[jira] [Commented] (MPMD-379) Support PMD 7.0.0
[ https://issues.apache.org/jira/browse/MPMD-379?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17801261#comment-17801261 ] Charles Honton commented on MPMD-379: - [PMD 7.0.0-rc4|https://repo1.maven.org/maven2/net/sourceforge/pmd/pmd/7.0.0-rc4/] has been [released|https://docs.pmd-code.org/pmd-doc-7.0.0-rc4/pmd_release_notes_pmd7.html]. Is anything blocking release of this support? (I really want to get onto Java21) > Support PMD 7.0.0 > - > > Key: MPMD-379 > URL: https://issues.apache.org/jira/browse/MPMD-379 > Project: Maven PMD Plugin > Issue Type: Improvement > Components: CPD, PMD >Reporter: Andreas Dangel >Assignee: Andreas Dangel >Priority: Major > > Add support for the new major version of PMD. > This has some non-backward compatible changes. Upgrading m-pmd-p to PMD 7 > most likely means, that only PMD 7 will be supported onwards (no backwards > compatibility supported). > wip branch: [https://github.com/apache/maven-pmd-plugin/compare/master...pmd7] > > A snapshot version that is compatible with the current 7.0.0 release > candidates is available here as version {*}3.21.1-pmd-7-SNAPSHOT{*}: > {code:java} > > apache.snapshots > Apache Snapshot Repository > https://repository.apache.org/snapshots > > false > > > true > > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (MSHARED-1039) Array parsing is incorrect
Charles Honton created MSHARED-1039: --- Summary: Array parsing is incorrect Key: MSHARED-1039 URL: https://issues.apache.org/jira/browse/MSHARED-1039 Project: Maven Shared Components Issue Type: Bug Components: maven-dependency-analyzer Affects Versions: maven-dependency-analyzer-1.12.0 Reporter: Charles Honton Arrays [of Arrays]+ of class types should add just the class type to dependency set Arrays of scalar types should not be added -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Created] (MSHARED-1038) Inner classes are in same compilation unit as container class
Charles Honton created MSHARED-1038: --- Summary: Inner classes are in same compilation unit as container class Key: MSHARED-1038 URL: https://issues.apache.org/jira/browse/MSHARED-1038 Project: Maven Shared Components Issue Type: Bug Components: maven-dependency-analyzer Affects Versions: maven-dependency-analyzer-1.12.0 Reporter: Charles Honton Since inner classes cannot be created without a container class and will be in same artifact as the container class, do not track inner class independent of the container class. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Created] (MSHARED-1037) method type signature should not add be added to classes
Charles Honton created MSHARED-1037: --- Summary: method type signature should not add be added to classes Key: MSHARED-1037 URL: https://issues.apache.org/jira/browse/MSHARED-1037 Project: Maven Shared Components Issue Type: Bug Components: maven-dependency-analyzer Affects Versions: maven-dependency-analyzer-1.12.0 Reporter: Charles Honton In ConstantPoolParser, method type signatures should not be added as a class dependency -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (MDEP-790) New Goals: analyze-main and analyze-test
[ https://issues.apache.org/jira/browse/MDEP-790?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17492217#comment-17492217 ] Charles Honton commented on MDEP-790: - I would suggest targeting this for 3.4.0 > New Goals: analyze-main and analyze-test > - > > Key: MDEP-790 > URL: https://issues.apache.org/jira/browse/MDEP-790 > Project: Maven Dependency Plugin > Issue Type: New Feature >Reporter: Charles Honton >Priority: Major > > As a user of the dependency plugin, I desire two new goals; analyze-main and > analysis-test. Each goal is similar to the analyze-only goal. > The following parameters are supported: > ||String[]|List of dependencies that will > be ignored if they are declared but unused. The filter syntax is: > [groupId]:[artifactId]:[type]:[version] > where each pattern segment is optional and supports full and partial * > wildcards. An empty pattern segment is treated as an implicit wildcard. * > For example, org.apache. \{*}will match all artifacts whose group id starts > with org.apache., and :::{*}-SNAPSHOT will match all snapshot artifacts.| > ||String[]|List of dependencies that will > be ignored if they are used but undeclared. The filter syntax is: > [groupId]:[artifactId]:[type]:[version] > where each pattern segment is optional and supports full and partial * > wildcards. An empty pattern segment is treated as an implicit wildcard. * > For example, org.apache. \{*}will match all artifacts whose group id starts > with org.apache., and :::{*}-SNAPSHOT will match all snapshot artifacts.