Discussion:
Enforcer banned dependencies... Not working ?
Pavel Smirnov D
2011-04-18 14:16:18 UTC
Permalink
I was trying to centralize enforcer configuration to make use of banned dependencies,
configured following in parent pom.xml:

<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>1.0-beta-1</version>
<executions> <execution>
<id>enforce-banned-dependencies-track-level</id>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<bannedDependencies>
<searchTransitive>true</searchTransitive>
<excludes>
<exclude>junit</exclude>
</excludes>
<includes>
<include>junit:junit:3.8.1</include>
</includes>
</bannedDependencies>

Ànd inside the project which has above a parent, I did this:
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.3.1</version>
</dependency>
</dependencies>

I would have expected that mvn validate will fail, as clearly version is among the banned ones.... But alas, it passes clean... trace below...

Any ideas?

Regards
Pavel

TRACE:

Apache Maven 3.0 (r1004208; 2010-10-04 12:50:56+0100)
Java version: 1.5.0_16-rev
Java home: /home/epasmir/bin/jdk/jre
Default locale: en, platform encoding: ISO646-US
OS name: "sunos" version: "5.10" arch: "sparc" Family: "unix"

Skipped...

[DEBUG] Configuring mojo org.apache.maven.plugins:maven-enforcer-plugin:1.0-beta-1:enforce from plugin realm ClassRealm[plugin>org.apache.maven.plugins:maven-enforcer-plugin:1.0-beta-1, parent: ClassRealm[maven.api, parent: null]]
[DEBUG] Configuring mojo 'org.apache.maven.plugins:maven-enforcer-plugin:1.0-beta-1:enforce' with basic configurator -->
[DEBUG] (s) fail = true
[DEBUG] (s) failFast = false
[DEBUG] (f) ignoreCache = false
[DEBUG] (s) project = MavenProject: sample:item2:1.0-SNAPSHOT @ /home/epasmir/poc/reactor/item2/pom.xml
[DEBUG] (s) searchTransitive = true
[DEBUG] (s) excludes = [junit]
[DEBUG] (s) includes = [junit:junit:3.8.1]
[DEBUG] (f) message = Best Practice is to always define plugin versions!
[DEBUG] (f) banLatest = true
[DEBUG] (f) banRelease = true
[DEBUG] (s) banSnapshots = true
[DEBUG] (s) rules = [***@110278e, ***@194e776]
[DEBUG] (s) session = ***@1342545
[DEBUG] (s) skip = false
[DEBUG] -- end configuration --
[DEBUG] Executing rule: org.apache.maven.plugins.enforcer.BannedDependencies --------------- SHOULD HAVE failed here ?!
[DEBUG] Executing rule: org.apache.maven.plugins.enforcer.RequirePluginVersions (that's fine I guess)
[WARNING] This rule is not compatible with the current version of Maven. The rule is not able to perform any checks.
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 9.203s
[INFO] Finished at: Mon Apr 18 15:12:04 BST 2011
[INFO] Final Memory: 2M/5M
[INFO] ------------------------------------------------------------------------
Anders Hammar
2011-04-18 15:00:16 UTC
Permalink
Did you read the output? The answer to why it doesn't check is stated there.

