[
https://issues.apache.org/jira/browse/MNG-7789?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17725297#comment-17725297
]
ASF GitHub Bot commented on MNG-7789:
-------------------------------------
cstamas commented on code in PR #1115:
URL: https://github.com/apache/maven/pull/1115#discussion_r1201846556
##########
maven-core/src/main/java/org/apache/maven/plugin/internal/DefaultPluginDependenciesResolver.java:
##########
@@ -109,34 +110,8 @@ public Artifact resolve(Plugin plugin,
List<RemoteRepository> repositories, Repo
request.setTrace(trace);
ArtifactDescriptorResult result =
repoSystem.readArtifactDescriptor(pluginSession, request);
- if (result.getDependencies() != null) {
- for (org.eclipse.aether.graph.Dependency dependency :
result.getDependencies()) {
- if
("org.apache.maven".equals(dependency.getArtifact().getGroupId())
- &&
"maven-compat".equals(dependency.getArtifact().getArtifactId())
- && !JavaScopes.TEST.equals(dependency.getScope()))
{
- pluginValidationManager.reportPluginValidationIssue(
- session,
- pluginArtifact,
- "Plugin depends on the deprecated Maven 2.x
compatibility layer, which may not be supported in Maven 4.x");
- }
- }
-
- Set<String> mavenArtifacts = result.getDependencies().stream()
- .filter(d -> !JavaScopes.PROVIDED.equals(d.getScope())
&& !JavaScopes.TEST.equals(d.getScope()))
- .map(org.eclipse.aether.graph.Dependency::getArtifact)
- .filter(a -> "org.apache.maven".equals(a.getGroupId()))
- .filter(a ->
!MavenPluginDependenciesValidator.EXPECTED_PROVIDED_SCOPE_EXCLUSIONS_GA.contains(
- a.getGroupId() + ":" + a.getArtifactId()))
- .filter(a -> a.getVersion().startsWith("3."))
- .map(a -> a.getGroupId() + ":" + a.getArtifactId() +
":" + a.getVersion())
- .collect(Collectors.toSet());
-
- if (!mavenArtifacts.isEmpty()) {
- pluginValidationManager.reportPluginValidationIssue(
- session,
- pluginArtifact,
- "Plugin should declare these Maven artifacts in
`provided` scope: " + mavenArtifacts);
- }
+ for (MavenPluginDependenciesValidator dependenciesValidator :
dependenciesValidators) {
+ dependenciesValidator.validate(session, pluginArtifact,
result);
Review Comment:
readArtifactDescriptor == POM
resolveInternal = collection and resolving of POM (that above) augmented
with things like WagonExcluder, ExclusionsDependencyFilter (excludes core and
extension exported artifacts).
So, first is kinda "raw" while second is "processed", and due exclusions,
2nd will have core stuff excluded always,
> Plugin Dependency Validations use wrong data set
> ------------------------------------------------
>
> Key: MNG-7789
> URL: https://issues.apache.org/jira/browse/MNG-7789
> Project: Maven
> Issue Type: Improvement
> Components: Plugins and Lifecycle
> Affects Versions: 3.9.2
> Reporter: Tamas Cservenak
> Assignee: Tamas Cservenak
> Priority: Major
> Fix For: 3.9.3, 4.0.0-alpha-6, 4.0.0
>
>
> They all use pluginDescriptor/dependencies, that are NOT used to calculate
> plugin dependencies, POM is. Except for one new check (the one added in
> MNG-7786) the others should be refactored to use POM instead.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
