Support patterns for ignore, and my version, lists - Githubissues

vandmo / dependency-lock-maven-plugin

Maven plugin that makes sure that Maven dependency are not accidentaly changed.

https://github.com/vandmo/dependency-lock-maven-plugin

Apache License 2.0

64 stars 10 forks source link

Support patterns for ignore, and my version, lists #61

Closed danielhodder closed 1 year ago

danielhodder commented 1 year ago

In my project we have ~130 modules which make up the project, these all have inter-dependencies on each other. Rather than listing all of these modules out it would be good if we could use a pattern to ignore all of the dependencies in the groups that we are happy to have floating.

As far as I can this would 'just' involve changing the StrictPatternIncludesArtifactFilter to a PatternIncludesArtifactFilter in the check Mojo.

Would this be something you'd accept?

vandmo commented 1 year ago

I think you should already be able to achieve what you want with the strict matching. com.mycompany:* should work?

vandmo commented 1 year ago

@danielhodder Did you get it to work? BTW, I will release a 0.0.commit or a 1.0.0-RC1 version as soon as I have decided on the configuration, created a separate issue for that.

danielhodder commented 1 year ago

I had another look at my issue and it was my own fault sorry. Seems like I misread the code, and mistyped my pattern. At least on the 0.x branch this works as expected. I will test with the 1.x version once that's released in some way. If you don't get around to it I will see if I can find some time to try and fix up the builds and get the tests passing again next week.

For now I think we can safely close this and I'll reopen this, or create a new issue, if I hit further issues.

vandmo commented 1 year ago

Very close to a 1.0 release now. Only need to write a bunch of more tests and fix the bugs that I will find :) Created a 0.0.df645e025a41a7aad7f306497255e232098f6e0d release which you can test which is bound to have some bugs though.

danielhodder commented 1 year ago

Sorry just getting around to this today. I am not seeing the 0.0.df645e025a41a7aad7f306497255e232098f6e0d version in the central maven repo at this time. The latest version that I can see is 0.0.78f56707b3a1d639c8e769bba1686587e9a89564, which is obviously a ways back being based on 78f5670.

The new dependency ignore semantics seem to work with dependency-sets and similar though.

vandmo commented 1 year ago

You are right, I forgot to preprend "release-" to the the tag when triggering a release. 0.0.0fcba43c95c016556b4ef8d51d8aee999a0c51b3 should work now though.

danielhodder commented 1 year ago

Tested this does indeed work as expected. In our particular environment we needed to use <version>ignore</version> rather than <version>use-project-version</version>; but it works perfectly. Loving your work, thanks so much for providing this great plugin.

vandmo commented 1 year ago

Thanks :) Releasing 0.0.04d7dd844a26dcdd085a71fde56b36f1747b2cf9 now where ignoring integrity works. I decided to always include false when optional in pom lock file. So if you are using that you should create a new lock file.

Why do you need to ignore the version? Ideally you should be able to use use-project-version or something similar. I have an issue for comparing SNAPSHOT versions which I plan to fix.