inteligr8/ban-maven-plugin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: inteligr8:v1.1.0
Branches Tags
inteligr8:develop inteligr8:stable
inteligr8:v1.4.2 inteligr8:v1.4.1 inteligr8:v1.4.0 inteligr8:v1.3.6 inteligr8:v1.3.5 inteligr8:v1.3.4 inteligr8:v1.3.3 inteligr8:v1.3.2 inteligr8:v1.3.1 inteligr8:v1.3.0 inteligr8:v1.2.4 inteligr8:v1.2.3 inteligr8:v1.2.2 inteligr8:v1.2.1 inteligr8:v1.2.0 inteligr8:v1.1.1 inteligr8:v1.1.0 inteligr8:v1.0.0
...
compare: inteligr8:v1.2.0
Branches Tags
inteligr8:develop inteligr8:stable
inteligr8:v1.4.2 inteligr8:v1.4.1 inteligr8:v1.4.0 inteligr8:v1.3.6 inteligr8:v1.3.5 inteligr8:v1.3.4 inteligr8:v1.3.3 inteligr8:v1.3.2 inteligr8:v1.3.1 inteligr8:v1.3.0 inteligr8:v1.2.4 inteligr8:v1.2.3 inteligr8:v1.2.2 inteligr8:v1.2.1 inteligr8:v1.2.0 inteligr8:v1.1.1 inteligr8:v1.1.0 inteligr8:v1.0.0

6 Commits
v1.1.0 ... v1.2.0

Author SHA1 Message Date
Brian M. Long
f749926f92 v1.2.0 pom 2023-05-29 11:13:11 -04:00
Brian M. Long
8c3ce9f069 Merge branch 'develop' into stable 2023-05-29 11:11:02 -04:00
Brian M. Long
3c73bcb83d added artifact import support 2023-05-29 11:09:22 -04:00
Brian Long
cf2fdf42fa v1.1.1 pom 2023-05-25 15:24:41 -04:00
Brian Long
3d7d8bb769 Merge branch 'develop' into stable 2023-05-25 15:24:08 -04:00
Brian Long
d22f657f4e added remote config import support 2023-05-25 15:23:54 -04:00
8 changed files with 296 additions and 112 deletions
Expand all files Collapse all files

9
README.md
View File

@@ -18,6 +18,10 @@ This is a maven plugin that allows for developers and organizations to ban Maven
<version>...</version>
<extensions>true</extensions>
<configuration>
<import>
<url>https://host:port/path/file.xml</url>
<artifact>groupId:artifactId:version</artifact>
</import>
<includes>
<artifact>
<groupId>...<groupId>
@@ -31,13 +35,14 @@ This is a maven plugin that allows for developers and organizations to ban Maven
</artifact>
<artifact>com.inteligr8:ban-maven-plugin:[,1.0.0)</artifact>
<artifact>log4j:log4j</artifact>
<artifact>org\.springframework.*::[,4.0.0.RELEASE)</artifact>
<artifact>org\.springframe.+::[,4.0.0.RELEASE)</artifact>
</includes>
<excludes>
<artifact>
....
</artifact>
</excludes>
<import>https://domain:port/path/file</import>
</configuration>
</plugin>
...
@@ -62,4 +67,4 @@ There is nothing stopping you from specifying two `artifact` elements with the e
If you *include* all versions by omitting the `version` element, you can still *exclude* (unban) certain versions, like `[1.2.17,)`.
It is recommended that you look into [Maven Tiles](https://github.com/repaint-io/maven-tiles) so you can use a tile to define your banned artifacts and side load them into all your projects.
The `import` URL and artifact are to be XML files that conform to the same `configuration` element as described here. In fact, the root elmenet of that XML should be `configuration`. You can create a Maven `pom` packaging type project that deploys the XML to your Maven repository. Importing the configuration allows you to change banned dependencies without making changes to each individual project. Just like with the `include` and `exclude` notation, the `import/artifact` version may be a range. This way the latest banned dependencies can be side-loaded into all projects. This means previously functioning builds may eventually start failing. That is by design in this scenario.

