Maven enforcer 和通配符依赖排除

Maven enforcer and wilcard dependency exclusion

我正在使用 Maven enforcer 插件来检查依赖收敛。给出这个(人为的)例子:

project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <groupId>warren</groupId>
  <artifactId>warren</artifactId>
  <packaging>war</packaging>
  <version>1.0-SNAPSHOT</version>
  <name>warren Maven Webapp</name>
  <url>http://maven.apache.org</url>
  <dependencies>
    <dependency>
      <groupId>junit</groupId>
      <artifactId>junit</artifactId>
      <version>3.8.1</version>
      <scope>test</scope>
    </dependency>
    <dependency>
      <groupId>net.sf.jtidy</groupId>
      <artifactId>jtidy</artifactId>
      <version>r938</version>
    </dependency>
    <dependency>
      <groupId>org.apache.maven.plugin-tools</groupId>
      <artifactId>maven-plugin-tools-api</artifactId>
      <version>2.5.1</version>
    </dependency>
  </dependencies>
  <build>
    <finalName>warren</finalName>

    <!-- The Maven Enforcer -->
    <plugins>
    <plugin>
      <groupId>org.apache.maven.plugins</groupId>
      <artifactId>maven-enforcer-plugin</artifactId>
      <version>1.4</version>
      <dependencies>
        <dependency>
          <groupId>org.codehaus.mojo</groupId>
          <artifactId>extra-enforcer-rules</artifactId>
          <version>1.0-beta-2</version>
        </dependency>
      </dependencies>
      <executions>
        <!-- ******************************************************* -->
        <!-- Ensure that certain really important things are checked -->
        <!-- and fail the build if any of these are violated         -->
        <!-- ****************************************************** -->
        <execution>
          <id>enforce-important-stuff</id>
          <goals>
            <goal>enforce</goal>
          </goals>
          <phase>validate</phase>
          <configuration>
            <rules>
              <requireMavenVersion>
                <version>3.2.1</version>
              </requireMavenVersion>
              <requireJavaVersion>
                <version>1.7</version>
              </requireJavaVersion>
              <DependencyConvergence />
              <bannedDependencies>
                <searchTransitive>true</searchTransitive>
                <excludes>
                  <!-- Should be javax.servlet:javax.servlet-api:3.0.1 -->
                  <exclude>javax.servlet:servlet-api:2.*</exclude>
                  <!-- Should be org.springframework:3.2.* . Note this is
                       for the core spring framework. Others such as
                       WS etc may be different, but the convergence to the underlying
                       core Spring framework should be the same -->
                  <exclude>org.springframework:2.*</exclude>
                  <exclude>org.springframework:3.0.*</exclude>
                  <exclude>org.springframework:3.1.*</exclude>&gt;
                  <!-- Should be slf4j 1.7.5 with logback and
                       bridges to JCL, JUL and log4j (this means these
                       individual libraries should not be included as the
                       "bridges" implement the API and redirect to the
                       underlying SLF4j impl -->
                  <exclude>log4j:log4j</exclude>
                  <exclude>commons-logging</exclude>
                  <exclude>org.slf4j:1.5*</exclude>
                  <exclude>org.slf4j:1.6*</exclude>
                </excludes>
              </bannedDependencies>
            </rules>
            <failFast>true</failFast>
          </configuration>
        </execution>
        <execution>
          <id>warn-about-stuff-which-may-cause-problems</id>
          <goals>
            <goal>enforce</goal>
          </goals>
          <phase>validate</phase>
          <configuration>
            <rules>
              <banDuplicateClasses>
                <ignoreClasses>

                </ignoreClasses>
                <findAllDuplicates>true</findAllDuplicates>
              </banDuplicateClasses>
            </rules>
            <fail>false</fail>
          </configuration>
        </execution>
      </executions>
    </plugin>
    </plugins>
  </build>
</project>

我得到这个输出:

[ERROR] +-warren:warren:1.0-SNAPSHOT
[ERROR] +-org.apache.maven.plugin-tools:maven-plugin-tools-api:2.5.1
[ERROR] +-org.codehaus.plexus:plexus-utils:1.5.6
[ERROR] and
[ERROR] +-warren:warren:1.0-SNAPSHOT
[ERROR] +-org.apache.maven.plugin-tools:maven-plugin-tools-api:2.5.1
[ERROR] +-org.codehaus.plexus:plexus-container-default:1.0-alpha-9-stable-1
[ERROR] +-org.codehaus.plexus:plexus-utils:1.0.4

所以,我天真地认为我可以更改我的 pom 以使用通配符排除来避免这个问题,即:

<dependency>
  <groupId>net.sf.jtidy</groupId>
  <artifactId>jtidy</artifactId>
  <version>r938</version>
</dependency>
<dependency>
  <groupId>org.apache.maven.plugin-tools</groupId>
  <artifactId>maven-plugin-tools-api</artifactId>
  <version>2.5.1</version>
  <exclusions>
    <exclusion>
      <groupId>*</groupId>
      <artifactId>*</artifactId>
    </exclusion>
  </exclusions>
</dependency>

但是 Maven 忽略了通配符,我得到了同样的错误。修复错误的唯一方法是明确输入组和工件 ID。

  <exclusions>
    <exclusion>
      <groupId>org.codehaus.plexus</groupId>
      <artifactId>plexus-utils</artifactId>
    </exclusion>
  </exclusions>

在这种情况下是否可以使用通配符排除?请注意,我已尝试使用 Maven 3.0.5、3.2.1 和 3.3.3,但没有成功!

非常感谢

使用通配符排除时,dependencyConvergence 存在未解决的问题:https://issues.apache.org/jira/browse/MENFORCER-195

没有迹象表明我们什么时候可以期待修复,或者最近 activity 关于这个问题(或关于问题 https://issues.apache.org/jira/browse/MSHARED-339)。我用 maven-enforcer-plugin 1.4.1 命中它。

目前解决此问题的最佳方法是为导致执行器失败的每个依赖项同时添加通配符排除和排除:

<dependency>
  <groupId>org.apache.maven.plugin-tools</groupId>
  <artifactId>maven-plugin-tools-api</artifactId>
  <version>2.5.1</version>
  <exclusions>
    <exclusion>
      <groupId>*</groupId>
      <artifactId>*</artifactId>
    </exclusion>
    <exclusion>
      <groupId>org.codehaus.plexus</groupId>
      <artifactId>plexus-utils</artifactId>
    </exclusion>
  </exclusions>
  </exclusions>
</dependency>