From 94825b94170310a6e1fe73f2cec5621b449e4c64 Mon Sep 17 00:00:00 2001 From: "Brian M. Long" Date: Wed, 26 Mar 2025 11:26:36 -0400 Subject: [PATCH 1/2] updated documentation --- README.md | 6 ++-- examples/ban-config/pom.xml | 48 +++++++++++++++++++++++++++++- examples/governed-artifact/pom.xml | 2 +- 3 files changed, 51 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 83f62d3..6342afd 100644 --- a/README.md +++ b/README.md @@ -129,7 +129,7 @@ Order does not matter. All include specifications are processed, followed by al ## Import -The `import` URL and artifact are to reference XML files that conform to the same `configuration` element as described here. In fact, the root elmenet of that XML should be `configuration`. It will only support the `includes` and `excludes` elements. so you cannot do recursive imports. +The `import` file, URL, and artifact are to reference XML files that conform to the same `configuration` element as described here. In fact, the root elmenet of that XML should be `configuration`. It will only support the `includes` and `excludes` elements. so you cannot do recursive imports. You can create a Maven `pom` packaging type project that deploys a configuration XML to your Maven repository. Then use an `import` to allow you to change banned dependencies without making changes to each individual project. Just like with the `version` notation in the `includes` and `excludes` elements, your `import` `artifact` element supports a version range. This way the latest banned dependencies can be side-loaded into all projects. This means previously functioning builds may eventually start failing. That is by design in this scenario. @@ -139,7 +139,7 @@ The `excludes` element is a way to provide project-by-project exceptions to impo ## Examples -The recommended us of this plugin is for its use across whole organizations. First, you will want a simple Maven project that is referenced by all other Maven projects. That simple project will declare the banned artifacts and potentially purge existing ones. See the `examples/ban-config` project for a full example. +The recommended use of this plugin is for its use across whole organizations. First, you will want a simple Maven project that is referenced by all other Maven projects. That simple project will declare the banned artifacts and potentially purge existing ones. See the `examples/ban-config` project for a full example. ```xml @@ -159,7 +159,7 @@ Once you have that in place, you will want to add the following to every single com.inteligr8 ban-maven-plugin - 1.3.6 + ... true diff --git a/examples/ban-config/pom.xml b/examples/ban-config/pom.xml index 28720d5..8003fb4 100644 --- a/examples/ban-config/pom.xml +++ b/examples/ban-config/pom.xml @@ -15,11 +15,20 @@ Banned Artifact Configuration + + + . + + *-config.xml + + ${project.build.directory} + + com.inteligr8 ban-maven-plugin - 1.3.6 + 1.4.0 purge-maven-repo @@ -33,6 +42,43 @@ + + maven-resources-plugin + + + filter + resources + + + + + maven-install-plugin + + true + ${project.build.directory}/ban-config.xml + + + + install-xml + install + install-file + + ${project.groupId} + ${project.artifactId} + ${project.version} + xml + + + + + + maven-deploy-plugin + + ban-config.xml + pom.xml + xml + + diff --git a/examples/governed-artifact/pom.xml b/examples/governed-artifact/pom.xml index 855b4a1..8a970df 100644 --- a/examples/governed-artifact/pom.xml +++ b/examples/governed-artifact/pom.xml @@ -17,7 +17,7 @@ com.inteligr8 ban-maven-plugin - 1.3.6 + 1.4.0 true From ad4b06fc4fe63e3ace504c8df7d97add7110239a Mon Sep 17 00:00:00 2001 From: "Brian M. Long" Date: Tue, 27 May 2025 09:44:00 -0400 Subject: [PATCH 2/2] attempt to fix remote version range resolution --- .../maven/ban/AbstractBanConfiguration.java | 24 +++++++++++-------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/src/main/java/com/inteligr8/maven/ban/AbstractBanConfiguration.java b/src/main/java/com/inteligr8/maven/ban/AbstractBanConfiguration.java