Hi,
FYI I've created a ticket few months ago to create such Sonar plugin :
http://jira.codehaus.org/browse/SONARPLUGINS-41.
This Sonar plugin could work like this :
1 - Accept a text list of prohibited dependencies. For instance :
libGroupeId1:libArtifactId1:[libScope1]:[libType1]:(,libVersion1]
libGroupeId2:libArtifactId2:[libScope2]:[libType2]:(,libVersion2]
....
2 - Automatically configure and launch the Maven dependency plugin (
http://maven.apache.org/plugins/maven-dependency-plugin/) to dump the
dependency tree in a report file
3 - Read the report file, look for dependencies which could match the
prohibited ones and insert those violations in the Sonar DB
I'll glad to support anyone interested by writing such plugin.
Freddy
----------------------------------------
Freddy Mallet
www.SonarSource.com
Sonar.codehaus.org
http://twitter.com/FreddyMallet
----------------------------------------
On Fri, Sep 11, 2009 at 11:00 PM, Jim Sellers <[email protected]> wrote:
> Sounds useful to me.
>
> We were going to build a similar plugin - but the plan for it to be a sonar
> plugin rather than a maven plugin.
>
> Jim
>
>
> On Fri, Sep 11, 2009 at 10:23 AM, Ben Lidgey <[email protected]
> >wrote:
>
> >
> > It sounds like it could be useful, but perhaps with a warning as there
> are
> > maintenance projects applying bug fixes to existing projects that may not
> > want to update older components to avoid too many changes.
> >
> > Ben
> >
> >
> > On 10/09/2009 22:03, "Wendy Smoak" <[email protected]> wrote:
> >
> > A group I work with had a requirement to be able to deprecate and ban
> > old versions of their artifacts. The dev team is very large and
> > simply sending out an email telling everyone not to use version 1.0 of
> > some artifact won't work. The team needed a way to warn and/or
> > enforce that the old version is no longer supported and should not (or
> > must not) be used.
> >
> > I think they started out writing a rule for the Enforcer plugin, but
> > at some point it turned into a separate plugin. (There was a concern
> > about teams simply re-configuring the Enforcer plugin to get around
> > the rules.)
> >
> > In the repository, they have a versions-metadata.xml file sitting next
> > to the maven-metadata.xml file. The plugin examines all the
> > dependencies in the build and looks for the versions-metadata.xml
> > file to see if it needs to warn or fail.
> >
> > They're considering contributing the plugin and are wondering whether
> > it sounds useful to the general Maven community before they start
> > wading through the corporate legal stuff that would be necessary to
> > make that happen.
> >
> > Does it sound like something you might use? Let me know if you want
> > more details on it, or perhaps one of the devs that's involved will
> > chime in.
> >
> > Thanks,
> > --
> > Wendy
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [email protected]
> > For additional commands, e-mail: [email protected]
> >
> >
> >
> >
> > E-Mail : [email protected]
> > ______________________________________
> > Move Networks UK
> > Enterprise House
> > Navigation Park
> > Abercynon
> > CF45 4SN
> > t: +44 (0)8445 460100
> > f: +44 (0)8445 460200 / (0)1443 742 568
> > w: www.movenetworks.com
> >
> >
>