| > ||boolean|Skip plugin execution completely. > {*}Default value is{*}: false. > {*}User property is{*}: mdep.analyze.skip.| > ||boolean|Skip analyze-main goal execution. > {*}Default value is{*}: false. > {*}User property is{*}: mdep.analyze.skipMain.| > ||boolean|Skip analyze-test goal execution. > {*}Default value is{*}: false. > {*}User property is{*}: mdep.analyze.skipTest.| > ||String[]|Force dependencies as used, to override > incomplete result caused by bytecode-level analysis. Dependency format is > groupId:artifactId.| > > The analyze-main goal will > * Require a Maven project to be executed. > * Require dependency resolution of artifacts in scope: compile. > * Bind by default to the lifecycle phase: process-classes. > > The algorithm it implements is as follows: > # Use byte code inspection on each class in the main artifact to determine > the set of classes required to compile the main sources. These classes are > the used-classes set. If there is not a main artifact, the used-classes set > is empty. > # Determine in which dependencies each used class is present. Add these > dependencies to the used-dependency set. > # If any used class is present in multiple used-dependency dependencies, add > that class and list of dependencies to the multiple-definition map. > # Add any dependency declared in the _usedDependencies_ parameter to the > used-dependency set. > # The declared-dependency set contains the main-artifact and the > compile-scope dependency set from the maven resolver. > # Add each dependency in the declared-dependency set that is not in the > used-dependency set to the declared-but-unused list. > # Remove any dependency from the declared-but-unused set that matches > patterns declared in the _ignoreUnusedDeclaredDependencies_ parameter. > # The classpath-dependency set contains the main-artifact and the > compile-scope, provided-scope, and system-scope dependency sets from the > maven resolver. > # Add each dependency in the used-dependency set that is not in the > classpath-dependency set to the used-but-undeclared set > # Remove any dependency from the used-but-undeclared set that matches > patterns declared in the _ignoreUsedUndeclaredDependencies_ parameter. > # If the multiple-definition map is non-empty, print as warning the class > name and artifacts the class is defined in. > # Print remaining members of declared-but-unused set to the console > # Print remaining members of used-but-undeclared set to the console > # If either declared-but-unused set or used-but-undeclared set is not empty, > fail the build > > The analyze-test goal will > * Require a Maven project to be executed. > * Require dependency resolution of artifacts in scope: test-compile. > * Bind by default to the lifecycle phase: process-test-classes. > > The algorithm it implements is the same as analyze-main algorithm with the > following modifications: > 1. Use the test artifact instead of the main artifact to determine the > used-classes set. > 5. The declared-dependency set contains the main-artifact, the > test-artifact, and the test-scope dependency set from the maven resolver. > 8. The classpath-dependency set contains the main-artifact, the > test-artifact,
[jira] [Created] (MDEP-790) New Goals: analyze-main and analyze-test
Charles Honton created MDEP-790: --- Summary: New Goals: analyze-main and analyze-test Key: MDEP-790 URL: https://issues.apache.org/jira/browse/MDEP-790 Project: Maven Dependency Plugin Issue Type: New Feature Reporter: Charles Honton As a user of the dependency plugin, I desire two new goals; analyze-main and analysis-test. Each goal is similar to the analyze-only goal. The following parameters are supported: ||String[]|List of dependencies that will be ignored if they are declared but unused. The filter syntax is: [groupId]:[artifactId]:[type]:[version] where each pattern segment is optional and supports full and partial * wildcards. An empty pattern segment is treated as an implicit wildcard. * For example, org.apache. \{*}will match all artifacts whose group id starts with org.apache., and :::{*}-SNAPSHOT will match all snapshot artifacts.| ||String[]|List of dependencies that will be ignored if they are used but undeclared. The filter syntax is: [groupId]:[artifactId]:[type]:[version] where each pattern segment is optional and supports full and partial * wildcards. An empty pattern segment is treated as an implicit wildcard. * For example, org.apache. \{*}will match all artifacts whose group id starts with org.apache., and :::{*}-SNAPSHOT will match all snapshot artifacts.| ||boolean|Skip plugin execution completely. {*}Default value is{*}: false. {*}User property is{*}: mdep.analyze.skip.| ||boolean|Skip analyze-main goal execution. {*}Default value is{*}: false. {*}User property is{*}: mdep.analyze.skipMain.