| ~~ Licensed to the Apache Software Foundation (ASF) under one |
| ~~ or more contributor license agreements. See the NOTICE file |
| ~~ distributed with this work for additional information |
| ~~ regarding copyright ownership. The ASF licenses this file |
| ~~ to you under the Apache License, Version 2.0 (the |
| ~~ "License"); you may not use this file except in compliance |
| ~~ with the License. You may obtain a copy of the License at |
| ~~ |
| ~~ http://www.apache.org/licenses/LICENSE-2.0 |
| ~~ |
| ~~ Unless required by applicable law or agreed to in writing, |
| ~~ software distributed under the License is distributed on an |
| ~~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| ~~ KIND, either express or implied. See the License for the |
| ~~ specific language governing permissions and limitations |
| ~~ under the License. |
| |
| ------ |
| Ban Dependency Management Scope |
| ------ |
| Konrad Windszus |
| ------ |
| June 2022 |
| ------ |
| |
| Ban Dependency Management Scope |
| |
| This rule bans all scope values except for {{{https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Importing_Dependencies}<<<import>>>}} from dependencies within the dependency management. |
| |
| The following parameters are supported by this rule: |
| |
| * <<checkEffectivePom>> - if <<<true>>> the dependencyManagement from imports and parent pom's are checked as well, otherwise only the local dependencyManagement defined in the current project's pom.xml. Default is <<<false>>>. |
| |
| * <<excludes>> - a list of dependencies to ignore. The format is <<<groupId[:artifactId][:version][:type][:scope][:classifier]>>> where <<<artifactId>>>, <<<version>>>, <<<type>>>, <<<scope>>> and <<<classifier>>> are optional. Wildcards may be used to replace an entire or just parts of a section. |
| Examples: |
| |
| * <<<org.apache.maven>>> |
| |
| * <<<org.apache.maven:someArtifact>>> |
| |
| * <<<org.apache.maven:artifact:someVersion>>> |
| |
| * <<<org.apache.maven:*:1.2>>> (exclude version 1.2 and above, equivalent to [1.2,) ) |
| |
| * <<<org.apache.maven:*:[1.2]>>> (explicit exclude of version 1.2) |
| |
| * <<<org.apache.maven:*:*:jar:test>>> |
| |
| * <<<*:*:*:jar:compile:tests>>> |
| |
| * <<<org.apache.*:maven-*:*>>> |
| |
| [] |
| |
| * <<message>> - an optional message to the user if the rule fails. |
| |
| [] |
| |
| |
| Sample Plugin Configuration: |
| |
| +---+ |
| <project> |
| [...] |
| <build> |
| <plugins> |
| <plugin> |
| <groupId>org.apache.maven.plugins</groupId> |
| <artifactId>maven-enforcer-plugin</artifactId> |
| <version>${project.version}</version> |
| <executions> |
| <execution> |
| <id>ban-dependency-management-scope</id> |
| <goals> |
| <goal>enforce</goal> |
| </goals> |
| <configuration> |
| <rules> |
| <banDependencyManagementScope> |
| <excludes> |
| <exclude>org.apache.maven</exclude> |
| </excludes> |
| <checkEffectivePom>true</checkEffectivePom> |
| </banDependencyManagementScope> |
| </rules> |
| </configuration> |
| </execution> |
| </executions> |
| </plugin> |
| </plugins> |
| </build> |
| [...] |
| </project> |
| +---+ |