[BUILD-166] Use SupplementalModel mechanism to correct information in third-party dependency POMs Created: 20/Oct/14 Updated: 13/Apr/17 Resolved: 30/Oct/14 |
|
| Status: | Closed |
| Project: | Build |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | Build Resources 1.6, POMs 30 |
| Type: | Improvement | Priority: | Neutral |
| Reporter: | Zak Greant | Assignee: | Magnolia International |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
|
||||||||||||||||
| Issue Links: |
|
||||||||||||||||
| Template: |
|
||||||||||||||||
| Acceptance criteria: |
Empty
|
||||||||||||||||
| Date of First Response: | |||||||||||||||||
| Description |
|
Many of the POMs for our dependencies contain incorrect information. This matters because we rely on the information in the POMs to generate reports of what licenses we use. Assembling the same information by hand is a long, tedious process. While we can't fix the POMs, we can use Maven's supplemental model mechanism (http://maven.apache.org/plugins/maven-remote-resources-plugin/supplemental-models.html) to inject the correct information. Attached is a sample SupplementalDataModel file. If this works, then Zak will create the remaining entries. |
| Comments |
| Comment by Magnolia International [ 23/Oct/14 ] |
|
Seems to work !
Every single element that we add in supp-models should behave exactly like in a "real" POM file, thus follow this XSD: http://maven.apache.org/xsd/maven-4.0.0.xsd (it's actually validated) - the comments tag that you've been using, documented as "Addendum information pertaining to this license." might thus not be 100% adequate – if you want to use this for documenting our own changes, perhaps a simple <!-- --> would do. I also suspect the <version> tags would work with ranges, which might make this a little more maintainable in the long term. See http://docs.codehaus.org/display/MAVEN/Dependency+Mediation+and+Conflict+Resolution#DependencyMediationandConflictResolution-DependencyVersionRanges (didn't try, but should be easy to verify). Attached a "corrected" version of the file, but it's also on git: https://git.magnolia-cms.com/gitweb/?p=build/poms.git;a=blob;f=build-resources/src/main/resources/supplemental-models.xml;;hb=HEAD |
| Comment by Zak Greant [ 23/Oct/14 ] |
|
Yeehaw! As for the comments tag, I thought that came from the schema – but I must be mistaken. Ideally, I'd like a report-visible way to show extra information about the license. I'll do some reading when I get a moment. |
| Comment by Magnolia International [ 24/Oct/14 ] |
|
Yes the <comments> is in the schema, but plural form. If you want this addition to be visible then, yeah we could use it (and eventually display that in the .txt file too) - keep in mind there might be existing comments in those poms we're overriding too (it seems to be used in a couple of projects, for stuff like "A business-friendly OSS license" or "Mockrunner is released under the terms of an Apache style license, i.e. it's free for commercial and non-commercial use. The release comes with complete source code.") |
| Comment by Magnolia International [ 27/Oct/14 ] |
|
Just checked and this is currently not used by site reports; see BUILD-185 for followup. |
| Comment by Magnolia International [ 30/Oct/14 ] |
|
Added a first round of overrides, generated via SYS-659. |