Maven 2.x Enforcer Plugin

Add an option to enforce dependencyManagement

Details

  • Type: New Feature New Feature
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Won't Fix
  • Affects Version/s: None
  • Fix Version/s: None
  • Component/s: Standard Rules
  • Labels:
    None
  • Number of attachments :
    0

Description

Add something to the dependencyManagement section like
<enforce>true</enforce>
to make build fail if a subproject uses a different version

Currently a subproject can specify the version of a dependency already defined in dependencyManagement, which is error prone

Issue Links

This issue relates to:
MENFORCER-65 Fail the build if children declare dependency versions Major Open

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
ruel loehr added a comment -

This is hot. For an enterprise level app, this option would be tremendously welcome, specifically regarding transitive dependencies. We want to lock down the versions used at the top level, and enforce it among subprojects.

Show
ruel loehr added a comment - This is hot. For an enterprise level app, this option would be tremendously welcome, specifically regarding transitive dependencies. We want to lock down the versions used at the top level, and enforce it among subprojects.
Hide
Permalink
Jason van Zyl added a comment -

With MNG-1577 a sub-project cannot use anything different. Everything is aligned now.

Show
Jason van Zyl added a comment - With MNG-1577 a sub-project cannot use anything different. Everything is aligned now.
Hide
Permalink
Carlos Sanchez added a comment -

I don't see how MNG-1577 fixes this, it enforces transitive dependencies versions but not the ones in the children, children can override the versions in parent dependencyManagement

Show
Carlos Sanchez added a comment - I don't see how MNG-1577 fixes this, it enforces transitive dependencies versions but not the ones in the children, children can override the versions in parent dependencyManagement
Hide
Permalink
Brett Porter added a comment -

is this a role for the enforcer plugin now?

Show
Brett Porter added a comment - is this a role for the enforcer plugin now?
Hide
Permalink
Brian Fox added a comment -

It would be consistent with the other enforcer rules such as "noSnapshots" and "bannedDependencies"

I already have this code in dependency:analyze-dep-mgt. So I could make this a rule fairly quickly. If you agree is the way to go, lets move the issue to enforcer. (means you can get it in 2.0 and not have to wait for 2.1)

Show
Brian Fox added a comment - It would be consistent with the other enforcer rules such as "noSnapshots" and "bannedDependencies" I already have this code in dependency:analyze-dep-mgt. So I could make this a rule fairly quickly. If you agree is the way to go, lets move the issue to enforcer. (means you can get it in 2.0 and not have to wait for 2.1)
Hide
Permalink
jieryn added a comment -

Brian, I think that is exactly what we should do. Let's utilize the code in dependency:analyze-dep-mgmt for an enforcer rule with failBuild=true and ignoreDirect=false ;; either that or let's close this JIRA.

Show
jieryn added a comment - Brian, I think that is exactly what we should do. Let's utilize the code in dependency:analyze-dep-mgmt for an enforcer rule with failBuild=true and ignoreDirect=false ;; either that or let's close this JIRA.
Hide
Permalink
nicolas de loof added a comment -

With some flags set, maven-dependency-plugin can be used to enforce dependencyManagement. A little verbose, but does the job well. 

<plugin>
    <artifactId>maven-dependency-plugin</artifactId>
    <executions>
      <execution>
          <goals>
              <goal>analyze-dep-mgt</goal>
          </goals>
          <phase>verify</phase>
          <configuration>
              <failBuild>true</failBuild>
              <ignoreDirect>false</ignoreDirect>
          </configuration>
      </execution>
    </executions>
</plugin>
Show
nicolas de loof added a comment - With some flags set, maven-dependency-plugin can be used to enforce dependencyManagement. A little verbose, but does the job well. 
<plugin>
    <artifactId>maven-dependency-plugin</artifactId>
    <executions>
      <execution>
          <goals>
              <goal>analyze-dep-mgt</goal>
          </goals>
          <phase>verify</phase>
          <configuration>
              <failBuild>true</failBuild>
              <ignoreDirect>false</ignoreDirect>
          </configuration>
      </execution>
    </executions>
</plugin>
Hide
Permalink
Joe Littlejohn added a comment -

Nicolas, I notice that with the previous comment you marked this as WontFix. It seems like it would be nice to add a new enforcer rule based on the maven-dependency-plugin:analyze-dep-mgt (as suggested by Brian and jieryn above).

This would be a useful rule which could be available and documented without having to use the above workaround.

Show
Joe Littlejohn added a comment - Nicolas, I notice that with the previous comment you marked this as WontFix. It seems like it would be nice to add a new enforcer rule based on the maven-dependency-plugin:analyze-dep-mgt (as suggested by Brian and jieryn above). This would be a useful rule which could be available and documented without having to use the above workaround.

People

Vote (11)
Watch (6)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Codehaus. Try JIRA - bug tracking software for your team.