| ||boolean|Skip analyze-test goal execution. {*}Default value is{*}: false. {*}User property is{*}: mdep.analyze.skipTest.| ||String[]|Force dependencies as used, to override incomplete result caused by bytecode-level analysis. Dependency format is groupId:artifactId.| The analyze-main goal will * Require a Maven project to be executed. * Require dependency resolution of artifacts in scope: compile. * Bind by default to the lifecycle phase: process-classes. The algorithm it implements is as follows: # Use byte code inspection on each class in the main artifact to determine the set of classes required to compile the main sources. These classes are the used-classes set. If there is not a main artifact, the used-classes set is empty. # Determine in which dependencies each used class is present. Add these dependencies to the used-dependency set. # If any used class is present in multiple used-dependency dependencies, add that class and list of dependencies to the multiple-definition map. # Add any dependency declared in the _usedDependencies_ parameter to the used-dependency set. # The declared-dependency set contains the main-artifact and the compile-scope dependency set from the maven resolver. # Add each dependency in the declared-dependency set that is not in the used-dependency set to the declared-but-unused list. # Remove any dependency from the declared-but-unused set that matches patterns declared in the _ignoreUnusedDeclaredDependencies_ parameter. # The classpath-dependency set contains the main-artifact and the compile-scope, provided-scope, and system-scope dependency sets from the maven resolver. # Add each dependency in the used-dependency set that is not in the classpath-dependency set to the used-but-undeclared set # Remove any dependency from the used-but-undeclared set that matches patterns declared in the _ignoreUsedUndeclaredDependencies_ parameter. # If the multiple-definition map is non-empty, print as warning the class name and artifacts the class is defined in. # Print remaining members of declared-but-unused set to the console # Print remaining members of used-but-undeclared set to the console # If either declared-but-unused set or used-but-undeclared set is not empty, fail the build The analyze-test goal will * Require a Maven project to be executed. * Require dependency resolution of artifacts in scope: test-compile. * Bind by default to the lifecycle phase: process-test-classes. The algorithm it implements is the same as analyze-main algorithm with the following modifications: 1. Use the test artifact instead of the main artifact to determine the used-classes set. 5. The declared-dependency set contains the main-artifact, the test-artifact, and the test-scope dependency set from the maven resolver. 8. The classpath-dependency set contains the main-artifact, the test-artifact, and the test-scope, compile-scope, provided-scope, and system-scope dependency sets from the maven resolver -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (MDEP-753) Non-test dependency reported as Non-test scoped test only dependency
[ https://issues.apache.org/jira/browse/MDEP-753?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17492216#comment-17492216 ] Charles Honton commented on MDEP-753: - As a user of the dependency plugin, I expect the analyze and analysis-only goals to implement the following algorithm. - Use byte code inspection on each class in the main and test artifacts to determine the set of classes required to compile the main and test sources. These classes are the used-classes set. - Determine in which dependencies each used class is present. Add these dependencies to the used-dependency set. - Add any dependency declared in the usedDependencies parameter to the used-dependency set. - If ignoreNonCompile parameter is true, the declared-dependency set is the compile-scope dependencies from the maven resolver. Else, if ignoreUnusedRuntime parameter is true, the declared-dependency set is the compile-scope, provided-scope, and system-scope dependencies from the maven resolver. Otherwise, the declared-dependency set is the compile-scope, provided-scope, system-scope, and test-scope dependencies from the maven resolver. - Add each dependency in the used-dependency set that is not in the declared-dependency set to the used-but-undeclared set. - Remove any dependency from the used-but-undeclared set that matches patterns declared in the ignoreUsedUndeclaredDependencies parameter or the ignoreDependencies parameter. - Add each dependency in the declared-dependency that is not in the used-dependency set to the declared-but-unused set. - Remove any dependency from the declared-but-unused set that matches patterns declared in the ignoreUnusedDeclaredDependencies