Performing resolution of dependencies (versions) of build plugins or already provided in maven?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Performing resolution of dependencies (versions) of build plugins or already provided in maven?

Danny van Heumen
Hi,

I've recently done a few contributions to pgpverify-maven-plugin. Some
of these include verifying more maven artifacts at build time, more
specifically:
- build plug-ins,
- build plug-in dependencies,
- "dependencies in atypical locations", right now only annotation
  processors for maven-compiler-plugin.

I'm stuck with an issue where build plug-in dependencies (and also the
annotation processors) are only listed by maven's API, but no further
resolution is performed. (AFAICT)

My goal is to validate the totality of loaded jar files, for as far as
reasonably possible. So, I would like to verify both the build plug-in
dependencies as well as all of their (indirect) dependencies.

So, I have a few questions regarding this goal:
1. Is there a specific part of the API where I can find all
predetermined resolved versions of these artifacts?
2. Alternatively, is there an API that I can call that will perform
dependency (conflict) resolution exactly as Maven would?
3. Alternatively, is there some in which I can find all resolved
versions, such that I could manually generate a transitive closure of
dependencies and then lookup the corresponding versions?

Any recommendations would be very welcome. I'm not an experienced maven
plug-in developers, so I may have missed important details.

Kind regards,
Danny



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Performing resolution of dependencies (versions) of build plugins or already provided in maven?

Danny van Heumen
Hi all,

This is still an open issue. Can anyone provide any insight. Any
lead is welcome, also pointers in the direction of another plug-in
(source code).

I have had a look at maven-dependency-plugin, but that seems to work
with the versions prescribed in the pom.xml file. In this case I'd say
that that is not reliable as a different version could be resolved at
execution time.

Thanks in advance,

Danny



On Fri, 27 Dec 2019 14:29:22 +0100
"Danny van Heumen" <[hidden email]> wrote:

> Hi,
>
> I've recently done a few contributions to pgpverify-maven-plugin. Some
> of these include verifying more maven artifacts at build time, more
> specifically:
> - build plug-ins,
> - build plug-in dependencies,
> - "dependencies in atypical locations", right now only annotation
>   processors for maven-compiler-plugin.
>
> I'm stuck with an issue where build plug-in dependencies (and also the
> annotation processors) are only listed by maven's API, but no further
> resolution is performed. (AFAICT)
>
> My goal is to validate the totality of loaded jar files, for as far as
> reasonably possible. So, I would like to verify both the build plug-in
> dependencies as well as all of their (indirect) dependencies.
>
> So, I have a few questions regarding this goal:
> 1. Is there a specific part of the API where I can find all
> predetermined resolved versions of these artifacts?
> 2. Alternatively, is there an API that I can call that will perform
> dependency (conflict) resolution exactly as Maven would?
> 3. Alternatively, is there some in which I can find all resolved
> versions, such that I could manually generate a transitive closure of
> dependencies and then lookup the corresponding versions?
>
> Any recommendations would be very welcome. I'm not an experienced
> maven plug-in developers, so I may have missed important details.
>
> Kind regards,
> Danny
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]