Maven enforcer 和通配符依赖排除
Maven enforcer and wilcard dependency exclusion
我正在使用 Maven enforcer 插件来检查依赖收敛。给出这个(人为的)例子:
project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>warren</groupId>
<artifactId>warren</artifactId>
<packaging>war</packaging>
<version>1.0-SNAPSHOT</version>
<name>warren Maven Webapp</name>
<url>http://maven.apache.org</url>
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>3.8.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>net.sf.jtidy</groupId>
<artifactId>jtidy</artifactId>
<version>r938</version>
</dependency>
<dependency>
<groupId>org.apache.maven.plugin-tools</groupId>
<artifactId>maven-plugin-tools-api</artifactId>
<version>2.5.1</version>
</dependency>
</dependencies>
<build>
<finalName>warren</finalName>
<!-- The Maven Enforcer -->
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>1.4</version>
<dependencies>
<dependency>
<groupId>org.codehaus.mojo</groupId>
<artifactId>extra-enforcer-rules</artifactId>
<version>1.0-beta-2</version>
</dependency>
</dependencies>
<executions>
<!-- ******************************************************* -->
<!-- Ensure that certain really important things are checked -->
<!-- and fail the build if any of these are violated -->
<!-- ****************************************************** -->
<execution>
<id>enforce-important-stuff</id>
<goals>
<goal>enforce</goal>
</goals>
<phase>validate</phase>
<configuration>
<rules>
<requireMavenVersion>
<version>3.2.1</version>
</requireMavenVersion>
<requireJavaVersion>
<version>1.7</version>
</requireJavaVersion>
<DependencyConvergence />
<bannedDependencies>
<searchTransitive>true</searchTransitive>
<excludes>
<!-- Should be javax.servlet:javax.servlet-api:3.0.1 -->
<exclude>javax.servlet:servlet-api:2.*</exclude>
<!-- Should be org.springframework:3.2.* . Note this is
for the core spring framework. Others such as
WS etc may be different, but the convergence to the underlying
core Spring framework should be the same -->
<exclude>org.springframework:2.*</exclude>
<exclude>org.springframework:3.0.*</exclude>
<exclude>org.springframework:3.1.*</exclude>>
<!-- Should be slf4j 1.7.5 with logback and
bridges to JCL, JUL and log4j (this means these
individual libraries should not be included as the
"bridges" implement the API and redirect to the
underlying SLF4j impl -->
<exclude>log4j:log4j</exclude>
<exclude>commons-logging</exclude>
<exclude>org.slf4j:1.5*</exclude>
<exclude>org.slf4j:1.6*</exclude>
</excludes>
</bannedDependencies>
</rules>
<failFast>true</failFast>
</configuration>
</execution>
<execution>
<id>warn-about-stuff-which-may-cause-problems</id>
<goals>
<goal>enforce</goal>
</goals>
<phase>validate</phase>
<configuration>
<rules>
<banDuplicateClasses>
<ignoreClasses>
</ignoreClasses>
<findAllDuplicates>true</findAllDuplicates>
</banDuplicateClasses>
</rules>
<fail>false</fail>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>
我得到这个输出:
[ERROR] +-warren:warren:1.0-SNAPSHOT
[ERROR] +-org.apache.maven.plugin-tools:maven-plugin-tools-api:2.5.1
[ERROR] +-org.codehaus.plexus:plexus-utils:1.5.6
[ERROR] and
[ERROR] +-warren:warren:1.0-SNAPSHOT
[ERROR] +-org.apache.maven.plugin-tools:maven-plugin-tools-api:2.5.1
[ERROR] +-org.codehaus.plexus:plexus-container-default:1.0-alpha-9-stable-1
[ERROR] +-org.codehaus.plexus:plexus-utils:1.0.4
所以,我天真地认为我可以更改我的 pom 以使用通配符排除来避免这个问题,即:
<dependency>
<groupId>net.sf.jtidy</groupId>
<artifactId>jtidy</artifactId>
<version>r938</version>
</dependency>
<dependency>
<groupId>org.apache.maven.plugin-tools</groupId>
<artifactId>maven-plugin-tools-api</artifactId>
<version>2.5.1</version>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
但是 Maven 忽略了通配符,我得到了同样的错误。修复错误的唯一方法是明确输入组和工件 ID。
<exclusions>
<exclusion>
<groupId>org.codehaus.plexus</groupId>
<artifactId>plexus-utils</artifactId>
</exclusion>
</exclusions>
在这种情况下是否可以使用通配符排除?请注意,我已尝试使用 Maven 3.0.5、3.2.1 和 3.3.3,但没有成功!
