Commit Graph

2592 Commits

Author SHA1 Message Date
Tamas Cservenak 0222aff6c9
[MNG-8447] Lossy ProblemCollector (#1994)
Historically (from Maven3) "problem collection" (in various scenarios, like building effective settings and toolchains, to building models) were done by passing around `List<Problem>` structure. This proved quite ineffective, as in case of (really) huge projects with quite big count of problems reported choked Maven (but also produced unusable output). We are aware of projects producing 3 million warnings! Dumping all of them onto console/log makes really no sense.

This PR changes Maven that by default it reports "problems" (settings building, toolchains building, or model building) as one liner warnings: how much and where were problems collected. This produces much more less overwhelming output than happens on master. User can control "build errors" using `-e`, so `mvn -e` will dump errors on screen/log.

The new `org.apache.maven.api.services.ProblemCollector<P>` class, that is somewhat "drop in" replacement for `List`, but with huge difference: it is "lossy", in a way, it maintains counters precisely, but actual problem instances are simply dropped after threshold `maven.builder.maxProblems` is surpassed (default 100). See `org.apache.maven.api.Constants#MAVEN_BUILDER_MAX_PROBLEMS`.

Rules:
* on problem addition counters are always updated
* if below threshold, store the problem (and will be reported later to the user)
* if above threshold, try to drop one problem with severity lower than currently reported problem, if succeeded, store the current problem, otherwise drop it

---

https://issues.apache.org/jira/browse/MNG-8447
2024-12-19 15:50:21 +01:00
dependabot[bot] cd36684ade
[MNG-8440] Bump org.junit.jupiter:junit-jupiter from 5.11.3 to 5.11.4 (#1988)
Bumps [org.junit.jupiter:junit-jupiter](https://github.com/junit-team/junit5) from 5.11.3 to 5.11.4.
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.11.3...r5.11.4)

---
updated-dependencies:
- dependency-name: org.junit.jupiter:junit-jupiter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

---

https://issues.apache.org/jira/browse/MNG-8440
2024-12-17 10:55:10 +01:00
Tamas Cservenak 4b0ac99056 Post release setup 2024-12-16 20:32:37 +01:00
Guillaume Nodet 5375f61a1d
[MNG-8414] Warn when not able to downgrade consumer POM unless preserveModelVersion is forced to true (#1981) 2024-12-14 00:10:59 +01:00
Guillaume Nodet ddae283c2b
[MNG-8245][MNG-8246] Warn when calling before: or after: phases (#1974) 2024-12-14 00:07:01 +01:00
Guillaume Nodet 5d449f9a24
[MNG-8244] Using before:all / all / after:all is not triggered (#1973) 2024-12-14 00:04:37 +01:00
Tamas Cservenak 50aecc7432
[MNG-8419][MNG-8424] Too aggressive warning for pre-Maven4 passwords (#1970)
Toned down the Maven4 sec dispatcher messages. Also, IF maven3 passwords detected AND there was `.mvn/extensions.xml` the warnings were doubled.

Examples:

Failure to start Maven (due non-decryptable passwords):
```
$ mvn clean
[ERROR] Error executing Maven.
[ERROR] Error building settings
 * FATAL: Could not decrypt password (fix the corrupted password or remove it, if unused) {xL6L/HbmrY++sNkphnq3fguYepTpM04WlIXb8nB1pk=}
 * WARNING: Detected 2 pre-Maven 4 legacy encrypted password(s) - configure password encryption with the help of mvnenc for increased security.
$
```

Warning at start (due Maven3 passwords):
```
$ mvn clean
[INFO]
[INFO] Some problems were encountered while building the effective settings (use -X to see details)
[INFO]
[INFO] Scanning for projects...
[INFO] --------------------------------------------------------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Apache Maven
...
```

---

https://issues.apache.org/jira/browse/MNG-8424
https://issues.apache.org/jira/browse/MNG-8419
2024-12-12 17:43:08 +01:00
Tamas Cservenak 79d7739dcc
[MNG-8406] Proper IT isolation (#1968)
Implement proper IT isolation, in a way, that user running ITs should not have it's own env "mixed in" into IT runs. In essence, use "alternate" `user.home` for ITs. Also use proper means to set user home. This will also stop fork 4 ITs (as they were forked due presence of env variable).