2
pom.xml
View File

@@ -7,7 +7,7 @@
<groupId>com.inteligr8</groupId>
<artifactId>ban-maven-plugin</artifactId>
<version>1.1.0</version>
<version>1.2.0</version>
<packaging>maven-plugin</packaging>
<name>Ban Dependencies Maven Plugin</name>

122
src/main/java/com/inteligr8/maven/ban/AbstractBanConfiguration.java Normal file
View File

@@ -0,0 +1,122 @@
/*
* This program is free software: you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or (at your
* option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License along
* with this program. If not, see <https://www.gnu.org/licenses/>.
*/
package com.inteligr8.maven.ban;
import java.io.IOException;
import java.util.LinkedList;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.lang3.StringUtils;
import org.apache.maven.artifact.versioning.InvalidVersionSpecificationException;
import org.apache.maven.artifact.versioning.VersionRange;
import org.apache.maven.plugin.MojoFailureException;
import org.codehaus.plexus.util.xml.Xpp3Dom;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.inteligr8.maven.model.ArtifactFilter;
public class AbstractBanConfiguration implements BanConfiguration {
private final Logger logger = LoggerFactory.getLogger(this.getClass());
private final Pattern artifactPattern = Pattern.compile("^([^:]+):([^:]+)(:([^:]+))?$");
private final Pattern notRegexPattern = Pattern.compile("^[A-Za-z0-9_\\.]*$");
protected final List<ArtifactFilter> includeArtifacts = new LinkedList<>();
protected final List<ArtifactFilter> excludeArtifacts = new LinkedList<>();
public void init(Xpp3Dom rootDom) throws IOException, MojoFailureException {
if (rootDom == null)
return;
Xpp3Dom includesDom = rootDom.getChild("includes");
if (includesDom != null)
this.includeArtifacts.addAll(this.parseArtifacts(includesDom));
Xpp3Dom excludesDom = rootDom.getChild("excludes");
if (excludesDom != null)
this.excludeArtifacts.addAll(this.parseArtifacts(excludesDom));
this.logger.debug("Include artifacts: {}", this.includeArtifacts);
this.logger.debug("Exclude artifacts: {}", this.excludeArtifacts);
}
public List<ArtifactFilter> getIncludeArtifacts() {
return this.includeArtifacts;
}
public List<ArtifactFilter> getExcludeArtifacts() {
return this.excludeArtifacts;
}
private List<ArtifactFilter> parseArtifacts(Xpp3Dom artifactsDom) {
List<ArtifactFilter> filters = new LinkedList<>();
for (Xpp3Dom artifactDom : artifactsDom.getChildren("artifact")) {
ArtifactFilter filter = new ArtifactFilter();
String versionSpec = null;
if (artifactDom.getChildCount() == 0) {
Matcher matcher = this.artifactPattern.matcher(artifactDom.getValue());
if (!matcher.matches()) {
this.logger.warn("The artifact format '{}' does not match the expected regular expression: {}; ignoring ...", artifactDom.getValue(), this.artifactPattern.pattern());
continue;
}
if (this.notRegexPattern.matcher(matcher.group(1)).matches()) {
filter.setGroupId(StringUtils.trimToNull(matcher.group(1)));
} else {
filter.setGroupIdRegex(StringUtils.trimToNull(matcher.group(1)));
}
if (this.notRegexPattern.matcher(matcher.group(2)).matches()) {
filter.setArtifactId(StringUtils.trimToNull(matcher.group(2)));
} else {
filter.setArtifactIdRegex(StringUtils.trimToNull(matcher.group(2)));
}
versionSpec = StringUtils.trimToNull(matcher.group(4));
} else {
filter.setGroupId(this.getChildValue(artifactDom, "groupId"));
filter.setGroupIdRegex(this.getChildValue(artifactDom, "groupIdRegex"));
filter.setArtifactId(this.getChildValue(artifactDom, "artifactId"));
filter.setArtifactIdRegex(this.getChildValue(artifactDom, "artifactIdRegex"));
versionSpec = this.getChildValue(artifactDom, "version");
}
if (versionSpec != null) {
try {
VersionRange versionRange = VersionRange.createFromVersionSpec(versionSpec);
filter.setVersionRange(versionRange);
} catch (InvalidVersionSpecificationException ivse) {
this.logger.warn("The artifact '{}' has an invalid version specification; the artifact element will be ignored: {}", ivse.getMessage());
continue;
}
}
filters.add(filter);
}
return filters;
}
private String getChildValue(Xpp3Dom dom, String child) {
Xpp3Dom childDom = dom.getChild(child);
return childDom == null ? null : StringUtils.trimToNull(childDom.getValue());
}
}