parameter or ignoreDependencies parameter. - Print remaining members of used-but-undeclared set to the console or xml file. - Print remaining members of declared-but-unused set to the console. - If failOnWarning parameter is true, fail the build > Non-test dependency reported as Non-test scoped test only dependency > > > Key: MDEP-753 > URL: https://issues.apache.org/jira/browse/MDEP-753 > Project: Maven Dependency Plugin > Issue Type: Bug > Components: analyze >Affects Versions: 3.2.0 >Reporter: Elliotte Rusty Harold >Assignee: Elliotte Rusty Harold >Priority: Critical > Fix For: 3.3.0 > > Attachments: chas.zip, tj.zip > > > Saw this when updating the google-http-java-client from 3.1.2 to 3.2.0 of the > plugin. I'm not immediately sure whether this is a regression: > [INFO] --- maven-dependency-plugin:3.2.0:analyze (default-cli) @ > google-http-client --- > Warning: Non-test scoped test only dependencies found: > Warning: com.google.guava:guava:jar:30.1.1-android:compile > Warning: io.opencensus:opencensus-api:jar:0.28.0:compile > Changing Guava to scope test breaks the build, which is expected based on the > code. The warning seems incorrect. > https://github.com/googleapis/google-http-java-client/pull/1396 > https://github.com/googleapis/google-http-java-client/pull/1396/checks?check_run_id=2809438131 -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (MDEP-753) Non-test dependency reported as Non-test scoped test only dependency
[ https://issues.apache.org/jira/browse/MDEP-753?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17491603#comment-17491603 ] Charles Honton commented on MDEP-753: - This changes the semantics of 'compile' scope. The definition of a parent class or interface is required to compile a class. The parent and list of interfaces are available in the byte code. Having a new option will require additional, per module, changes to poms. A new version should just drop in without requiring a change in the pom. > Non-test dependency reported as Non-test scoped test only dependency > > > Key: MDEP-753 > URL: https://issues.apache.org/jira/browse/MDEP-753 > Project: Maven Dependency Plugin > Issue Type: Bug > Components: analyze >Affects Versions: 3.2.0 >Reporter: Elliotte Rusty Harold >Assignee: Elliotte Rusty Harold >Priority: Critical > Fix For: 3.3.0 > > Attachments: chas.zip, tj.zip > > > Saw this when updating the google-http-java-client from 3.1.2 to 3.2.0 of the > plugin. I'm not immediately sure whether this is a regression: > [INFO] --- maven-dependency-plugin:3.2.0:analyze (default-cli) @ > google-http-client --- > Warning: Non-test scoped test only dependencies found: > Warning: com.google.guava:guava:jar:30.1.1-android:compile > Warning: io.opencensus:opencensus-api:jar:0.28.0:compile > Changing Guava to scope test breaks the build, which is expected based on the > code. The warning seems incorrect. > https://github.com/googleapis/google-http-java-client/pull/1396 > https://github.com/googleapis/google-http-java-client/pull/1396/checks?check_run_id=2809438131 -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (MDEP-753) Non-test dependency reported as Non-test scoped test only dependency
[ https://issues.apache.org/jira/browse/MDEP-753?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17491416#comment-17491416 ] Charles Honton commented on MDEP-753: - In my opinion, the latest zip demonstrates that this issue still exists and that this issue should be re-opened. > Non-test dependency reported as Non-test scoped test only dependency > > > Key: MDEP-753 > URL: https://issues.apache.org/jira/browse/MDEP-753 > Project: Maven Dependency Plugin > Issue Type: Bug > Components: analyze >Affects Versions: 3.2.0 >Reporter: Elliotte Rusty Harold >Assignee: Elliotte Rusty Harold >Priority: Critical > Fix For: 3.3.0 > > Attachments: chas.zip, tj.zip > > > Saw this when updating the google-http-java-client from 3.1.2 to 3.2.0 of the > plugin. I'm not immediately sure whether this is a regression: > [INFO] --- maven-dependency-plugin:3.2.0:analyze (default-cli) @ > google-http-client --- > Warning: Non-test scoped test only dependencies found: > Warning: com.google.guava:guava:jar:30.1.1-android:compile > Warning: io.opencensus:opencensus-api:jar:0.28.0:compile > Changing Guava to scope test breaks the build, which is expected based on the > code. The warning seems incorrect. > https://github.com/googleapis/google-http-java-client/pull/1396 > https://github.com/googleapis/google-http-java-client/pull/1396/checks?check_run_id=2809438131 -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (MDEP-753) Non-test dependency reported as Non-test scoped test only dependency