Note: yes, this causes longer IT execution time (as can be seen), as the ITs user home (core-it-suite/target/user-home) starts as empty (tail is set to "outer" local repo), so ITs do download stuff.

---

https://issues.apache.org/jira/browse/MNG-8406
2024-12-12 15:24:03 +01:00
Tamas Cservenak 5b7a6de55a
[MNG-8421] Move all of logging setup to LookupInvoker; mvnenc IT (#1964)
Currently mvnenc is unable to log to file (-l) as logging setup is incomplete, move all of this logic to LookupInvoker. Also, create prompt in mvnenc only when needed. Finally, implement needed changes to support mvnenc ITs and add mvnenc IT.

Other changes:
* get rid of `distributionFileName` dirty hack, is remnant from old ITs
* fix CI re removal of that above and use of site that is brain-dead

---

https://issues.apache.org/jira/browse/MNG-8421
2024-12-12 09:43:12 +01:00
Guillaume Nodet 9c77221cbc
[MNG-8393] Enable consumer pom by default for 4.1.0 model version only (#1963) 2024-12-12 09:07:12 +01:00
Guillaume Nodet 781d19d9f1
[MNG-8410] Rename maven-api-meta to maven-api-annotations (#1957) 2024-12-10 22:43:27 +01:00
Tamas Cservenak 01e47259d2
IT: Streamline ITs more (#1952)
Changes:
* remove unneeded POM cruft
* remove embedded profile (is default) introduce forked profile
* CI: drop "embedded" profile use
2024-12-05 17:03:20 +01:00
Tamas Cservenak f7f6281e13
IT: Drop dead stuff (#1951)
These are ancient ITs that are and were disabled forever. They were compiled, their resources copied and all, just to not contribute anything to build/ITs.
2024-12-05 14:40:43 +01:00
Tamas Cservenak 8cd6f83e73
[MNG-8403] Collapse IT utils and helpers (#1949)
Changes:
* move all into same package
* stop direct use of ResourceExtractor, redirect all ITs to superclass method
* drop unneeded ResourceExtractor, it never "extracts" anything
* un-fork ITs where applicable (ie. due new CLI param or so that was not supported before)

---

https://issues.apache.org/jira/browse/MNG-8403
2024-12-05 13:40:02 +01:00
Tamas Cservenak e74bde05c9
[MNG-8403] Maven ITs use maven-executor (#1940)
The goal of this PR is manifold, but major one is to be able to use in ITs new options introduced in Maven4. Currently the "embedded" mode supports only Maven3 options, as Maven4 got new CLI entry point (CLIng), while verifier uses old MavenCli entry point, that is also deprecated. Finally, a full cleanup of (black) magic happened as well, keep ITs simple and clean.

Changes:
* dropped from ITs classpath maven-shared-util
* dropped from ITs classpath maven-verifier, copied last master Verifier to maven-it-helper and modified
* enhancements to new maven-executor to make it fully replace maven-verifier
* ITs are now using new infra and are using new CLIng "entry point" as well (so far ITs used deprecated maven-embedder/MavenCLI class).

---

https://issues.apache.org/jira/browse/MNG-8403
2024-12-05 09:02:41 +01:00
Tamas Cservenak 794efae428
[MNG-8400] Make sure base parser uses canonical maven.home (#1945)
As currently it is mixing canonical paths with non-canonical ones.

---

https://issues.apache.org/jira/browse/MNG-8400
2024-12-03 13:50:31 +01:00
Tamas Cservenak d7917e4345
IT: Move ITs off maven-shared-utils (#1941)
No dependency change yet, just remote all the use of
maven-shared-utils from IT classes. Plexus Utils in
present anyways, but also modern Java offers many
of used stuff as well.
2024-11-28 11:36:19 +01:00
Tamas Cservenak 0bf1ca18b8
The IT properties creeped in into main build (#1935)
This prevents release.
2024-11-25 11:53:54 +01:00
Tamas Cservenak fcd9c0f018
[MNG-8385] Introduce proto session, make CLIng use PropertyContributor (#1929)
And make use of it in CLIng. Also, move from "late" Resolver session factory to "early" CLIng invocation of `PropertyContributor` SPI and make contribution visible across whole Maven, not only Resolver.