非常感谢
使用通配符排除时,dependencyConvergence 存在未解决的问题:https://issues.apache.org/jira/browse/MENFORCER-195。
没有迹象表明我们什么时候可以期待修复,或者最近 activity 关于这个问题(或关于问题 https://issues.apache.org/jira/browse/MSHARED-339)。我用 maven-enforcer-plugin 1.4.1 命中它。
目前解决此问题的最佳方法是为导致执行器失败的每个依赖项同时添加通配符排除和排除:
<dependency>
<groupId>org.apache.maven.plugin-tools</groupId>
<artifactId>maven-plugin-tools-api</artifactId>
<version>2.5.1</version>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
<exclusion>
<groupId>org.codehaus.plexus</groupId>
<artifactId>plexus-utils</artifactId>
</exclusion>
</exclusions>
</exclusions>
</dependency>
我正在使用 Maven enforcer 插件来检查依赖收敛。给出这个(人为的)例子:
project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>warren</groupId>
<artifactId>warren</artifactId>
<packaging>war</packaging>
<version>1.0-SNAPSHOT</version>
<name>warren Maven Webapp</name>
<url>http://maven.apache.org</url>
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>3.8.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>net.sf.jtidy</groupId>
<artifactId>jtidy</artifactId>
<version>r938</version>
</dependency>
<dependency>
<groupId>org.apache.maven.plugin-tools</groupId>
<artifactId>maven-plugin-tools-api</artifactId>
<version>2.5.1</version>
</dependency>
</dependencies>
<build>
<finalName>warren</finalName>
<!-- The Maven Enforcer -->
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>1.4</version>
<dependencies>
<dependency>
<groupId>org.codehaus.mojo</groupId>
<artifactId>extra-enforcer-rules</artifactId>
<version>1.0-beta-2</version>
</dependency>
</dependencies>
<executions>
<!-- ******************************************************* -->
<!-- Ensure that certain really important things are checked -->
<!-- and fail the build if any of these are violated -->
<!-- ****************************************************** -->
<execution>
<id>enforce-important-stuff</id>
<goals>
<goal>enforce</goal>
</goals>
<phase>validate</phase>
<configuration>
<rules>
<requireMavenVersion>
<version>3.2.1</version>
</requireMavenVersion>
<requireJavaVersion>
<version>1.7</version>
</requireJavaVersion>
<DependencyConvergence />
<bannedDependencies>
<searchTransitive>true</searchTransitive>
<excludes>
<!-- Should be javax.servlet:javax.servlet-api:3.0.1 -->
<exclude>javax.servlet:servlet-api:2.*</exclude>
<!-- Should be org.springframework:3.2.* . Note this is
for the core spring framework. Others such as
WS etc may be different, but the convergence to the underlying
core Spring framework should be the same -->
<exclude>org.springframework:2.*</exclude>
<exclude>org.springframework:3.0.*</exclude>
<exclude>org.springframework:3.1.*</exclude>>
<!-- Should be slf4j 1.7.5 with logback and
bridges to JCL, JUL and log4j (this means these
individual libraries should not be included as the
"bridges" implement the API and redirect to the
underlying SLF4j impl -->
<exclude>log4j:log4j</exclude>
<exclude>commons-logging</exclude>
<exclude>org.slf4j:1.5*</exclude>
<exclude>org.slf4j:1.6*</exclude>
</excludes>
</bannedDependencies>
</rules>
<failFast>true</failFast>
</configuration>
</execution>
<execution>
<id>warn-about-stuff-which-may-cause-problems</id>
<goals>
<goal>enforce</goal>
</goals>
<phase>validate</phase>
<configuration>
<rules>
<banDuplicateClasses>
<ignoreClasses>
</ignoreClasses>
<findAllDuplicates>true</findAllDuplicates>
</banDuplicateClasses>
</rules>
<fail>false</fail>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>
我得到这个输出:
[ERROR] +-warren:warren:1.0-SNAPSHOT
[ERROR] +-org.apache.maven.plugin-tools:maven-plugin-tools-api:2.5.1
[ERROR] +-org.codehaus.plexus:plexus-utils:1.5.6
[ERROR] and
[ERROR] +-warren:warren:1.0-SNAPSHOT
[ERROR] +-org.apache.maven.plugin-tools:maven-plugin-tools-api:2.5.1
[ERROR] +-org.codehaus.plexus:plexus-container-default:1.0-alpha-9-stable-1
[ERROR] +-org.codehaus.plexus:plexus-utils:1.0.4
所以,我天真地认为我可以更改我的 pom 以使用通配符排除来避免这个问题,即:
<dependency>
<groupId>net.sf.jtidy</groupId>
<artifactId>jtidy</artifactId>
<version>r938</version>
</dependency>
<dependency>
<groupId>org.apache.maven.plugin-tools</groupId>
<artifactId>maven-plugin-tools-api</artifactId>
<version>2.5.1</version>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
但是 Maven 忽略了通配符,我得到了同样的错误。修复错误的唯一方法是明确输入组和工件 ID。
<exclusions>
<exclusion>
<groupId>org.codehaus.plexus</groupId>
<artifactId>plexus-utils</artifactId>
</exclusion>
</exclusions>
在这种情况下是否可以使用通配符排除?请注意,我已尝试使用 Maven 3.0.5、3.2.1 和 3.3.3,但没有成功!
非常感谢
使用通配符排除时,dependencyConvergence 存在未解决的问题:https://issues.apache.org/jira/browse/MENFORCER-195。
没有迹象表明我们什么时候可以期待修复,或者最近 activity 关于这个问题(或关于问题 https://issues.apache.org/jira/browse/MSHARED-339)。我用 maven-enforcer-plugin 1.4.1 命中它。
目前解决此问题的最佳方法是为导致执行器失败的每个依赖项同时添加通配符排除和排除:
<dependency>
<groupId>org.apache.maven.plugin-tools</groupId>
<artifactId>maven-plugin-tools-api</artifactId>
<version>2.5.1</version>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
<exclusion>
<groupId>org.codehaus.plexus</groupId>
<artifactId>plexus-utils</artifactId>
</exclusion>
</exclusions>
</exclusions>
</dependency>