type>
     <classifier>DEBUG</classifier>
</dependency>

with the message:
Found Banned Dependency: org.mdeggers:SampleBuild:war:DEBUG:1.5

It also blocked the following dependency:

<dependency>
     <groupId>org.mdeggers</groupId>
     <artifactId>SampleBuild</artifactId>
     <version>1.5</version>
     <type>war</type>
</dependency>

with the message:
Found Banned Dependency: org.mdeggers:SampleBuild:war:1.5

This I did not expect. The messages are also a bit suspect in that they 
don't match the pattern given in the documentation.

I looked on JIRA and found the following (based on another thread):

http://jira.codehaus.org/browse/MENFORCER-74
http://jira.codehaus.org/browse/MENFORCER-75
http://jira.codehaus.org/browse/MENFORCER-72

These are all closed with a 'fixed' designation for release 1.3.

I'm using version 1.3.1

However, I briefly looked at the code here:

http://svn.apache.org/viewvc/maven/enforcer/tags/enforcer-1.3.1/enforcer-rules/src/main/java/org/apache/maven/plugins/enforcer/BannedDependencies.java?revision=1502671&view=markup

and classifier does not seem to have made it in.

Have I walked through this correctly? If so, is there a fix (other than 
not using classifiers, or just hoping that a DEBUG classifier doesn't 
make it into a release)?

Thanks,
Mark

/mde/

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org


Mime
View raw message