[ https://issues.apache.org/jira/browse/MDEP-753?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17491391#comment-17491391 ] Charles Honton commented on MDEP-753: - [^chas.zip] Added analyze-only execution to the pom. > Non-test dependency reported as Non-test scoped test only dependency > > > Key: MDEP-753 > URL: https://issues.apache.org/jira/browse/MDEP-753 > Project: Maven Dependency Plugin > Issue Type: Bug > Components: analyze >Affects Versions: 3.2.0 >Reporter: Elliotte Rusty Harold >Assignee: Elliotte Rusty Harold >Priority: Critical > Fix For: 3.3.0 > > Attachments: chas.zip, tj.zip > > > Saw this when updating the google-http-java-client from 3.1.2 to 3.2.0 of the > plugin. I'm not immediately sure whether this is a regression: > [INFO] --- maven-dependency-plugin:3.2.0:analyze (default-cli) @ > google-http-client --- > Warning: Non-test scoped test only dependencies found: > Warning: com.google.guava:guava:jar:30.1.1-android:compile > Warning: io.opencensus:opencensus-api:jar:0.28.0:compile > Changing Guava to scope test breaks the build, which is expected based on the > code. The warning seems incorrect. > https://github.com/googleapis/google-http-java-client/pull/1396 > https://github.com/googleapis/google-http-java-client/pull/1396/checks?check_run_id=2809438131 -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (MDEP-753) Non-test dependency reported as Non-test scoped test only dependency
[ https://issues.apache.org/jira/browse/MDEP-753?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Charles Honton updated MDEP-753: Attachment: chas.zip > Non-test dependency reported as Non-test scoped test only dependency > > > Key: MDEP-753 > URL: https://issues.apache.org/jira/browse/MDEP-753 > Project: Maven Dependency Plugin > Issue Type: Bug > Components: analyze >Affects Versions: 3.2.0 >Reporter: Elliotte Rusty Harold >Assignee: Elliotte Rusty Harold >Priority: Critical > Fix For: 3.3.0 > > Attachments: chas.zip, tj.zip > > > Saw this when updating the google-http-java-client from 3.1.2 to 3.2.0 of the > plugin. I'm not immediately sure whether this is a regression: > [INFO] --- maven-dependency-plugin:3.2.0:analyze (default-cli) @ > google-http-client --- > Warning: Non-test scoped test only dependencies found: > Warning: com.google.guava:guava:jar:30.1.1-android:compile > Warning: io.opencensus:opencensus-api:jar:0.28.0:compile > Changing Guava to scope test breaks the build, which is expected based on the > code. The warning seems incorrect. > https://github.com/googleapis/google-http-java-client/pull/1396 > https://github.com/googleapis/google-http-java-client/pull/1396/checks?check_run_id=2809438131 -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (MDEP-753) Non-test dependency reported as Non-test scoped test only dependency
[ https://issues.apache.org/jira/browse/MDEP-753?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17491068#comment-17491068 ] Charles Honton commented on MDEP-753: - Removing those two dependencies allowed compile to succeed with following dependency errors: [INFO] --- maven-dependency-plugin:3.3.0-SNAPSHOT:analyze-only (check-dependencies) @ client-lib --- [WARNING] Used undeclared dependencies found: [WARNING]io.smallrye.config:smallrye-config:jar:2.7.0:compile [WARNING]com.fasterxml.jackson.core:jackson-core:jar:2.12.6:compile [WARNING] Non-test scoped test only dependencies found: [WARNING]io.smallrye.config:smallrye-config:jar:2.7.0:compile [WARNING]com.fasterxml.jackson.core:jackson-core:jar:2.12.6:compile > Non-test dependency reported as Non-test scoped test only dependency > > > Key: MDEP-753 > URL: https://issues.apache.org/jira/browse/MDEP-753 > Project: Maven Dependency Plugin > Issue Type: Bug > Components: analyze >Affects Versions: 3.2.0 >Reporter: Elliotte Rusty Harold >Assignee: Elliotte Rusty Harold >Priority: Critical > Fix For: 3.3.0 > > > Saw this when updating the google-http-java-client from 3.1.2 to 3.2.0 of the > plugin. I'm not immediately sure whether this is a regression: > [INFO] --- maven-dependency-plugin:3.2.0:analyze (default-cli) @ > google-http-client --- > Warning: Non-test scoped test only dependencies found: > Warning: com.google.guava:guava:jar:30.1.1-android:compile > Warning: io.opencensus:opencensus-api:jar:0.28.0:compile > Changing Guava to scope test breaks the build, which is expected based on the > code. The warning seems incorrect. > https://github.com/googleapis/google-http-java-client/pull/1396 > https://github.com/googleapis/google-http-java-client/pull/1396/checks?check_run_id=2809438131 -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (MDEP-753) Non-test dependency reported as Non-test scoped test only dependency