---

https://issues.apache.org/jira/browse/MNG-8385
2024-11-20 20:58:27 +01:00
dependabot[bot] 377bc3192c
IT: Bump commons-io:commons-io from 2.17.0 to 2.18.0 (#1927)
Bumps commons-io:commons-io from 2.17.0 to 2.18.0.

---
updated-dependencies:
- dependency-name: commons-io:commons-io
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-20 19:48:45 +01:00
Tamas Cservenak 88c6ff5e7e
IT: Consolidate ITs somewhat (#1924)
Align versions where possible, remove dead stuff.

Ant based Mojos were deprecated in Maven3 era, and
this is Maven4, so no need to test this. Is full
of ancient artifacts anyway.
2024-11-19 14:30:27 +01:00
dependabot[bot] a8057b0920
IT: Bump org.apache.maven.wagon:wagon-webdav-jackrabbit from 3.0.0 to 3.5.3 (#1923)
Bumps org.apache.maven.wagon:wagon-webdav-jackrabbit from 3.0.0 to 3.5.3.

---
updated-dependencies:
- dependency-name: org.apache.maven.wagon:wagon-webdav-jackrabbit
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-19 11:51:29 +01:00
Guillaume Nodet bbf57bca60
[MNG-8383] Fix unsupported type dependencies put on classpath (#1921) 2024-11-19 00:56:12 +01:00
dependabot[bot] ce096fea3e
Bump org.sonatype.maven.plugin:emma4it-maven-plugin from 1.2 to 1.3 (#1918)
Bumps org.sonatype.maven.plugin:emma4it-maven-plugin from 1.2 to 1.3.

---
updated-dependencies:
- dependency-name: org.sonatype.maven.plugin:emma4it-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-18 09:54:18 +01:00
dependabot[bot] 0ef049c748
Bump org.codehaus.plexus:plexus-component-metadata from 2.1.1 to 2.2.0 (#1905)
Bumps [org.codehaus.plexus:plexus-component-metadata](https://github.com/codehaus-plexus/plexus-containers) from 2.1.1 to 2.2.0.
- [Release notes](https://github.com/codehaus-plexus/plexus-containers/releases)
- [Changelog](https://github.com/codehaus-plexus/plexus-containers/blob/master/ReleaseNotes.md)
- [Commits](https://github.com/codehaus-plexus/plexus-containers/compare/plexus-containers-2.1.1...plexus-containers-2.2.0)

---
updated-dependencies:
- dependency-name: org.codehaus.plexus:plexus-component-metadata
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-18 08:34:18 +01:00
dependabot[bot] 13342db73e
Bump org.apache.maven.plugin-tools:maven-plugin-annotations (#1908)
Bumps [org.apache.maven.plugin-tools:maven-plugin-annotations](https://github.com/apache/maven-plugin-tools) from 3.6.4 to 3.15.1.
- [Release notes](https://github.com/apache/maven-plugin-tools/releases)
- [Commits](https://github.com/apache/maven-plugin-tools/compare/maven-plugin-tools-3.6.4...maven-plugin-tools-3.15.1)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugin-tools:maven-plugin-annotations
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-18 08:32:55 +01:00
Guillaume Nodet 12b3dae3ce
Add CI cache (#1914)
* Add cache for all steps
* Pass through the maven.repo.loca.tail property
2024-11-17 15:50:32 +01:00
Guillaume Nodet c4834efdba
Move everything out of bootstrap (#1909) 2024-11-16 18:50:22 +01:00
Tamas Cservenak 1614226c68
[MNG-8379] Decrypt all of settings on building it (#1913)
The decryption should happen transparently, also, resolver should not decrypt for itself only, whole maven should have access to all.

This PR also disables Maven 3.0 IT MNG-4459 as Maven4 stops with this "security through obscurity" (keep encrypted pw in memory kinda for "security reasons" but in reality any mojo or extension can decrypt anything they want).

