| <?xml version="1.0" encoding="UTF-8"?> |
| <!-- |
| |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| |
| --> |
| <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
| xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> |
| |
| <modelVersion>4.0.0</modelVersion> |
| |
| <parent> |
| <groupId>org.apache</groupId> |
| <artifactId>apache</artifactId> |
| <version>26</version> |
| </parent> |
| |
| <groupId>org.apache.flex.blazeds</groupId> |
| <artifactId>blazeds</artifactId> |
| <version>4.8.0-SNAPSHOT</version> |
| <packaging>pom</packaging> |
| |
| <name>Apache Flex - BlazeDS</name> |
| |
| <properties> |
| <!-- URL of the ASF SonarQube server --> |
| <sonar.host.url>https://builds.apache.org/analysis</sonar.host.url> |
| <!-- Tell sonar where the coverage reports are located --> |
| <sonar.jacoco.reportPath>${project.build.directory}/coverage-reports/jacoco-ut.exec</sonar.jacoco.reportPath> |
| <sonar.jacoco.itReportPath>${project.build.directory}/coverage-reports/jacoco-it.exec |
| </sonar.jacoco.itReportPath> |
| <!-- Exclude all generated code --> |
| <sonar.exclusions>file:**/generated-sources/**</sonar.exclusions> |
| </properties> |
| |
| <mailingLists> |
| <mailingList> |
| <name>Apache Flex Dev List</name> |
| <subscribe>dev-subscribe@flex.apache.org</subscribe> |
| <unsubscribe>dev-unsubscribe@flex.apache.org</unsubscribe> |
| <post>dev@flex.apache.org</post> |
| <archive>https://mail-archives.apache.org/mod_mbox/flex-dev/</archive> |
| </mailingList> |
| <mailingList> |
| <name>Apache Flex User List</name> |
| <subscribe>users-subscribe@flex.apache.org</subscribe> |
| <unsubscribe>users-unsubscribe@flex.apache.org</unsubscribe> |
| <post>users@flex.apache.org</post> |
| <archive>https://mail-archives.apache.org/mod_mbox/flex-users/</archive> |
| </mailingList> |
| </mailingLists> |
| |
| <scm> |
| <connection>scm:git:https://git-wip-us.apache.org/repos/asf/flex-blazeds.git</connection> |
| <developerConnection>scm:git:https://git-wip-us.apache.org/repos/asf/flex-blazeds.git</developerConnection> |
| <url>https://git-wip-us.apache.org/repos/asf/flex-blazeds.git</url> |
| </scm> |
| |
| <modules> |
| <module>archetypes</module> |
| <module>common</module> |
| <module>core</module> |
| <module>remoting</module> |
| <module>opt</module> |
| </modules> |
| |
| <build> |
| <plugins> |
| <plugin> |
| <groupId>org.apache.rat</groupId> |
| <artifactId>apache-rat-plugin</artifactId> |
| <version>0.14</version> |
| <executions> |
| <execution> |
| <id>license-check</id> |
| <phase>verify</phase> |
| <goals> |
| <goal>check</goal> |
| </goals> |
| </execution> |
| </executions> |
| <configuration> |
| <useMavenDefaultExcludes>true</useMavenDefaultExcludes> |
| <excludes> |
| <!-- |
| some modules aren't included in every build. |
| this ensures that their "target" dir is skipped |
| when not included. |
| --> |
| <exclude>**/target/**</exclude> |
| <!-- Ignore IDE project files --> |
| <exclude>**/*.iml</exclude> |
| <exclude>**/.vscode/**</exclude> |
| </excludes> |
| </configuration> |
| </plugin> |
| |
| <plugin> |
| <groupId>org.apache.maven.plugins</groupId> |
| <artifactId>maven-compiler-plugin</artifactId> |
| <configuration> |
| <source>1.8</source> |
| <target>1.8</target> |
| </configuration> |
| </plugin> |
| |
| <plugin> |
| <groupId>org.jacoco</groupId> |
| <artifactId>jacoco-maven-plugin</artifactId> |
| <version>0.8.8</version> |
| <executions> |
| <!-- |
| Prepares the property pointing to the JaCoCo runtime agent which |
| is passed as VM argument when Maven the Surefire plugin is executed. |
| --> |
| <execution> |
| <id>pre-unit-test</id> |
| <goals> |
| <goal>prepare-agent</goal> |
| </goals> |
| <configuration> |
| <!-- Sets the path to the file which contains the execution data. --> |
| <destFile>${project.build.directory}/coverage-reports/jacoco-ut.exec</destFile> |
| <!-- |
| Sets the name of the property containing the settings |