27
src/main/java/com/inteligr8/maven/ban/BanConfiguration.java Normal file
View File

@@ -0,0 +1,27 @@
/*
* This program is free software: you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or (at your
* option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License along
* with this program. If not, see <https://www.gnu.org/licenses/>.
*/
package com.inteligr8.maven.ban;
import java.util.List;
import com.inteligr8.maven.model.ArtifactFilter;
public interface BanConfiguration {
List<ArtifactFilter> getIncludeArtifacts();
List<ArtifactFilter> getExcludeArtifacts();
}

125
src/main/java/com/inteligr8/maven/ban/BanConfigurationDownloader.java Normal file
View File

@@ -0,0 +1,125 @@
/*
* This program is free software: you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or (at your
* option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License along
* with this program. If not, see <https://www.gnu.org/licenses/>.
*/
package com.inteligr8.maven.ban;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import org.apache.commons.lang3.StringUtils;
import org.apache.maven.execution.MavenSession;
import org.apache.maven.plugin.MojoFailureException;
import org.codehaus.plexus.util.xml.Xpp3Dom;
import org.codehaus.plexus.util.xml.Xpp3DomBuilder;
import org.codehaus.plexus.util.xml.pull.XmlPullParserException;
import org.eclipse.aether.artifact.Artifact;
import org.eclipse.aether.artifact.DefaultArtifact;
import org.eclipse.aether.impl.ArtifactResolver;
import org.eclipse.aether.resolution.ArtifactRequest;
import org.eclipse.aether.resolution.ArtifactResolutionException;
import org.eclipse.aether.resolution.ArtifactResult;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class BanConfigurationDownloader extends AbstractBanConfiguration {
private final Logger logger = LoggerFactory.getLogger(this.getClass());
private final ArtifactResolver artifactResolver;
private final MavenSession session;
public BanConfigurationDownloader(MavenSession session, ArtifactResolver artifactResolver) {
this.session = session;
this.artifactResolver = artifactResolver;
}
public BanConfigurationDownloader(MavenSession session, ArtifactResolver artifactResolver, String url) throws IOException, MojoFailureException {
this(session, artifactResolver);
try {
Xpp3Dom rootDom = this.load(new URL(url));
this.init(rootDom);
} catch (XmlPullParserException xppe) {
throw new MojoFailureException(xppe.getMessage(), xppe);
}
}
public BanConfigurationDownloader(MavenSession session, ArtifactResolver artifactResolver, File file) throws IOException, MojoFailureException {
this(session, artifactResolver);
try {
Xpp3Dom rootDom = this.load(file);
this.init(rootDom);
} catch (XmlPullParserException xppe) {
throw new MojoFailureException(xppe.getMessage(), xppe);
}
}
@Override
public void init(Xpp3Dom rootDom) throws IOException, MojoFailureException {
Xpp3Dom importDom = rootDom.getChild("import");
if (importDom != null) {
for (Xpp3Dom child : importDom.getChildren()) {
BanConfigurationDownloader downloader = null;
if (child.getName().equals("url")) {
String url = StringUtils.trimToNull(importDom.getValue());
downloader = new BanConfigurationDownloader(this.session, this.artifactResolver, url);
} else if (child.getName().equals("artifact")) {
Artifact artifact = new DefaultArtifact(child.getValue());
ArtifactRequest request = new ArtifactRequest(artifact, this.session.getCurrentProject().getRemoteProjectRepositories(), null);
try {
ArtifactResult result = this.artifactResolver.resolveArtifact(this.session.getRepositorySession(), request);
File file = result.getArtifact().getFile();
downloader = new BanConfigurationDownloader(this.session, this.artifactResolver, file);
} catch (ArtifactResolutionException are) {
this.logger.warn("The artifact could not be resolved; skipping: {}", child.getValue());
}
}
if (downloader != null) {
this.includeArtifacts.addAll(downloader.getIncludeArtifacts());
this.excludeArtifacts.addAll(downloader.getExcludeArtifacts());
}
}
}
}
private Xpp3Dom load(URL url) throws IOException, XmlPullParserException {
InputStream istream = url.openStream();
BufferedInputStream bistream = new BufferedInputStream(istream, 16384);
try {
this.logger.debug("Downloading configuration: {}", url);
return Xpp3DomBuilder.build(bistream, "utf-8");
} finally {
bistream.close();
}
}
private Xpp3Dom load(File file) throws IOException, XmlPullParserException {
FileInputStream fistream = new FileInputStream(file);
BufferedInputStream bistream = new BufferedInputStream(fistream, 16384);
try {
this.logger.debug("Downloading configuration: {}", file);
return Xpp3DomBuilder.build(bistream, "utf-8");
} finally {
bistream.close();
}
}
}