[ https://issues.apache.org/jira/browse/MDEP-753?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17491064#comment-17491064 ] Charles Honton commented on MDEP-753: - Unfortunately, does not work on my largish project; 3.1.2: no issues 3.2.0 [INFO] --- maven-dependency-plugin:3.2.0:analyze-only (check-dependencies) @ client-lib --- [WARNING] Non-test scoped test only dependencies found: [WARNING] org.jboss.spec.javax.ws.rs:jboss-jaxrs-api_2.1_spec:jar:2.0.1.Final:compile [WARNING]io.smallrye.config:smallrye-config:jar:2.7.0:compile [WARNING]com.fasterxml.jackson.core:jackson-databind:jar:2.12.6:compile [WARNING]org.yaml:snakeyaml:jar:1.29:compile [WARNING]org.bitbucket.b_c:jose4j:jar:0.7.9:compile [WARNING]com.fasterxml.jackson.core:jackson-core:jar:2.12.6:compile [INFO] 3.3.0 [INFO] --- maven-dependency-plugin:3.3.0-SNAPSHOT:analyze-only (check-dependencies) @ client-lib --- [WARNING] Non-test scoped test only dependencies found: [WARNING]io.smallrye.config:smallrye-config:jar:2.7.0:compile [WARNING]com.fasterxml.jackson.core:jackson-core:jar:2.12.6:compile Scoping jackson-core to 'test' will cause build to fail. One clue: ObjectMapper is a class in the jackson-databind jar. Its parent class is ObjectCodec, in the jackson-core jar. > Non-test dependency reported as Non-test scoped test only dependency > > > Key: MDEP-753 > URL: https://issues.apache.org/jira/browse/MDEP-753 > Project: Maven Dependency Plugin > Issue Type: Bug > Components: analyze >Affects Versions: 3.2.0 >Reporter: Elliotte Rusty Harold >Assignee: Elliotte Rusty Harold >Priority: Critical > Fix For: 3.3.0 > > > Saw this when updating the google-http-java-client from 3.1.2 to 3.2.0 of the > plugin. I'm not immediately sure whether this is a regression: > [INFO] --- maven-dependency-plugin:3.2.0:analyze (default-cli) @ > google-http-client --- > Warning: Non-test scoped test only dependencies found: > Warning: com.google.guava:guava:jar:30.1.1-android:compile > Warning: io.opencensus:opencensus-api:jar:0.28.0:compile > Changing Guava to scope test breaks the build, which is expected based on the > code. The warning seems incorrect. > https://github.com/googleapis/google-http-java-client/pull/1396 > https://github.com/googleapis/google-http-java-client/pull/1396/checks?check_run_id=2809438131 -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (MINSTALL-143) Move checksum generation from install to deploy plugin
[ https://issues.apache.org/jira/browse/MINSTALL-143?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16394282#comment-16394282 ] Charles Honton commented on MINSTALL-143: - Consider extracting checksums and signing into a separate plugin. Some organizations use their repository to stage, verify, and sign artifacts; no checksums are needed in this scenario. Some organizations also require public/private key signing; additional signing methods are needed in this scenario. advantages: * separation of concerns * flexibility to quickly add and configure new signing methods * availability of signing/checksuming non-artifacts short-term disadvantages: * additional default binding required in core maven * configuration is moving from install to signing plugin > Move checksum generation from install to deploy plugin > -- > > Key: MINSTALL-143 > URL: https://issues.apache.org/jira/browse/MINSTALL-143 > Project: Maven Install Plugin > Issue Type: Improvement >Affects Versions: 3.0.0 >Reporter: Karl Heinz Marbaise >Priority: Blocker > Fix For: 3.0.0 > > > We should move the checksum generation from maven-install-plugin to > maven-deploy-plugin cause the checksums will only be needed as a preparation > for the transfer to a remote repository but not for an installation into a > local repository. > This needed to be done within maven-artifact-transfer component first. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MINSTALL-115) Setting installAtEnd causes no installs to occur when a multimodule project has multiple class realms
[ https://issues.apache.org/jira/browse/MINSTALL-115?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16370902#comment-16370902 ] Charles Honton commented on MINSTALL-115: - I suspect installAtEnd has same problems as deployAtEnd. see MDEPLOY-200, MDEPLOY-224, MDEPLOY-225, and MDEPLOY-226 for a solution. > Setting installAtEnd causes no installs to occur when a multimodule project > has multiple class realms > - > > Key: MINSTALL-115 > URL: https://issues.apache.org/jira/browse/MINSTALL-115 > Project: Maven Install Plugin > Issue Type: Bug > Components: install:install >Affects Versions: 2.5.2 >Reporter: Philip Pearson >Priority: Major > Attachments: InstallConfiguration.java, mojo.patch > > > When the {{installAtEnd}} configuration parameter is set to {{true}} on a > multimodule project with multiple class realms then because a different class > loaders creates instances of the {{InstallMojo}} class