| for JaCoCo runtime agent. |
| --> |
| <propertyName>surefireArgLine</propertyName> |
| </configuration> |
| </execution> |
| <!-- |
| Ensures that the code coverage report for unit tests is created after |
| unit tests have been run. |
| --> |
| <execution> |
| <id>post-unit-test</id> |
| <phase>test</phase> |
| <goals> |
| <goal>report</goal> |
| </goals> |
| <configuration> |
| <!-- Sets the path to the file which contains the execution data. --> |
| <dataFile>${project.build.directory}/coverage-reports/jacoco-ut.exec</dataFile> |
| <!-- Sets the output directory for the code coverage report. --> |
| <outputDirectory>${project.reporting.outputDirectory}/jacoco-ut</outputDirectory> |
| </configuration> |
| </execution> |
| <!-- |
| Prepares the property pointing to the JaCoCo runtime agent which |
| is passed as VM argument when Maven the Failsafe plugin is executed. |
| --> |
| <execution> |
| <id>pre-integration-test</id> |
| <phase>pre-integration-test</phase> |
| <goals> |
| <goal>prepare-agent</goal> |
| </goals> |
| <configuration> |
| <!-- Sets the path to the file which contains the execution data. --> |
| <destFile>${project.build.directory}/coverage-reports/jacoco-it.exec</destFile> |
| <!-- |
| Sets the name of the property containing the settings |
| for JaCoCo runtime agent. |
| --> |
| <propertyName>failsafeArgLine</propertyName> |
| </configuration> |
| </execution> |
| <!-- |
| Ensures that the code coverage report for integration tests after |
| integration tests have been run. |
| --> |
| <execution> |
| <id>post-integration-test</id> |
| <phase>post-integration-test</phase> |
| <goals> |
| <goal>report</goal> |
| </goals> |
| <configuration> |
| <!-- Sets the path to the file which contains the execution data. --> |
| <dataFile>${project.build.directory}/coverage-reports/jacoco-it.exec</dataFile> |
| <!-- Sets the output directory for the code coverage report. --> |
| <outputDirectory>${project.reporting.outputDirectory}/jacoco-it</outputDirectory> |
| </configuration> |
| </execution> |
| </executions> |
| </plugin> |
| |
| <plugin> |
| <groupId>org.apache.maven.plugins</groupId> |
| <artifactId>maven-surefire-plugin</artifactId> |
| <configuration> |
| <includes> |
| <include>**/*Tests.java</include> |
| <include>**/*Test.java</include> |
| </includes> |
| </configuration> |
| </plugin> |
| |
| <!-- Disabled the Integration Tests as these seem to hang on the CI server --> |
| <!--plugin> |
| <groupId>org.apache.maven.plugins</groupId> |
| <artifactId>maven-failsafe-plugin</artifactId> |
| <executions> |
| <execution> |
| <goals> |
| <goal>integration-test</goal> |
| <goal>verify</goal> |
| </goals> |
| </execution> |
| </executions> |
| </plugin--> |
| |
| <!-- Turned off till the JavaDoc tags are all correctly set --> |
| <plugin> |
| <groupId>org.apache.maven.plugins</groupId> |
| <artifactId>maven-javadoc-plugin</artifactId> |
| <configuration> |
| <skip>true</skip> |
| </configuration> |
| </plugin> |
| |
| <!-- Plugin to detect problems with JDK incompatibilities --> |
| <plugin> |
| <groupId>org.codehaus.mojo</groupId> |
| <artifactId>animal-sniffer-maven-plugin</artifactId> |
| <version>1.21</version> |
| <executions> |
| <execution> |
| <id>check-jdk-1.8</id> |
| <phase>test</phase> |
| <goals> |
| <goal>check</goal> |
| </goals> |
| </execution> |
| </executions> |
| <configuration> |
| <signature> |
| <groupId>org.codehaus.mojo.signature</groupId> |
| <artifactId>java18</artifactId> |
| <version>1.0</version> |
| </signature> |
| </configuration> |
| </plugin> |
| </plugins> |
| </build> |
| |
| <reporting> |
| <plugins> |
| |
| <!-- Generates a changelog report from GIT commits --> |
| <plugin> |
| <groupId>org.apache.maven.plugins</groupId> |
| <artifactId>maven-changelog-plugin</artifactId> |
| <version>2.3</version> |
| <configuration> |
| <!-- Automatically link Jira issues --> |
