slachiewicz opened a new pull request, #1177: URL: https://github.com/apache/maven-site-plugin/pull/1177
## Problem The `getTopLevelProject()` method in `AbstractDeployMojo` incorrectly treats all SCM URLs as pointing to the same site, causing it to return the wrong top-level project when a project hierarchy uses different SCM URLs. For example, consider two projects: - Child project: `scm:git:[email protected]:codehaus-plexus/plexus-sec-dispatcher.git/` - Parent project: `scm:git:https://github.com/codehaus-plexus/plexus-pom.git/` These clearly point to different repositories, but the method incorrectly identifies them as the same site because SCM URLs are opaque URIs. When parsed as URIs, they only expose the scheme ("scm"), while host and port are both null, making all SCM URLs appear identical. ## Solution This PR fixes the issue by: 1. **Adding maven-scm-api dependency** to properly parse SCM URLs using `ScmUrlUtils.getProviderSpecificPart()` 2. **Creating an `extractComparableUrl()` helper method** that: - Detects SCM URLs (starting with `scm:`) - Extracts the provider-specific part (e.g., `scm:git:https://github.com/user/repo.git` → `https://github.com/user/repo.git`) - Handles SCP-like Git syntax (e.g., `[email protected]:user/repo.git`) by converting it to a comparable format (`ssh://github.com/user/repo.git`) - Returns the original URL unchanged for non-SCM URLs 3. **Updating `getTopLevelProject()`** to use the extracted comparable URLs for site comparison ## Example **Before this fix:** ```java // These would incorrectly be considered the same site: String url1 = "scm:git:[email protected]:codehaus-plexus/plexus-sec-dispatcher.git/"; String url2 = "scm:git:https://github.com/codehaus-plexus/plexus-pom.git/";; // Both parsed as scheme="scm", host=null, port=-1 ``` **After this fix:** ```java // These are correctly recognized as different sites: extractComparableUrl(url1) → "ssh://github.com/codehaus-plexus/plexus-sec-dispatcher.git/" extractComparableUrl(url2) → "https://github.com/codehaus-plexus/plexus-pom.git/"; // Now properly compared using their actual repository URLs ``` ## Testing Added comprehensive unit tests in `AbstractDeployMojoTest` covering: - Different SCM repositories with SCP syntax (correctly identified as different sites) - Same SCM repositories (correctly identified as the same site) - Different HTTPS SCM repositories with different domains (correctly identified as different sites) - Non-SCM URLs (existing behavior preserved) All tests pass (9 total, including 4 new tests). ## Security - No security vulnerabilities in the new maven-scm-api dependency (version 2.1.0) - CodeQL analysis shows no security issues introduced ## Backward Compatibility Fully maintained - non-SCM URLs continue to work exactly as before. Fixes https://github.com/apache/maven-site-plugin/issues/1159 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