there will be muliple > instances of {{readyProjectsCounter}} and {{installRequests}}. > However, because the end is determined by {{projectsReady = > readyProjectsCounter.incrementAndGet() == reactorProjects.size()}} it will > never complete as {{readyProjectsCounter}} will never equal the size > {{reactorProjects}} if even one project is executed in another class realm. > {{maven-deploy-plugin}} partially solved this in MDEPLOY-193 by using > {{project.equals(reactorProjects.get(reactorProjects.size() - 1))}} instead. > However, the installation is a little more complex than the deploy as we need > to read the used the {{createChecksum}} and {{updateReleaseInfo}} > configuration parameters from each installed project - we can't store them > ahead of time because of the issue with the class realms, so we need to read > the plugin configurations before we can call > {{installProject(instalRequest)}}. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MINSTALL-102) installAtEnd does not install artifacts for multi-module with packaging maven-archetype
[ https://issues.apache.org/jira/browse/MINSTALL-102?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16370901#comment-16370901 ] Charles Honton commented on MINSTALL-102: - I suspect installAtEnd has same problems as deployAtEnd. see MDEPLOY-200, MDEPLOY-224, MDEPLOY-225, and MDEPLOY-226, > installAtEnd does not install artifacts for multi-module with packaging > maven-archetype > --- > > Key: MINSTALL-102 > URL: https://issues.apache.org/jira/browse/MINSTALL-102 > Project: Maven Install Plugin > Issue Type: Bug > Components: install:install >Affects Versions: 2.5.1, 2.5.2 > Environment: Windows 7 / SLES11 >Reporter: Jörg Sesterhenn >Assignee: Robert Scholte >Priority: Major > Attachments: test.zip, test2.zip > > > InstallAtEnd does not install any artifacts for multi-module maven-archetype. > See attached minimal example (test.zip). > Same error occurs for deployPlugin! -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (MDEPLOY-226) DeployAtEnd fails when module has extension
[ https://issues.apache.org/jira/browse/MDEPLOY-226?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Charles Honton updated MDEPLOY-226: --- Attachment: MDEPLOY-226.diff Attached diff will fix MDEPLOY-224, MDEPLOY-225, and MDEPLOY-226. Includes integration tests for each bug. > DeployAtEnd fails when module has extension > --- > > Key: MDEPLOY-226 > URL: https://issues.apache.org/jira/browse/MDEPLOY-226 > Project: Maven Deploy Plugin > Issue Type: Bug > Components: deploy:deploy >Affects Versions: 2.8.2 >Reporter: Charles Honton >Priority: Minor > Attachments: MDEPLOY-226.diff > > > Setup: > Aggregator pom has deployAtEnd=true > Any module has additional extension > Expected: > All modules and aggregator batched to single deploy at end > Actual: > No modules nor aggregator are deployed -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (MDEPLOY-226) DeployAtEnd fails when module has extension
Charles Honton created MDEPLOY-226: -- Summary: DeployAtEnd fails when module has extension Key: MDEPLOY-226 URL: https://issues.apache.org/jira/browse/MDEPLOY-226 Project: Maven Deploy Plugin Issue Type: Bug Components: deploy:deploy Affects Versions: 2.8.2 Reporter: Charles Honton Priority: Minor Setup: Aggregator pom has deployAtEnd=true Any module has additional extension Expected: All modules and aggregator batched to single deploy at end Actual: No modules nor aggregator are deployed -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (MDEPLOY-225) DeployAtEnd fails when overriding skip
Charles Honton created MDEPLOY-225: -- Summary: DeployAtEnd fails when overriding skip Key: MDEPLOY-225 URL: https://issues.apache.org/jira/browse/MDEPLOY-225 Project: Maven Deploy Plugin Issue Type: Bug Components: deploy:deploy Affects Versions: 2.8.2 Reporter: Charles Honton Priority: Minor Setup: Aggregator pom has deployAtEnd=true and skip=true All modules have skip=false Expected: Aggregator is not deployed All modules batched to single deploy at end Actual: Aggregator is not deployed No modules are deployed -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (MDEPLOY-224) Overriding deployAtEnd fails
Charles Honton created MDEPLOY-224: -- Summary: Overriding deployAtEnd fails Key: MDEPLOY-224 URL: https://issues.apache.org/jira/browse/MDEPLOY-224 Project: Maven Deploy Plugin Issue Type: Bug Components: deploy:deploy Affects Versions: 2.8.2 Reporter: Charles Honton Priority: Minor Setup: Aggregator pom has deployAtEnd false All modules have deployAtEnd true Expected: Aggregator is deployed immediately All modules batched to single deploy Actual: Aggregator is deployed immediately No modules are deployed -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (MGPG-43) Allow signing of arbitrary artifacts
