Open hohwille opened 3 years ago
I would even consider blacklisting variables like java.home
, java.version
, file.separator
, os.name
, os.version
, etc.
Should be easy enough to do from the code that resolveCiFriendliesOnly uses, as it is in its core just a special case of this with the 3 pre-defined variables.
Relevant parts of code to generalize: https://github.com/mojohaus/flatten-maven-plugin/blob/b57c50783292cf1da4c27b70a7640bb73844087d/src/main/java/org/codehaus/mojo/flatten/cifriendly/CiInterpolatorImpl.java#L202 https://github.com/mojohaus/flatten-maven-plugin/blob/b57c50783292cf1da4c27b70a7640bb73844087d/src/main/java/org/codehaus/mojo/flatten/cifriendly/CiModelInterpolator.java#L138
Thanks for the deep-link pointers. Once I have a weekend where I am not busy with other OSS work, I will create a PR for this.
You mentioned deploying:
As a safeguard against a developer deploying when they shouldn't, I tried to set one of the ciFriendly variables to the local username via env.USERNAME
. This breaks right now, because variable resolution is shallow. Should someone get around to touching that bit of code, it would be nice to look into the resolution order.
And this "defence against devs" would also require that env.*
doesn't get blacklisted :)
There are specific maven variables like
${basedir}
,${project.build.directory}
or any kind of variables resolved to absolute paths on the build environment. Deploying a flattened POM with hardcodedC:\Users\hohwille\projects\myproject\target
(Win) or/Users/hohwille/projects/myproject/target
(Linux/Mac) IMHO never makes sense.Therefore it would be a cool improvement to have a blacklist for variables that flatten-maven-plugin should exclude from interpolation. Ideally there is a configuration option with that blacklist preconfigured that could be overridden.
Concrete example:
In such case nobody wants to have flatten POM to resolve
${project.build.directory}
here.