index 35b7fea..076740e 100644 --- a/src/main/java/com/inteligr8/maven/ban/AbstractBanConfiguration.java +++ b/src/main/java/com/inteligr8/maven/ban/AbstractBanConfiguration.java @@ -86,15 +86,19 @@ public abstract class AbstractBanConfiguration implements BanConfiguration { if (!"xml".equals(artifact.getExtension())) artifact = new DefaultArtifact(artifact.getGroupId(), artifact.getArtifactId(), artifact.getClassifier(), "xml", artifact.getVersion()); - Version latestLocalVersion = this.findLatestLocalVersion(artifact, child.getValue()); + Version latestVersion = this.findLatestVersion(artifact, child.getValue()); Artifact latestArtifact = this.findLatestArtifact(artifact, child.getValue()); - if (latestArtifact == null && latestLocalVersion != null) { - this.logger.debug("A latest version was found locally, but could not resolve the artifact; trying to resolve the artifact with the specific version: {}: {}", latestLocalVersion, child.getValue()); - artifact = artifact.setVersion(latestLocalVersion.toString()); + if (latestArtifact == null && latestVersion != null) { + this.logger.debug("A latest version was found, but could not resolve the artifact using the range; trying to resolve the artifact with the specific version: {}: {}", latestVersion, child.getValue()); + artifact = artifact.setVersion(latestVersion.toString()); latestArtifact = this.findLatestArtifact(artifact, child.getValue()); } - if (artifact != null) { + if (latestArtifact != null && latestArtifact.getFile() != null) { + this.logger.debug("The latest artifact was found: {}", latestArtifact); + File file = latestArtifact.getFile(); + downloader = new BanConfigurationDownloader(this.session, this.artifactResolver, this.versionRangeResolver, file); + } else if (artifact != null) { File file = artifact.getFile(); downloader = new BanConfigurationDownloader(this.session, this.artifactResolver, this.versionRangeResolver, file); } @@ -109,16 +113,16 @@ public abstract class AbstractBanConfiguration implements BanConfiguration { } } - private Version findLatestLocalVersion(Artifact artifact, String logId) { - this.logger.trace("Inspecting the local repository to select the version to import: {}", logId); + private Version findLatestVersion(Artifact artifact, String logId) { + this.logger.trace("Inspecting the local and remote repositories to select the version to import: {}", logId); VersionRangeRequest vrrequest = new VersionRangeRequest(artifact, this.session.getCurrentProject().getRemoteProjectRepositories(), null); try { VersionRangeResult vrresult = this.versionRangeResolver.resolveVersionRange(this.session.getRepositorySession(), vrrequest); if (vrresult.getVersions().isEmpty()) { - this.logger.info("The artifact version range could not be resolved locally; trying remote: {}", logId); + this.logger.info("The artifact version range could not be resolved: {}", logId); return null; } else { - this.logger.debug("The artifact version discovered locally: {}; trying remote: {}", vrresult.getHighestVersion(), logId); + this.logger.debug("The artifact version discovered: {}: {}", vrresult.getHighestVersion(), logId); return vrresult.getHighestVersion(); } } catch (VersionRangeResolutionException vrre) { @@ -132,7 +136,7 @@ public abstract class AbstractBanConfiguration implements BanConfiguration { ArtifactRequest arequest = new ArtifactRequest(artifact, this.session.getCurrentProject().getRemoteProjectRepositories(), null); try { ArtifactResult aresult = this.artifactResolver.resolveArtifact(this.session.getRepositorySession(), arequest); - this.logger.debug("This artifact version discovered remotely: {}: {}", aresult.getArtifact().getVersion(), logId); + this.logger.debug("This artifact version discovered: {}: {}", aresult.getArtifact().getVersion(), logId); return aresult.getArtifact(); } catch (ArtifactResolutionException are) { this.logger.warn("The artifact could not be resolved; skipping: {}", artifact);