Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Plugin dependencies are not checked #34

Closed
ThrawnCA opened this issue Oct 22, 2015 · 6 comments
Closed

Plugin dependencies are not checked #34

ThrawnCA opened this issue Oct 22, 2015 · 6 comments
Assignees
@khmarbaise
Labels
enhancement
Milestone
2.5

Comments

@ThrawnCA
Copy link

When plugins have declared dependencies, those dependencies are not version-checked.

We use plugin dependencies extensively for tools like PMD, Checkstyle, FindBugs, etc, to ensure that the plugin is using the latest version of the underlying library, but we have to check for updates manually.
@mattnelson
Copy link

It looks like this was recently broken. When I look at a site I built a few months back, the plugin dependencies are listed. It doesn't appear to be an issue with the java/plugin version, my hunch is that something changed between maven 3.0 and 3.3 to break this functionality.

@khmarbaise
Copy link
Member

The question is how the plugin dependencies have been defined. If they have been defined via a property like this:

  <properties>
    <dep.version>1.0</dep.version>
 </properties>
 <...
    <plugins>
      <plugin>
         <groupId>...</groupId>
         <dependencies>
           <dependency>
            ... 
              <version>${dep.version}</version>
           </dependency>

         </dependencies>

it will be updated via update-properties. There is an integration test to check it-update-properties-004.
Unfortunately I don't have more information. I will close the issue. If you have further details please don't hesitate to reopen the issue.

@ptamarit
Copy link

ptamarit commented Jun 7, 2017

Hello,

I'm not able to reopen this issue, but I do have the same problem.

With the following POM:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>

  <groupId>test</groupId>
  <artifactId>test</artifactId>
  <version>0.1.0-SNAPSHOT</version>
  <packaging>jar</packaging>

  <prerequisites>
    <maven>3.5.0</maven>
  </prerequisites>

  <build>
    <plugins>
      <plugin>
        <groupId>org.codehaus.mojo</groupId>
        <artifactId>findbugs-maven-plugin</artifactId>
        <version>3.0.4</version>
        <configuration>
          <plugins>
            <plugin>
              <groupId>com.mebigfatguy.fb-contrib</groupId>
              <artifactId>fb-contrib</artifactId>
              <version>7.0.1</version>
            </plugin>
          </plugins>
        </configuration>
        <executions>
          <execution>
            <goals>
              <goal>check</goal>
            </goals>
          </execution>
        </executions>
      </plugin>
    </plugins>
  </build>
</project>

One would expect that a command like mvn versions:display-dependency-updates (or maybe mvn versions:display-plugin-updates) would show that a newer version of fb-contrib is available (currently 7.0.2), but it's not the case.

A plugin dependency is still a dependency, so adding this check in the display-dependency-updates goal would make the most sense to me. Another option would be to add yet another goal named display-plugin-dependency-updates.

Cheers,
Pablo

@khmarbaise khmarbaise reopened this Jun 7, 2017
@khmarbaise
Copy link
Member

Ok reopened. First you use prerequisites on your jar packaging is simply wrong and will produce a WARNING in Maven 3.5.0.
Apart from that a plugin dependency is something different than a usual dependency cause it's limited to the classpath of the plugin...But of course it would make sense to produce an update check for those dependencies as well...

Thanks for those supplemental informations...

@ptamarit
Copy link

ptamarit commented Jun 7, 2017

Hi,

You're welcome, and thanks for the very useful plugin!
Regarding prerequisite vs enforcer, I commented on #48.

Cheers,
Pablo

khmarbaise added a commit that referenced this issue Jun 7, 2017
@khmarbaise
Fixed #34
62bc814 
 o First implementation to report the plugin dependencies as well.
@khmarbaise khmarbaise self-assigned this Jun 7, 2017
@khmarbaise khmarbaise added this to the 2.4.1 milestone Jun 7, 2017
khmarbaise added a commit that referenced this issue Jun 9, 2017
@khmarbaise
Fixed #34
43e933d 
 o Added implementation to report the plugin dependencies as well.
 o Added IT...not verifing yet..
khmarbaise added a commit that referenced this issue Jun 10, 2017
@khmarbaise
Fixed #34
50f3eb8 
 o Added implementation to report the plugin dependencies as well.
 o Added IT's for reporting updates about dependencies in plugins,
   plugins defined in pluginManagement.
@khmarbaise
Copy link
Member

So I have enhanced the display-dependency-updates output to support plugin dependencies which are defined like this:

  <build>
    <plugins>
      <plugin>
        <groupId>org.codehaus.mojo</groupId>
        <artifactId>findbugs-maven-plugin</artifactId>
        <version>3.0.4</version>
        <configuration>
          <plugins>
            <plugin>
              <groupId>com.mebigfatguy.fb-contrib</groupId>
              <artifactId>fb-contrib</artifactId>
              <version>7.0.1</version>
            </plugin>
          </plugins>
        </configuration>
        <executions>
          <execution>
            <goals>
              <goal>check</goal>
            </goals>
          </execution>
        </executions>
      </plugin>
    </plugins>
  </build>
</project>

and also it support the usage via pluginManagement like this:

 <build>
    <pluginManagement>
      <plugins>
        <plugin>
          <groupId>localhost</groupId>
          <artifactId>dummy-maven-plugin</artifactId>
          <version>1.0</version>
          <dependencies>
            <dependency>
              <groupId>localhost</groupId>
              <artifactId>dummy-api</artifactId>
              <version>1.2</version>
            </dependency>
          </dependencies>
        </plugin>
     </plugins>
...
</project>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@khmarbaise khmarbaise

Labels
enhancement
Projects
None yet
Milestone
2.5
Development

No branches or pull requests
4 participants
@khmarbaise @mattnelson @ptamarit @ThrawnCA