[ https://issues.apache.org/jira/browse/MGPG-43?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15720163#comment-15720163 ] Charles Honton commented on MGPG-43: Clarification: first work by Sebb (MGPG43, MGPG43-2, MGPG43-3) creates a goal 'signfiles'. second work by Chas (MGPG-43) creates two goals 'sign-files' and 'checksum-files'. Included are integration tests and updated documentation. > Allow signing of arbitrary artifacts > > > Key: MGPG-43 > URL: https://issues.apache.org/jira/browse/MGPG-43 > Project: Maven GPG Plugin > Issue Type: New Feature >Reporter: Sebb > Attachments: MGPG-43.patch, MGPG43-2.patch, MGPG43-3.patch, > MGPG43.patch > > > At present, the plugin relies on being run after the "package" phase, > presumably so it knows which files to sign. > This is fine if all the artifacts are intended for distribution via Maven > repos, but there are other distribution mechanisms where signed artifacts are > needed. For example, ASF releases to their mirror system. > It would be useful if there was a separate goal for signing files using > standard includes/excludes. > Ideally this would also be integrated with the assembly plugin somehow so it > could obtain the list of files from the plugin. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Comment Edited] (MGPG-43) Allow signing of arbitrary artifacts
[ https://issues.apache.org/jira/browse/MGPG-43?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15719297#comment-15719297 ] Charles Honton edited comment on MGPG-43 at 12/4/16 4:35 AM: - A fuller implementation. (MGPG-43.patch) was (Author: charles_hon...@intuit.com): A fuller implementation. > Allow signing of arbitrary artifacts > > > Key: MGPG-43 > URL: https://issues.apache.org/jira/browse/MGPG-43 > Project: Maven GPG Plugin > Issue Type: New Feature >Reporter: Sebb > Attachments: MGPG-43.patch, MGPG43-2.patch, MGPG43-3.patch, > MGPG43.patch > > > At present, the plugin relies on being run after the "package" phase, > presumably so it knows which files to sign. > This is fine if all the artifacts are intended for distribution via Maven > repos, but there are other distribution mechanisms where signed artifacts are > needed. For example, ASF releases to their mirror system. > It would be useful if there was a separate goal for signing files using > standard includes/excludes. > Ideally this would also be integrated with the assembly plugin somehow so it > could obtain the list of files from the plugin. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (MGPG-43) Allow signing of arbitrary artifacts
[ https://issues.apache.org/jira/browse/MGPG-43?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Charles Honton updated MGPG-43: --- Attachment: MGPG-43.patch A fuller implementation. > Allow signing of arbitrary artifacts > > > Key: MGPG-43 > URL: https://issues.apache.org/jira/browse/MGPG-43 > Project: Maven GPG Plugin > Issue Type: New Feature >Reporter: Sebb > Attachments: MGPG-43.patch, MGPG43-2.patch, MGPG43-3.patch, > MGPG43.patch > > > At present, the plugin relies on being run after the "package" phase, > presumably so it knows which files to sign. > This is fine if all the artifacts are intended for distribution via Maven > repos, but there are other distribution mechanisms where signed artifacts are > needed. For example, ASF releases to their mirror system. > It would be useful if there was a separate goal for signing files using > standard includes/excludes. > Ideally this would also be integrated with the assembly plugin somehow so it > could obtain the list of files from the plugin. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (MNGSITE-281) Introduction to lifecycle update to reflect current practice wrt integration-test
Charles Honton created MNGSITE-281: -- Summary: Introduction to lifecycle update to reflect current practice wrt integration-test Key: MNGSITE-281 URL: https://issues.apache.org/jira/browse/MNGSITE-281 Project: Maven Project Web Site Issue Type: Improvement Reporter: Charles Honton Priority: Minor Using integration-test as the target from the command line doesn't do what many users expect. The failsafe plugin does not report on results until the verify phase. The cargo and tomcat plugins require at least the post-integration-test phase to be run else the web containers are not stopped. Jacoco does not collect coverage data until post-integration-test. For these situations, it no longer is a useful practice to run integration-test as the command line target. I recommend updating the introduction to remove integration-test as one of the featured phases in the \{A Build Lifecycle is Made Up of Phases\} section. -- This message was sent by Atlassian JIRA (v6.3.4#6332)