Author: robbie Date: Sat Apr 5 15:24:42 2014 New Revision: 1585100 URL: http://svn.apache.org/r1585100 Log: QPID-5048: add a dependency change verifcation profile to the parent pom
Work by me and Andrew MacBean <[email protected]>. Modified: qpid/qpid-parent-pom/trunk/pom.xml Modified: qpid/qpid-parent-pom/trunk/pom.xml URL: http://svn.apache.org/viewvc/qpid/qpid-parent-pom/trunk/pom.xml?rev=1585100&r1=1585099&r2=1585100&view=diff ============================================================================== --- qpid/qpid-parent-pom/trunk/pom.xml (original) +++ qpid/qpid-parent-pom/trunk/pom.xml Sat Apr 5 15:24:42 2014 @@ -528,7 +528,7 @@ <version>${clirr-maven-plugin-version}</version> </plugin> - <!-- the below are not in the parent pom --> + <!-- the below are not in the parent pom --> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-dependency-plugin</artifactId> @@ -611,5 +611,142 @@ </repository> </repositories> + <profiles> + <profile> + <id>dependency-check</id> + <!-- Use this profile with the packaging phase, to perform some checks on the module dependencies. + + Verifies that only the explicitly included licences have been used for any compile or runtime dependencies, + and additionally for any modules that set 'dependency-change-verification' true also checks for a change in + dependencies against a previous reference output that might signal need for updates to LICENSE and/or NOTICE + files inlcuded in their binary assembly files. + --> + <properties> + <license-maven-plugin-output-dir>${project.build.directory}/license-maven-plugin</license-maven-plugin-output-dir> + <dependency-verification-output-dir>${project.build.directory}/dependency-change-verification</dependency-verification-output-dir> + <dependency-verification-generated-file>${dependency-verification-output-dir}/PROCESSED_DEPENDENCIES_INFO</dependency-verification-generated-file> + <dependency-verification-reference-file>${basedir}/src/main/assembly/dependency-verification/DEPENDENCIES_REFERENCE</dependency-verification-reference-file> + <dependency-change-verification>false</dependency-change-verification> + </properties> + + <build> + <plugins> + <plugin> + <groupId>org.codehaus.mojo</groupId> + <artifactId>license-maven-plugin</artifactId> + <!-- version specified in pluginManagement --> + <configuration> + <failIfWarning>true</failIfWarning> + <excludedScopes>provided</excludedScopes> + <outputDirectory>${license-maven-plugin-output-dir}</outputDirectory> + <includedLicenses> + <includedLicense>Apache Software License, Version 2.0</includedLicense> + <includedLicense>The MIT License</includedLicense> + <includedLicense>BSD License</includedLicense> + <includedLicense>Eclipse Public License - Version 1.0</includedLicense> + <includedLicense>Common Public License Version 1.0</includedLicense> + <includedLicense>Academic Free License v2.1</includedLicense> + </includedLicenses> + <licenseMerges> + <licenseMerge>Apache Software License, Version 2.0|The Apache Software License, Version 2.0|Apache Software License - Version 2.0|Apache v2|Apache 2</licenseMerge> + <licenseMerge>The MIT License|MIT License</licenseMerge> + <licenseMerge>BSD License|New BSD</licenseMerge> + </licenseMerges> + </configuration> + <executions> + <execution> + <id>check-third-party-licensing</id> + <phase>prepare-package</phase> + <goals> + <goal>add-third-party</goal> + </goals> + </execution> + </executions> + </plugin> + + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-antrun-plugin</artifactId> + <!--version specified in pluginManagement --> + <executions> + <execution> + <id>dependency-change-verification</id> + <phase>prepare-package</phase> + <goals> + <goal>run</goal> + </goals> + <configuration> + <target if="${dependency-change-verification}"> + <!-- Set the output location for the generated file --> + <condition property="dependency-verification-output-file" value="${dependency-verification-reference-file}" else="${dependency-verification-generated-file}"> + <istrue value="${update-dependency-reference}"/> + </condition> + <!-- Output the ALv2 header and a title, then append the DEPENDENCIES file contents, + processing to strip out the qpid module version info --> + <echo>Generating dependency info at: ${dependency-verification-output-file}</echo> + <concat destfile="${dependency-verification-output-file}" append="false"> + <header filtering="no" trimleading="yes"> + # + # Licensed to the Apache Software Foundation (ASF) under one + # or more contributor license agreements. See the NOTICE file + # distributed with this work for additional information + # regarding copyright ownership. The ASF licenses this file + # to you under the Apache License, Version 2.0 (the + # "License"); you may not use this file except in compliance + # with the License. You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, + # software distributed under the License is distributed on an + # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + # KIND, either express or implied. See the License for the + # specific language governing permissions and limitations + # under the License. + # + + #// ------------------------------------------------------------------ + # TRIMMED 3RD PARTY DEPENDENCY INFORMATION FOR MODIFICATION CHECKS + # + </header> + <path path="${project.build.outputDirectory}/META-INF/DEPENDENCIES"/> + </concat> + + <replaceregexp file="${dependency-verification-output-file}" flags="gm" replace=""> + <regexp id="stripqpidcontentheader" pattern="^\/\/\ .*\n|^Qpid\ .*\n"/> + </replaceregexp> + <replaceregexp file="${dependency-verification-output-file}" flags="gm"> + <regexp id="stripqpidcontentversions" pattern="(^.*org.apache.qpid:.*:.*):.*"/> + <substitution expression="\1"/> + </replaceregexp> + <!-- Ensure the reference file is present --> + <fail message="Dependency info reference file was not present at: ${dependency-verification-reference-file}. +You can generate an initial reference file by running again with -Dupdate-dependency-reference."> + <condition> + <not> + <available file="${dependency-verification-reference-file}"/> + </not> + </condition> + </fail> + <!-- Compare output to the reference file to check they are the same, fail if they arent --> + <echo>Comparing to against reference info at: ${dependency-verification-reference-file}</echo> + <fail message="Generated dependency info does not match the reference. +Ensure LICENCE and NOTICE files are correct and then update the reference by running again with -Dupdate-dependency-reference. +Generated file: '${dependency-verification-output-file}'. Reference file: '${dependency-verification-reference-file}'."> + <condition> + <not> + <filesmatch file1="${dependency-verification-output-file}" file2="${dependency-verification-reference-file}" textfile="true"/> + </not> + </condition> + </fail> + </target> + </configuration> + </execution> + </executions> + </plugin> + </plugins> + </build> + </profile> + </profiles> </project> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