111
src/main/java/com/inteligr8/maven/ban/BanConfigurationParser.java
View File

@@ -14,118 +14,17 @@
*/
package com.inteligr8.maven.ban;
import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.io.IOException;
import org.apache.commons.lang3.StringUtils;
import org.apache.maven.artifact.versioning.InvalidVersionSpecificationException;
import org.apache.maven.artifact.versioning.VersionRange;
import org.apache.maven.model.Plugin;
import org.apache.maven.plugin.MojoFailureException;
import org.codehaus.plexus.util.xml.Xpp3Dom;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.inteligr8.maven.model.ArtifactFilter;
public class BanConfigurationParser extends AbstractBanConfiguration {
public class BanConfigurationParser {
private final Logger logger = LoggerFactory.getLogger(this.getClass());
private final Pattern artifactPattern = Pattern.compile("^([^:]+):([^:]+)(:([^:]+))?$");
private final Pattern notRegexPattern = Pattern.compile("^[A-Za-z0-9_\\.]*$");
private final List<ArtifactFilter> includeArtifacts;
private final List<ArtifactFilter> excludeArtifacts;
public BanConfigurationParser(Plugin plugin) {
public BanConfigurationParser(Plugin plugin) throws IOException, MojoFailureException {
Xpp3Dom rootDom = (Xpp3Dom) plugin.getConfiguration();
if (rootDom == null) {
this.includeArtifacts = Collections.emptyList();
this.excludeArtifacts = Collections.emptyList();
return;
}
Xpp3Dom includesDom = rootDom.getChild("includes");
if (includesDom != null) {
this.includeArtifacts = this.parseArtifacts(includesDom);
this.logger.debug("Include artifacts: {}", this.includeArtifacts);
} else {
this.includeArtifacts = Collections.emptyList();
}
Xpp3Dom excludesDom = rootDom.getChild("excludes");
if (excludesDom != null) {
this.excludeArtifacts = this.parseArtifacts(excludesDom);
this.logger.debug("Exclude artifacts: {}", this.excludeArtifacts);
} else {
this.excludeArtifacts = Collections.emptyList();
}
}
public List<ArtifactFilter> getIncludeArtifacts() {
return this.includeArtifacts;
}
public List<ArtifactFilter> getExcludeArtifacts() {
return this.excludeArtifacts;
}
private List<ArtifactFilter> parseArtifacts(Xpp3Dom artifactsDom) {
List<ArtifactFilter> filters = new LinkedList<>();
for (Xpp3Dom artifactDom : artifactsDom.getChildren("artifact")) {
ArtifactFilter filter = new ArtifactFilter();
String versionSpec = null;
if (artifactDom.getChildCount() == 0) {
Matcher matcher = this.artifactPattern.matcher(artifactDom.getValue());
if (!matcher.matches()) {
this.logger.warn("The artifact format '{}' does not match the expected regular expression: {}; ignoring ...", artifactDom.getValue(), this.artifactPattern.pattern());
continue;
}
if (this.notRegexPattern.matcher(matcher.group(1)).matches()) {
filter.setGroupId(StringUtils.trimToNull(matcher.group(1)));
} else {
filter.setGroupIdRegex(StringUtils.trimToNull(matcher.group(1)));
}
if (this.notRegexPattern.matcher(matcher.group(2)).matches()) {
filter.setArtifactId(StringUtils.trimToNull(matcher.group(2)));
} else {
filter.setArtifactIdRegex(StringUtils.trimToNull(matcher.group(2)));
}
versionSpec = StringUtils.trimToNull(matcher.group(4));
} else {
filter.setGroupId(this.getChildValue(artifactDom, "groupId"));
filter.setGroupIdRegex(this.getChildValue(artifactDom, "groupIdRegex"));
filter.setArtifactId(this.getChildValue(artifactDom, "artifactId"));
filter.setArtifactIdRegex(this.getChildValue(artifactDom, "artifactIdRegex"));
versionSpec = this.getChildValue(artifactDom, "version");
}
if (versionSpec != null) {
try {
VersionRange versionRange = VersionRange.createFromVersionSpec(versionSpec);
filter.setVersionRange(versionRange);
} catch (InvalidVersionSpecificationException ivse) {
this.logger.warn("The artifact '{}' has an invalid version specification; the artifact element will be ignored: {}", ivse.getMessage());
continue;
}
}
filters.add(filter);
}
return filters;
}
private String getChildValue(Xpp3Dom dom, String child) {
Xpp3Dom childDom = dom.getChild(child);
return childDom == null ? null : StringUtils.trimToNull(childDom.getValue());
this.init(rootDom);
}
}