| <issueLinkUrl>https://issues.apache.org/jira/browse/%ISSUE%</issueLinkUrl> |
| </configuration> |
| </plugin> |
| |
| <!-- Generates a report with the details of the unit- and integrationtests --> |
| <plugin> |
| <groupId>org.apache.maven.plugins</groupId> |
| <artifactId>maven-surefire-report-plugin</artifactId> |
| <version>2.22.2</version> |
| </plugin> |
| |
| <!-- Generates a report with the test coverages --> |
| <plugin> |
| <groupId>org.jacoco</groupId> |
| <artifactId>jacoco-maven-plugin</artifactId> |
| <version>0.8.8</version> |
| </plugin> |
| |
| <!-- Generate the JavaDoc API documentation --> |
| <plugin> |
| <groupId>org.apache.maven.plugins</groupId> |
| <artifactId>maven-javadoc-plugin</artifactId> |
| <version>3.4.0</version> |
| </plugin> |
| </plugins> |
| </reporting> |
| |
| <dependencyManagement> |
| <dependencies> |
| <!-- TODO: This is the latest version of commons-httpclient, however there are CVEs reported for this, the replacement is org.apache.httpcomponents:httpclient however changing to this requires quite some refactoring of the code --> |
| <dependency> |
| <groupId>commons-httpclient</groupId> |
| <artifactId>commons-httpclient</artifactId> |
| <version>3.1</version> |
| </dependency> |
| <!--dependency> |
| <groupId>org.apache.httpcomponents</groupId> |
| <artifactId>httpclient</artifactId> |
| <version>4.5.13</version> |
| </dependency--> |
| |
| <dependency> |
| <groupId>commons-codec</groupId> |
| <artifactId>commons-codec</artifactId> |
| <version>1.15</version> |
| </dependency> |
| |
| <!-- Optionals --> |
| |
| <dependency> |
| <groupId>org.jgroups</groupId> |
| <artifactId>jgroups</artifactId> |
| <version>4.2.21.Final</version> |
| </dependency> |
| |
| <dependency> |
| <groupId>javax.servlet</groupId> |
| <artifactId>servlet-api</artifactId> |
| <version>2.5</version> |
| </dependency> |
| |
| <dependency> |
| <groupId>javax.jms</groupId> |
| <artifactId>javax.jms-api</artifactId> |
| <version>2.0.1</version> |
| </dependency> |
| |
| <!-- Testing --> |
| |
| <dependency> |
| <groupId>junit</groupId> |
| <artifactId>junit</artifactId> |
| <version>4.13.1</version> |
| </dependency> |
| </dependencies> |
| </dependencyManagement> |
| |
| <profiles> |
| <!-- create source-release and binary-realase archives --> |
| <profile> |
| <id>with-distribution</id> |
| <modules> |
| <module>distribution</module> |
| </modules> |
| </profile> |
| <profile> |
| <id>with-owasp</id> |
| <build> |
| <plugins> |
| <!-- |
| Check the referenced dependencies for known vulnerabilities |
| and fail the build if there are critical ones in our classpath |
| --> |
| <plugin> |
| <groupId>org.owasp</groupId> |
| <artifactId>dependency-check-maven</artifactId> |
| <version>7.4.4</version> |
| <executions> |
| <execution> |
| <goals> |
| <goal>check</goal> |
| </goals> |
| </execution> |
| </executions> |
| <configuration> |
| <!-- Fail the build on any CVE, which is not considered minor --> |
| <failBuildOnCVSS>4</failBuildOnCVSS> |
| <excludes> |
| <!-- CVE-2015-1773 Affects Apache Flex < 4.10, but BlazeDS has nothing to do with the libraries of the Flex SDK --> |
| <exclude>org.apache.flex.blazeds:flex-messaging-common</exclude> |
| <exclude>org.apache.flex.blazeds:flex-messaging-core</exclude> |
| <exclude>org.apache.flex.blazeds:flex-messaging-proxy</exclude> |
| <exclude>org.apache.flex.blazeds:flex-messaging-remoting</exclude> |
| <exclude>org.apache.flex.blazeds:blazeds-spring-boot-starter</exclude> |
| <exclude>org.apache.flex.blazeds:flex-messaging-opt-tomcat-base</exclude> |
| <!-- TODO: Excluding this dependency, for which there's CVEs reported as it requires refactoring quite a bit. However this should be addressed before the next release --> |
| <exclude>commons-httpclient:commons-httpclient</exclude> |
| </excludes> |
| </configuration> |
| </plugin> |
| </plugins> |
| </build> |
| </profile> |
| </profiles> |
| |
| </project> |