---

https://issues.apache.org/jira/browse/MNG-8379
2024-11-16 14:55:43 +01:00
Guillaume Nodet 4b0dd4362a
Cleanup file access and assertions in ITs (#1912) 2024-11-15 13:08:33 +01:00
Guillaume Nodet a14732597b
[MNG-8336] Only inject plugins information if requested (#1904) 2024-11-15 10:24:21 +01:00
Guillaume Nodet 46707e0f28
[MNG-8340] Resolve parent according to the exact model location (#1857) 2024-11-13 20:26:56 +01:00
dependabot[bot] 11c235eafe
IT: Bump org.codehaus.plexus:plexus-component-annotations (#1878)
Bumps [org.codehaus.plexus:plexus-component-annotations](https://github.com/codehaus-plexus/plexus-containers) from 2.1.1 to 2.2.0.
- [Release notes](https://github.com/codehaus-plexus/plexus-containers/releases)
- [Changelog](https://github.com/codehaus-plexus/plexus-containers/blob/master/ReleaseNotes.md)
- [Commits](https://github.com/codehaus-plexus/plexus-containers/compare/plexus-containers-2.1.1...plexus-containers-2.2.0)

---
updated-dependencies:
- dependency-name: org.codehaus.plexus:plexus-component-annotations
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-13 16:02:14 +01:00
Tamas Cservenak f36f8e1bd6
IT: update archaic deps (#1903)
This PR is based on dependabot PRs but they require code changes as well.

Based on:
* https://github.com/apache/maven/pull/1895
* https://github.com/apache/maven/pull/1889
2024-11-13 16:00:55 +01:00
P. Ottlinger 4b18bfb9a8
[MNG-8372] Augment error message to give users more context when running into deprecated encryption warning (#1898)
Augment error message to give users more context when running into deprecated encryption warning

---

https://issues.apache.org/jira/browse/MNG-8372
2024-11-13 15:15:57 +01:00
dependabot[bot] c7effeb15c
IT: Bump org.codehaus.plexus:plexus-velocity from 1.1.7 to 2.2.0 (#1901)
Bumps [org.codehaus.plexus:plexus-velocity](https://github.com/codehaus-plexus/plexus-velocity) from 1.1.7 to 2.2.0.
- [Release notes](https://github.com/codehaus-plexus/plexus-velocity/releases)
- [Commits](https://github.com/codehaus-plexus/plexus-velocity/commits/plexus-velocity-2.2.0)

---
updated-dependencies:
- dependency-name: org.codehaus.plexus:plexus-velocity
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-13 10:51:39 +01:00
dependabot[bot] d0cdd8c13e
IT: Bump commons-io:commons-io from 2.14.0 to 2.17.0 (#1899)
Bumps commons-io:commons-io from 2.14.0 to 2.17.0.

---
updated-dependencies:
- dependency-name: commons-io:commons-io
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-12 20:35:16 +01:00
dependabot[bot] 49482c53fc
IT: Bump org.hamcrest:hamcrest from 2.2 to 3.0 (#1900)
Bumps [org.hamcrest:hamcrest](https://github.com/hamcrest/JavaHamcrest) from 2.2 to 3.0.
- [Release notes](https://github.com/hamcrest/JavaHamcrest/releases)
- [Changelog](https://github.com/hamcrest/JavaHamcrest/blob/master/CHANGES.md)
- [Commits](https://github.com/hamcrest/JavaHamcrest/compare/v2.2...v3.0)

---
updated-dependencies:
- dependency-name: org.hamcrest:hamcrest
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-12 20:35:01 +01:00
dependabot[bot] de4bba8787
IT: Bump org.junit.jupiter:junit-jupiter from 5.8.0 to 5.11.3 (#1894)
Bumps [org.junit.jupiter:junit-jupiter](https://github.com/junit-team/junit5) from 5.8.0 to 5.11.3.
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.8.0...r5.11.3)