/Anders (mobile)
Post by Pavel Smirnov D
I was trying to centralize enforcer configuration to make use of banned dependencies,
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>1.0-beta-1</version>
<executions> <execution>
<id>enforce-banned-dependencies-track-level</id>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<bannedDependencies>
<searchTransitive>true</searchTransitive>
<excludes>
<exclude>junit</exclude>
</excludes>
<includes>
<include>junit:junit:3.8.1</include>
</includes>
</bannedDependencies>
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.3.1</version>
</dependency>
</dependencies>
I would have expected that mvn validate will fail, as clearly version is
among the banned ones.... But alas, it passes clean... trace below...
Post by Pavel Smirnov D
Any ideas?
Regards
Pavel
Apache Maven 3.0 (r1004208; 2010-10-04 12:50:56+0100)
Java version: 1.5.0_16-rev
Java home: /home/epasmir/bin/jdk/jre
Default locale: en, platform encoding: ISO646-US
OS name: "sunos" version: "5.10" arch: "sparc" Family: "unix"
Skipped...
[DEBUG] Configuring mojo
org.apache.maven.plugins:maven-enforcer-plugin:1.0-beta-1:enforce from
plugin realm
ClassRealm[plugin>org.apache.maven.plugins:maven-enforcer-plugin:1.0-beta-1,
parent: ClassRealm[maven.api, parent: null]]
Post by Pavel Smirnov D
[DEBUG] Configuring mojo
'org.apache.maven.plugins:maven-enforcer-plugin:1.0-beta-1:enforce' with
basic configurator -->
Post by Pavel Smirnov D
[DEBUG] (s) fail = true
[DEBUG] (s) failFast = false
[DEBUG] (f) ignoreCache = false
/home/epasmir/poc/reactor/item2/pom.xml
Post by Pavel Smirnov D
[DEBUG] (s) searchTransitive = true
[DEBUG] (s) excludes = [junit]
[DEBUG] (s) includes = [junit:junit:3.8.1]
[DEBUG] (f) message = Best Practice is to always define plugin versions!
[DEBUG] (f) banLatest = true
[DEBUG] (f) banRelease = true
[DEBUG] (s) banSnapshots = true
[DEBUG] (s) rules =
[DEBUG] (s) skip = false
[DEBUG] -- end configuration --
org.apache.maven.plugins.enforcer.BannedDependencies --------------- SHOULD
HAVE failed here ?!
org.apache.maven.plugins.enforcer.RequirePluginVersions (that's fine I
guess)
Post by Pavel Smirnov D
[WARNING] This rule is not compatible with the current version of Maven.
The rule is not able to perform any checks.
Post by Pavel Smirnov D
[INFO]
------------------------------------------------------------------------
Post by Pavel Smirnov D
[INFO] BUILD SUCCESS
[INFO]
------------------------------------------------------------------------
Post by Pavel Smirnov D
[INFO] Total time: 9.203s
[INFO] Finished at: Mon Apr 18 15:12:04 BST 2011
[INFO] Final Memory: 2M/5M
[INFO]
------------------------------------------------------------------------
Brian Fox
2011-04-18 15:21:19 UTC
Permalink
The warning is talking about the plugin versions rule. Off hand
nothing jumps out as being wrong with the config to me. It's been too
long since I wrote this rule to recall off the top of my head how it's
processed. Take a look at the code and see how includes, excludes are
handled. There may be some short-circuit that is causing this.
Post by Anders Hammar
Did you read the output? The answer to why it doesn't check is stated there.
/Anders (mobile)
Post by Pavel Smirnov D
I was trying to centralize enforcer configuration to make use of banned
dependencies,
Post by Pavel Smirnov D
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>1.0-beta-1</version>
<executions> <execution>
<id>enforce-banned-dependencies-track-level</id>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<bannedDependencies>
<searchTransitive>true</searchTransitive>
<excludes>
<exclude>junit</exclude>
</excludes>
<includes>
<include>junit:junit:3.8.1</include>
</includes>
</bannedDependencies>
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.3.1</version>
</dependency>
</dependencies>
I would have expected that mvn validate will fail, as clearly version is
among the banned ones.... But alas, it passes clean... trace below...
Post by Pavel Smirnov D
Any ideas?
Regards
Pavel
Apache Maven 3.0 (r1004208; 2010-10-04 12:50:56+0100)
Java version: 1.5.0_16-rev
Java home: /home/epasmir/bin/jdk/jre
Default locale: en, platform encoding: ISO646-US
OS name: "sunos" version: "5.10" arch: "sparc" Family: "unix"
Skipped...
[DEBUG] Configuring mojo
org.apache.maven.plugins:maven-enforcer-plugin:1.0-beta-1:enforce from
plugin realm
ClassRealm[plugin>org.apache.maven.plugins:maven-enforcer-plugin:1.0-beta-1,
parent: ClassRealm[maven.api, parent: null]]
Post by Pavel Smirnov D
[DEBUG] Configuring mojo
'org.apache.maven.plugins:maven-enforcer-plugin:1.0-beta-1:enforce' with
basic configurator -->
Post by Pavel Smirnov D
[DEBUG] (s) fail = true
[DEBUG] (s) failFast = false
[DEBUG] (f) ignoreCache = false
/home/epasmir/poc/reactor/item2/pom.xml
Post by Pavel Smirnov D
[DEBUG] (s) searchTransitive = true
[DEBUG] (s) excludes = [junit]
[DEBUG] (s) includes = [junit:junit:3.8.1]
[DEBUG] (f) message = Best Practice is to always define plugin versions!
[DEBUG] (f) banLatest = true
[DEBUG] (f) banRelease = true
[DEBUG] (s) banSnapshots = true
[DEBUG] (s) rules =
[DEBUG] (s) skip = false
[DEBUG] -- end configuration --
org.apache.maven.plugins.enforcer.BannedDependencies --------------- SHOULD
HAVE failed here ?!
org.apache.maven.plugins.enforcer.RequirePluginVersions (that's fine I
guess)
Post by Pavel Smirnov D
[WARNING] This rule is not compatible with the current version of Maven.
The rule is not able to perform any checks.
Post by Pavel Smirnov D
[INFO]
------------------------------------------------------------------------
Post by Pavel Smirnov D
[INFO] BUILD SUCCESS
[INFO]
------------------------------------------------------------------------
Post by Pavel Smirnov D
[INFO] Total time: 9.203s
[INFO] Finished at: Mon Apr 18 15:12:04 BST 2011
[INFO] Final Memory: 2M/5M
[INFO]
------------------------------------------------------------------------
Loading...