[
https://issues.apache.org/jira/browse/MNG-7789?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17725128#comment-17725128
]
ASF GitHub Bot commented on MNG-7789:
-------------------------------------
hgschmie commented on code in PR #1115:
URL: https://github.com/apache/maven/pull/1115#discussion_r1201132331
##########
maven-core/src/main/java/org/apache/maven/plugin/internal/MavenArtifactsMavenPluginDescriptorDependenciesValidator.java:
##########
@@ -0,0 +1,74 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.maven.plugin.internal;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import javax.inject.Singleton;
+
+import java.util.Set;
+import java.util.stream.Collectors;
+
+import org.apache.maven.execution.MavenSession;
+import org.apache.maven.plugin.PluginValidationManager;
+import org.apache.maven.plugin.descriptor.MojoDescriptor;
+
+/**
+ * Detects presence of unwanted Maven3 artifacts in plugin descriptor,
possibly caused by multitude of reasons, among
+ * them is "wrong scope" dependency declaration as well.
+ * <p>
+ * Historically, this class was named as "MavenScopeDependenciesValidator" due
original intent to check "wrong Maven
+ * Artifact scopes". Since then, it turned out that the values validated (the
plugin descriptor dependencies, that is
+ * produced at plugin build time by maven-plugin-plugin) may be off (for
example due maven-plugin-plugin bug), and
+ * is potentially not inline with "reality" (actual plugin dependencies).
+ * <p>
+ * The original intent related check is moved to
+ * {@link
DefaultPluginDependenciesResolver#resolve(org.apache.maven.model.Plugin,
java.util.List, org.eclipse.aether.RepositorySystemSession)}
+ * method instead.
+ *
+ * @since 3.9.3
+ */
+@Singleton
+@Named
+class MavenArtifactsMavenPluginDescriptorDependenciesValidator
+ extends AbstractMavenPluginDescriptorDependenciesValidator {
+
+ @Inject
+
MavenArtifactsMavenPluginDescriptorDependenciesValidator(PluginValidationManager
pluginValidationManager) {
+ super(pluginValidationManager);
+ }
+
+ @Override
+ protected void doValidate(MavenSession mavenSession, MojoDescriptor
mojoDescriptor) {
+ Set<String> mavenArtifacts =
mojoDescriptor.getPluginDescriptor().getDependencies().stream()
+ .filter(d -> "org.apache.maven".equals(d.getGroupId()))
+ .filter(d ->
!DefaultPluginValidationManager.EXPECTED_PROVIDED_SCOPE_EXCLUSIONS_GA.contains(
+ d.getGroupId() + ":" + d.getArtifactId()))
+ .filter(d -> d.getVersion().startsWith("3."))
+ .map(d -> d.getGroupId() + ":" + d.getArtifactId() + ":" +
d.getVersion())
+ .collect(Collectors.toSet());
+
+ if (!mavenArtifacts.isEmpty()) {
+ pluginValidationManager.reportPluginValidationIssue(
+ mavenSession,
+ mojoDescriptor,
+ "Plugin descriptor should not contain these Maven
artifacts: " + mavenArtifacts);
Review Comment:
there should be an explanation *why* the descriptor should not contain them
(and what a plugin author can do, e.g. "update the version of the
maven-plugin-plugin to at least ...").
> Plugin Dependency Validations use wrong data set
> ------------------------------------------------
>
> Key: MNG-7789
> URL: https://issues.apache.org/jira/browse/MNG-7789
> Project: Maven
> Issue Type: Improvement
> Components: Plugins and Lifecycle
> Affects Versions: 3.9.2
> Reporter: Tamas Cservenak
> Assignee: Tamas Cservenak
> Priority: Major
> Fix For: 3.9.3, 4.0.0-alpha-6, 4.0.0
>
>
> They all use pluginDescriptor/dependencies, that are NOT used to calculate
> plugin dependencies, POM is. Except for one new check (the one added in
> MNG-7786) the others should be refactored to use POM instead.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
