search

teragrep / project-archetype

Teragrep project archetype
GNU Affero General Public License v3.0
0 stars 1 forks source link

Add maven enforcer versionRange example #14

Closed StrongestNumber9 closed 1 month ago

StrongestNumber9 commented 1 month ago

Description

https://maven.apache.org/enforcer/enforcer-rules/versionRanges.html

<requireJavaVersion>    
    <version>[1.8,1.9)</version>
</requireJavaVersion>
mvn clean package
<snip>
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-enforcer-plugin:3.4.1:enforce (enforce-maven) on project pth_10: 
[ERROR] Rule 1: org.apache.maven.enforcer.rules.version.RequireJavaVersion failed with message:
[ERROR] Detected JDK version 17.0.12 (JAVA_HOME=/usr/lib/jvm/java-17-openjdk-17.0.12.0.7-2.fc40.x86_64) is not in the allowed range [1.8,1.9).
[ERROR] -> [Help 1]

JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk mvn clean package
<snip>
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------

Use case or motivation behind the feature request

Will actually FORCE java version, not just compile on it. Better fail hard and with appropriate error message than have mystery failures because JAVA_HOME was pointing to incompatible version

StrongestNumber9 commented 1 month ago

There are bunch of other useful rules in https://maven.apache.org/enforcer/enforcer-rules/index.html that could be implemented to enforce good standards, like

For obvious reasons: banDynamicVersions - bans all dependencies requiring version resolution at build time (i.e. version ranges, placeholders RELEASE/LATEST or SNAPSHOT versions).

Also for obivous reasons: requirePluginVersions - enforces that all plugins have a specified version.

Security, code management requireNoRepositories - enforces to not include repositories.

For example LICENSE, .gitignore, license-header to enforce that some specific stuff exists requireFilesExist - enforces that the list of files does exist.

We don't want to use anything except release versions requireReleaseDeps - enforces that no snapshots are included as dependencies.