maven-enforcer-plugin 3.3.0破坏作用域的行为

hwamh0ep  于 2023-06-21  发布在  Maven
关注(0)|答案(1)|浏览(190)

当升级Sping Boot 到3.1时,我得到了maven-enforcer-plugin3.3.0的过渡升级,破坏了我的构建。传递依赖的作用域配置行为很奇怪。
当前配置

<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-enforcer-plugin</artifactId>
    <executions>
        <execution>
            <id>enforce-banned-dependencies</id>
            <goals>
                <goal>enforce</goal>
            </goals>
            <configuration>
                <rules>
                    <bannedDependencies>
                        <excludes>
                            <exclude>org.apache.tomcat.embed:*:*:*:compile</exclude>
                    </bannedDependencies>
                </rules>
            </configuration>
        </execution>
    </executions>
</plugin>

依赖性

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-validation</artifactId>
</dependency>

<dependency>
    <groupId>org.apache.tomcat.embed</groupId>
    <artifactId>tomcat-embed-el</artifactId>
    <scope>test</scope>
</dependency>

错误

[ERROR] Failed to execute goal org.apache.maven.plugins:maven-enforcer-plugin:3.3.0:enforce (enforce-banned-dependencies) on project enrollment-server: 
[ERROR] Rule 0: org.apache.maven.enforcer.rules.dependency.BannedDependencies failed with message:
[ERROR] com.example:test:war:1.0.0-SNAPSHOT
[ERROR]    org.springframework.boot:spring-boot-starter-validation:jar:3.1.0
[ERROR]       org.apache.tomcat.embed:tomcat-embed-el:jar:10.1.8 <--- banned via the exclude/include list

我注意到,有一个选项<searchTransitive>false</searchTransitive>,但在我看来,它完全忽略了传递依赖关系。因此,不检查依赖关系,而是附加依赖关系。恕我直言,这个插件的主要目标是控制最终工件的内容。
目前已降级为maven-enforcer-plugin3.1.0
完整示例:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>com.example</groupId>
    <artifactId>test</artifactId>
    <version>1.0-SNAPSHOT</version>

    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>3.1.0</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-validation</artifactId>
        </dependency>

        <dependency>
            <groupId>org.apache.tomcat.embed</groupId>
            <artifactId>tomcat-embed-el</artifactId>
            <!--  Overriding scope of transitive dependency from spring-boot-starter-validation but new enforcer plugin does NOT respect that  -->
            <scope>test</scope>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-enforcer-plugin</artifactId>
                <!--  Working with 3.1.0 -->
                <!--  <version>3.1.0</version> -->
                <!--  Implicit version 3.3.0 breaks the build  -->
                <executions>
                    <execution>
                        <id>enforce-banned-dependencies</id>
                        <goals>
                            <goal>enforce</goal>
                        </goals>
                        <configuration>
                            <rules>
                                <bannedDependencies>
                                    <excludes>
                                        <exclude>org.apache.tomcat.embed:*:*:*:compile</exclude>
                                    </excludes>
                                </bannedDependencies>
                            </rules>
                        </configuration>
                    </execution>
                </executions>
            </plugin>
        </plugins>
    </build>

</project>
busg9geu

busg9geu1#

第一个maven-enforcer-plugin与给定的规则是完全做它应该做的意思是打破了基于给定的依赖关系,这是不允许的基于规则的构建...两个版本都有相同的行为只有输出看起来有点不同…
使用maven-enforcer-plugin版本3.1.0会产生如下相同的故障:

[INFO] -----------------< com.soebes.spring.example:employee >-----------------
[INFO] Building Employee Demo Application 0.0.1-SNAPSHOT
[INFO]   from pom.xml
[INFO] --------------------------------[ jar ]---------------------------------
[INFO] 
[INFO] --- maven-clean-plugin:3.2.0:clean (default-clean) @ employee ---
[INFO] 
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce-banned-dependencies) @ employee ---
[ERROR] Rule 0: org.apache.maven.plugins.enforcer.BannedDependencies failed with message:
Found Banned Dependency: org.apache.tomcat.embed:tomcat-embed-websocket:jar:10.1.8
Found Banned Dependency: org.apache.tomcat.embed:tomcat-embed-el:jar:10.1.8
Found Banned Dependency: org.apache.tomcat.embed:tomcat-embed-core:jar:10.1.8
Use 'mvn dependency:tree' to locate the source of the banned dependencies.
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  0.447 s
[INFO] Finished at: 2023-06-12T12:53:26+02:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-enforcer-plugin:3.1.0:enforce (enforce-banned-dependencies) on project employee: Some Enforcer rules have failed. Look above for specific messages explaining why the rule failed. -> [Help 1]

正如maven-enforcer-plugin版本3.3.0所做的那样:

[INFO] 
[INFO] --- maven-clean-plugin:3.2.0:clean (default-clean) @ employee ---
[INFO] 
[INFO] --- maven-enforcer-plugin:3.3.0:enforce (enforce-banned-dependencies) @ employee ---
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  0.405 s
[INFO] Finished at: 2023-06-12T12:55:35+02:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-enforcer-plugin:3.3.0:enforce (enforce-banned-dependencies) on project employee: 
[ERROR] Rule 0: org.apache.maven.enforcer.rules.dependency.BannedDependencies failed with message:
[ERROR] com.soebes.spring.example:employee:jar:0.0.1-SNAPSHOT
[ERROR]    org.springframework.boot:spring-boot-starter-web:jar:3.1.0
[ERROR]       org.springframework.boot:spring-boot-starter-tomcat:jar:3.1.0
[ERROR]          org.apache.tomcat.embed:tomcat-embed-core:jar:10.1.8 <--- banned via the exclude/include list
[ERROR]          org.apache.tomcat.embed:tomcat-embed-el:jar:10.1.8 <--- banned via the exclude/include list
[ERROR]          org.apache.tomcat.embed:tomcat-embed-websocket:jar:10.1.8 <--- banned via the exclude/include list
[ERROR] 
[ERROR] -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]

更新:
如果通过以下方式排除tomcat依赖项:

<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-web</artifactId>
  <exclusions>
    <exclusion>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-tomcat</artifactId>
    </exclusion>
  </exclusions>
</dependency>

但是你必须小心,因为你需要其他支持servlet等的东西。
如果你需要覆盖依赖的范围(这意味着改变范围),你必须在dependencyManagement节中这样做。

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-dependencies</artifactId>
    <version>${spring.boot.version}</version>
    <scope>import</scope>
    <type>pom</type>
  </dependency>
  <dependency>
    <groupId>org.apache.tomcat.embed</groupId>
    <artifactId>tomcat-embed-el</artifactId>
    <!--  Overriding scope of transitive dependency from spring-boot-starter-validation but new enforcer plugin does NOT respect that  -->
    <scope>test</scope>
  </dependency>

这需要对每个要更改作用域的依赖项完成…

相关问题