8
src/main/java/com/inteligr8/maven/ban/BanExtension.java
View File

@@ -14,6 +14,7 @@
*/
package com.inteligr8.maven.ban;
import java.io.IOException;
import java.util.LinkedList;
import java.util.List;
@@ -25,6 +26,7 @@ import org.apache.maven.AbstractMavenLifecycleParticipant;
import org.apache.maven.MavenExecutionException;
import org.apache.maven.execution.MavenSession;
import org.apache.maven.model.Plugin;
import org.apache.maven.plugin.MojoFailureException;
import org.apache.maven.plugin.PluginResolutionException;
import org.apache.maven.plugin.internal.PluginDependenciesResolver;
import org.apache.maven.project.DefaultDependencyResolutionRequest;
@@ -59,7 +61,7 @@ public class BanExtension extends AbstractMavenLifecycleParticipant {
@Override
public void afterProjectsRead(MavenSession session) throws MavenExecutionException {
MavenProject project = session.getCurrentProject();
BanConfigurationParser config = this.getConfiguration(project);
BanConfiguration config = this.getConfiguration(project);
if (config == null)
return;
@@ -104,7 +106,11 @@ public class BanExtension extends AbstractMavenLifecycleParticipant {
this.logger.warn("The '{}' plugin must be defined with '<extensions>true</extensions>'; ignoring plugin", plugin.getId());
return null;
} else {
try {
return new BanConfigurationParser(plugin);
} catch (IOException | MojoFailureException e) {
throw new MavenExecutionException(e.getMessage(), project.getFile());
}
}
}

2
src/main/java/com/inteligr8/maven/ban/PurgeRepoMojo.java
View File

@@ -159,7 +159,7 @@ public class PurgeRepoMojo extends AbstractMojo {
}
}
private BanConfigurationParser getConfiguration(MavenProject project) throws MojoFailureException {
private BanConfigurationParser getConfiguration(MavenProject project) throws MojoFailureException, IOException {
Plugin plugin = project.getPlugin(BanExtension.THIS_PLUGIN_KEY);
if (plugin == null)
throw new MojoFailureException("The plugin is executing but it cannot be found");