---
updated-dependencies:
- dependency-name: org.junit.jupiter:junit-jupiter
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-11 12:10:52 +01:00
dependabot[bot] 0752547314
IT: Bump org.apache.maven.shared:maven-shared-utils from 0.9 to 3.4.2 (#1896)
Bumps [org.apache.maven.shared:maven-shared-utils](https://github.com/apache/maven-shared-utils) from 0.9 to 3.4.2.
- [Release notes](https://github.com/apache/maven-shared-utils/releases)
- [Commits](https://github.com/apache/maven-shared-utils/compare/maven-shared-utils-0.9...maven-shared-utils-3.4.2)

---
updated-dependencies:
- dependency-name: org.apache.maven.shared:maven-shared-utils
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-11 12:10:32 +01:00
dependabot[bot] 8dcee59138
IT: Bump log4j:log4j from 1.2.14 to 1.2.17 (#1890)
Bumps log4j:log4j from 1.2.14 to 1.2.17.

---
updated-dependencies:
- dependency-name: log4j:log4j
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-08 09:51:42 +01:00
dependabot[bot] 5be30376e9
IT: Bump org.codehaus.plexus:plexus-container-default (#1891)
Bumps org.codehaus.plexus:plexus-container-default from 1.0-alpha-9 to 2.1.1.

---
updated-dependencies:
- dependency-name: org.codehaus.plexus:plexus-container-default
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-08 09:51:32 +01:00
dependabot[bot] e65819388f
IT: Bump junit:junit from 3.8.1 to 4.13.2 (#1892)
Bumps [junit:junit](https://github.com/junit-team/junit4) from 3.8.1 to 4.13.2.
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.13.2.md)
- [Commits](https://github.com/junit-team/junit4/commits/r4.13.2)

---
updated-dependencies:
- dependency-name: junit:junit
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-08 09:51:22 +01:00
Tamas Cservenak 37b8a62bd5
IT fix: Drop ancient reporting, use latest (#1887)
Attempt to stop ITs pulling in ancient (and vulnerable) deps.
2024-11-07 17:41:37 +01:00
Tamas Cservenak a836e898b0
IT: cleanup (#1886)
Yet another round

Changes:
* get rid of Guava (2 classes affected)
* align dependencies
* align plugins
2024-11-07 12:43:46 +01:00
Tamas Cservenak 1b3a3575ca
IT: Ant update (#1879)
Dependabot missed that it needs several deps updated
at once.
2024-11-06 14:36:32 +01:00
dependabot[bot] 0da78176d7
Bump org.codehaus.plexus:plexus-utils (#1867)
Bumps [org.codehaus.plexus:plexus-utils](https://github.com/codehaus-plexus/plexus-utils) from 1.1 to 3.0.24.
- [Release notes](https://github.com/codehaus-plexus/plexus-utils/releases)
- [Commits](https://github.com/codehaus-plexus/plexus-utils/commits/plexus-utils-3.0.24)

---
updated-dependencies:
- dependency-name: org.codehaus.plexus:plexus-utils
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-06 14:00:02 +01:00
dependabot[bot] e9f5a1fd4a
Bump commons-io:commons-io (#1868)
Bumps commons-io:commons-io from 1.4 to 2.14.0.

---
updated-dependencies:
- dependency-name: commons-io:commons-io
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-06 13:59:53 +01:00
dependabot[bot] 1ff134ecc3
Bump org.apache.maven.shared:maven-shared-utils (#1869)
Bumps [org.apache.maven.shared:maven-shared-utils](https://github.com/apache/maven-shared-utils) from 0.1 to 3.3.3.
- [Release notes](https://github.com/apache/maven-shared-utils/releases)
- [Commits](https://github.com/apache/maven-shared-utils/compare/maven-shared-utils-0.1...maven-shared-utils-3.3.3)

---
updated-dependencies:
- dependency-name: org.apache.maven.shared:maven-shared-utils
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-06 13:59:31 +01:00
dependabot[bot] fe35d034ef
Bump org.apache.maven:maven-core (#1871)
Bumps org.apache.maven:maven-core from 3.6.0 to 3.8.1.

---
updated-dependencies:
- dependency-name: org.apache.maven:maven-core
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-06 13:59:07 +01:00