Maven
  1. Maven
  2. MNG-3395

Default core plugin versions in the superpom.

    Details

    • Type: Improvement Improvement
    • Status: Closed Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.0.8
    • Fix Version/s: 2.0.9
    • Labels:
      None
    • Number of attachments :
      2

      Description

      We should define the plugin versions for core and other common plugins (the apache plugins is a good place to start) in the super pom in 2.0.x to help with stability.

      See here for more info.
      http://www.nabble.com/Plugin-Versions-in-the-Super-pom-to15367074s177.html#a15367074

      1. default-plugin-versions.patch
        2 kB
        Benjamin Bentmann
      2. default-plugin-versions.patch
        2 kB
        Benjamin Bentmann

        Issue Links

          Activity

          Hide
          Paul Benedict added a comment -

          Brian, when this is complete, please update the documentation to publicly reveal the versions. The information would probably be most appropriate as a table in the release notes page.

          Show
          Paul Benedict added a comment - Brian, when this is complete, please update the documentation to publicly reveal the versions. The information would probably be most appropriate as a table in the release notes page.
          Hide
          brianfox brianfox added a comment -

          initial revision committed. Waiting for javadoc release before making this final.

          Show
          brianfox brianfox added a comment - initial revision committed. Waiting for javadoc release before making this final.
          Hide
          Benjamin Bentmann added a comment -

          initial revision committed.

          The maven-clean-plugin and the maven-plugin-plugin are definitively missing since these are employed by the default lifecycle bindings. If the plugin tools get out in time, the maven-plugin-plugin could be updated to 2.4 then.

          The maven-enforcer-plugin and the maven-release-plugin might be added as well given their popularity.

          Not addressed by the patch:
          Was the plugin list meant to be sorted alphabetically? Currently, install-plugin listed after javadoc-plugin and resources-plugin listed after surefire-plugin.

          Certain lines have trailing whitespace that could be removed, e.g. search for "plugin> ".

          Show
          Benjamin Bentmann added a comment - initial revision committed. The maven-clean-plugin and the maven-plugin-plugin are definitively missing since these are employed by the default lifecycle bindings. If the plugin tools get out in time, the maven-plugin-plugin could be updated to 2.4 then. The maven-enforcer-plugin and the maven-release-plugin might be added as well given their popularity. Not addressed by the patch: Was the plugin list meant to be sorted alphabetically? Currently, install-plugin listed after javadoc-plugin and resources-plugin listed after surefire-plugin. Certain lines have trailing whitespace that could be removed, e.g. search for "plugin> ".
          Hide
          brianfox brianfox added a comment -

          Thanks for reviewing. I overlooked release,clean and plugin. The enforcer is going to change soon and it's about best practices, this one shouldn't be locked down (if they are using it, they should know to lock it).

          Show
          brianfox brianfox added a comment - Thanks for reviewing. I overlooked release,clean and plugin. The enforcer is going to change soon and it's about best practices, this one shouldn't be locked down (if they are using it, they should know to lock it).
          Hide
          Paul Benedict added a comment -

          I'd also like to see added:
          maven-archetype-plugin
          maven-resources-plugin
          maven-help-plugin

          Show
          Paul Benedict added a comment - I'd also like to see added: maven-archetype-plugin maven-resources-plugin maven-help-plugin
          Hide
          brianfox brianfox added a comment -

          Resources is in there, or it should be. IMO, archetype is evolving too quickly to lock it down. Since it is primarily used from the command line, this won't hurt repeatability of builds. Locking down help doesn't seem to provide any benefit either.

          Show
          brianfox brianfox added a comment - Resources is in there, or it should be. IMO, archetype is evolving too quickly to lock it down. Since it is primarily used from the command line, this won't hurt repeatability of builds. Locking down help doesn't seem to provide any benefit either.
          Hide
          Paul Benedict added a comment -

          Brian, you were right about resources plugin. I missed it because it wasn't in alphabetical order.

          Show
          Paul Benedict added a comment - Brian, you were right about resources plugin. I missed it because it wasn't in alphabetical order.
          Hide
          Benjamin Bentmann added a comment -

          I overlooked release,clean and plugin

          Your recent commit r637973 only included version updates for exising plugins and reordering of resources-plugin. Still missing are clean-, plugin- and release-plugin. From your previous comment, I deduce this is not intended, isn't it?

          Show
          Benjamin Bentmann added a comment - I overlooked release,clean and plugin Your recent commit r637973 only included version updates for exising plugins and reordering of resources-plugin. Still missing are clean-, plugin- and release-plugin. From your previous comment, I deduce this is not intended, isn't it?
          Hide
          brianfox brianfox added a comment -

          I'm not really sure if plugin is required but I added it. Thanks for pointing out release...missed it again. What's the benefit to locking down clean? My goal isn't to lock everything down, just the stuff that really affects builds.

          Show
          brianfox brianfox added a comment - I'm not really sure if plugin is required but I added it. Thanks for pointing out release...missed it again. What's the benefit to locking down clean? My goal isn't to lock everything down, just the stuff that really affects builds.
          Hide
          Paul Benedict added a comment -

          Clean can really affect builds. Especially because Windows holds locks on directories that are "opened" in other processes. The latest version of the clean plugin can deal with this.

          Show
          Paul Benedict added a comment - Clean can really affect builds. Especially because Windows holds locks on directories that are "opened" in other processes. The latest version of the clean plugin can deal with this.
          Hide
          Benjamin Bentmann added a comment -

          My goal isn't to lock everything down

          Sure you shouldn't lock down all existing plugins, but please do this for all plugins that have bindings to the various build packagings. The packaging "maven-plugin" uses maven-plugin-plugin and hence should be locked down. Likewise, maven-clean-plugin is automatically bound and should have a default version in the super POM for the novice users to get build reproducibility.

          What's the benefit to locking down clean?

          You could have also questioned "What's the benefit to locking down build plugin XYZ?" and the answer would be the same: a reproducible build. Reproducibility also includes the little aspect of stability. If clean-plugin-X works but clean-plugin-Y fails the build, this is not reproducible. Just to be clear: I don't want to upset anybody but please let's be honest, the implication "version X worked so version Y will work, too" is just utopie. This in mind, please consider that clean is executed by the release-plugin.

          Show
          Benjamin Bentmann added a comment - My goal isn't to lock everything down Sure you shouldn't lock down all existing plugins, but please do this for all plugins that have bindings to the various build packagings. The packaging "maven-plugin" uses maven-plugin-plugin and hence should be locked down. Likewise, maven-clean-plugin is automatically bound and should have a default version in the super POM for the novice users to get build reproducibility. What's the benefit to locking down clean? You could have also questioned "What's the benefit to locking down build plugin XYZ?" and the answer would be the same: a reproducible build. Reproducibility also includes the little aspect of stability. If clean-plugin-X works but clean-plugin-Y fails the build, this is not reproducible. Just to be clear: I don't want to upset anybody but please let's be honest, the implication "version X worked so version Y will work, too" is just utopie. This in mind, please consider that clean is executed by the release-plugin.

            People

            • Assignee:
              brianfox brianfox
              Reporter:
              brianfox brianfox
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: