- format xml
- move definition of plugins dependency-check + jacoco to plugins-mangement
- update surefire plugin to 3.0.0-M4
git-svn-id: https://svn.apache.org/repos/asf/turbine/maven/turbine-parent/trunk@1878857 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/pom.xml b/pom.xml
index d2ae0d6..b710e1a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,23 +1,17 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
-<!--
-
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to
+ You under the Apache License, Version 2.0 (the "License"); you may not use
+ this file except in compliance with the License. You may obtain a copy of
+ the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
+ language governing permissions and limitations under the License. -->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.apache</groupId>
@@ -32,36 +26,34 @@
<name>Turbine POM</name>
<description>
The parent POM for the Apache Turbine and Fulcrum project.
- </description>
- <url>https://turbine.apache.org/turbine-parent</url>
-
- <distributionManagement>
+ </description>
+ <url>https://turbine.apache.org/turbine-parent</url>
+
+ <distributionManagement>
<site>
- <id>turbine.apache.org</id>
- <url>scm:svn:${turbine.scmPubUrl}</url>
+ <id>turbine.apache.org</id>
+ <url>scm:svn:${turbine.scmPubUrl}</url>
</site>
</distributionManagement>
-
+
<inceptionYear>2011</inceptionYear>
<!-- Now required by versions plugin -->
<prerequisites>
<maven>3.0.5</maven>
</prerequisites>
-
+
<issueManagement>
<system>jira</system>
<url>https://issues.apache.org/jira/browse/TRB</url>
</issueManagement>
- <!--
- This section *must* be overwritten by subprojects. It is only to allow
- a release of the turbine-parent POM.
- -->
+ <!-- This section *must* be overwritten by subprojects. It is only to allow
+ a release of the turbine-parent POM. -->
<scm>
- <connection>scm:svn:https://svn.apache.org/repos/asf/turbine/maven/turbine-parent/trunk</connection>
- <developerConnection>scm:svn:https://svn.apache.org/repos/asf/turbine/maven/turbine-parent/trunk</developerConnection>
- <url>https://svn.apache.org/viewvc/turbine/maven/turbine-parent/trunk/</url>
+ <connection>scm:svn:https://svn.apache.org/repos/asf/turbine/maven/turbine-parent/tags/turbine-parent-7</connection>
+ <developerConnection>scm:svn:https://svn.apache.org/repos/asf/turbine/maven/turbine-parent/tags/turbine-parent-7</developerConnection>
+ <url>https://svn.apache.org/viewvc/turbine/maven/turbine-parent/tags/turbine-parent-7</url>
</scm>
<mailingLists>
@@ -83,7 +75,7 @@
<build>
<pluginManagement>
- <!-- org.apache.maven.plugins, maven sets order by alpha artifact id -->
+ <!-- org.apache.maven.plugins, maven sets order by alpha artifact id -->
<plugins>
<plugin>
<!-- build the source and binary distribution packages -->
@@ -126,7 +118,7 @@
<addDefaultSpecificationEntries>true</addDefaultSpecificationEntries>
</manifest>
</archive>
- </configuration>
+ </configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
@@ -151,8 +143,8 @@
<configuration>
<archive>
<manifest>
- <addDefaultImplementationEntries>true</addDefaultImplementationEntries>
- <addDefaultSpecificationEntries>true</addDefaultSpecificationEntries>
+ <addDefaultImplementationEntries>true</addDefaultImplementationEntries>
+ <addDefaultSpecificationEntries>true</addDefaultSpecificationEntries>
</manifest>
</archive>
</configuration>
@@ -162,12 +154,79 @@
<artifactId>maven-surefire-plugin</artifactId>
<version>${turbine.surefire.version}</version>
</plugin>
+ <!-- run in profile or optionally, use not as reporting plugin, as
+ it exposes file paths to artifacts and check each possible vulnerability
+ carefully, find more info about how to read, false positives et al. here:
+ https://jeremylong.github.io/DependencyCheck/dependency-check-maven/plugin-info.html
+ or https://github.com/jeremylong/DependencyCheck CLI mvn phase $>mvn verify
+ -Ddependency.check.skip=false or to invoke goal only: $>mvn org.owasp:dependency-check-maven:check
+ -Ddependency.check.skip=false -->
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <version>${turbine.dependency.check.version}</version>
+ <!-- - find all configuration parameters here: https://jeremylong.github.io/DependencyCheck/dependency-check-maven/.
+ - if process hangs up, check or remove all files including odc.mv.db in maven
+ repo in folder org\owasp\dependency-check-data\4.0\. - requires mvn version
+ > 3.3! For older version try to check v 3.2.1 or 3.1.2 -->
+ <executions>
+ <execution>
+ <goals>
+ <goal>check</goal>
+ </goals>
+ </execution>
+ </executions>
+ <configuration>
+ <skip>${dependency.check.skip}</skip>
+ <!--autoUpdate>false</autoUpdate -->
+ </configuration>
+ </plugin>
+ <!-- jacoco is since java 8 enabled by default -->
+ <!-- jacoco agent may block gpg agent ? -->
+ <!-- Be aware, as we exclude tests itself, jacoco only starts, if
+ not skipping tests, as it is a coverage tool! -->
+ <plugin>
+ <groupId>org.jacoco</groupId>
+ <artifactId>jacoco-maven-plugin</artifactId>
+ <version>${turbine.jacoco.version}</version>
+ <configuration>
+ <skip>${jacoco.skip}</skip>
+ <excludes>
+ <exclude>*/*Test*</exclude>
+ </excludes>
+ </configuration>
+ <executions>
+ <execution>
+ <id>default-prepare-agent</id>
+ <goals>
+ <goal>prepare-agent</goal>
+ </goals>
+ </execution>
+ <execution><!-- check or delete jacoco-sessions.html -->
+ <id>report</id>
+ <phase>prepare-package</phase>
+ <goals>
+ <goal>report</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
</plugins>
</pluginManagement>
<plugins>
<!-- org.apache.maven.plugins, alpha order by artifact id -->
<plugin>
- <!-- generate the Eclipse project files or use m2eclipse -->
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <version>${turbine.dependency.check.version}</version>
+ </plugin>
+ <plugin>
+ <groupId>org.jacoco</groupId>
+ <artifactId>jacoco-maven-plugin</artifactId>
+ <version>${turbine.jacoco.version}</version>
+ </plugin>
+ <plugin>
+ <!-- generate the Eclipse project files or use m2eclipse -->
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-eclipse-plugin</artifactId>
<version>2.10</version>
@@ -180,7 +239,7 @@
<!-- generate the IntelliJ project files -->
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-idea-plugin</artifactId>
- <version>2.2.1</version>
+ <version>2.2.1</version>
<configuration>
<jdkLevel>${maven.compile.source}</jdkLevel>
<downloadSources>true</downloadSources>
@@ -199,14 +258,15 @@
<Implementation-Version>${project.version}</Implementation-Version>
<Implementation-Vendor>${project.organization.name}</Implementation-Vendor>
<Implementation-Vendor-Id>org.apache</Implementation-Vendor-Id>
- <Implementation-Build>${implementation.build}</Implementation-Build>
+ <Implementation-Build>${implementation.build}</Implementation-Build>
<X-Compile-Source-JDK>${maven.compiler.source}</X-Compile-Source-JDK>
<X-Compile-Target-JDK>${maven.compiler.target}</X-Compile-Target-JDK>
</manifestEntries>
</archive>
</configuration>
</plugin>
- <!-- source and javadoc plugin are by default in lifecycle phase package, should execute in list order before assembly-plugin -->
+ <!-- source and javadoc plugin are by default in lifecycle phase package,
+ should execute in list order before assembly-plugin -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
@@ -238,8 +298,9 @@
</plugins>
</build>
<reporting>
- <!-- N.B. plugins defined here in the <reporting> section ignore what's defined in <pluginManagement>
- in the <build> section above, so we have to define the versions here. -->
+ <!-- N.B. plugins defined here in the <reporting> section ignore what's
+ defined in <pluginManagement> in the <build> section above, so we have to
+ define the versions here. -->
<plugins>
<!-- org.apache.maven.plugins, alpha order by artifact id -->
<plugin>
@@ -293,10 +354,10 @@
<version>3.13.0</version>
<configuration>
<minimumTokens>200</minimumTokens>
- <!--linkXref>true</linkXref-->
+ <!--linkXref>true</linkXref -->
<targetJdk>${maven.compile.source}</targetJdk>
<rulesets>
- <!-- comment default rule sets: basic, imports, unusedcode -->
+ <!-- comment default rule sets: basic, imports, unusedcode -->
<ruleset>/rulesets/java/basic.xml</ruleset>
<ruleset>/rulesets/java/finalizers.xml</ruleset>
<ruleset>/rulesets/java/imports.xml</ruleset>
@@ -318,9 +379,8 @@
<artifactId>maven-site-plugin</artifactId>
<version>${turbine.site.version}</version>
<configuration>
- <!-- Exclude the navigation file for Maven 1 sites
- and the changes file used by the changes-plugin,
- as they interfere with the site generation. -->
+ <!-- Exclude the navigation file for Maven 1 sites and the changes
+ file used by the changes-plugin, as they interfere with the site generation. -->
<moduleExcludes>
<xdoc>navigation.xml,changes.xml</xdoc>
</moduleExcludes>
@@ -331,7 +391,8 @@
<artifactId>maven-surefire-report-plugin</artifactId>
<version>${turbine.surefire.version}</version>
</plugin>
- <!-- using jacoco since java 8 to get test coverage for regression tests -->
+ <!-- using jacoco since java 8 to get test coverage for regression
+ tests -->
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
@@ -367,7 +428,7 @@
</profile>
<!-- profile to update the Apache parent pom profile of the same name
- to better suit the requirements of Apache Turbine. (Thanks to Apache Commons) -->
+ to better suit the requirements of Apache Turbine. (Thanks to Apache Commons) -->
<profile>
<id>apache-release</id>
<build>
@@ -376,7 +437,7 @@
<artifactId>maven-release-plugin</artifactId>
<configuration>
<releaseProfiles>apache-release</releaseProfiles>
- <mavenExecutorId>forked-path</mavenExecutorId>
+ <mavenExecutorId>forked-path</mavenExecutorId>
</configuration>
</plugin>
<plugin>
@@ -405,7 +466,8 @@
</execution>
<execution>
<id>turbine-default-assembly</id>
- <phase>pre-integration-test</phase><!-- package phase does not suffice if using profile to set it after javadoc and sources -->
+ <phase>pre-integration-test</phase><!-- package phase does
+ not suffice if using profile to set it after javadoc and sources -->
<goals>
<goal>single</goal>
</goals>
@@ -423,66 +485,26 @@
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
- <version>5.3.2</version><!--
- - find all configuration parameters here: https://jeremylong.github.io/DependencyCheck/dependency-check-maven/.
- - if process hangs up, check or remove all files including odc.mv.db in maven repo in folder org\owasp\dependency-check-data\4.0\.
- - requires mvn version > 3.3! For older version try to check v 3.2.1 or 3.1.2 -->
- <executions>
- <execution>
- <goals>
- <goal>check</goal>
- </goals>
- </execution>
- </executions>
- <configuration>
- <skip>${dependency.check.skip}</skip>
- <!--autoUpdate>false</autoUpdate-->
- <!--suppressionFiles>
- <suppressionFile>${project.basedir}/suppression-owasp-fp.xml</suppressionFile>
- </suppressionFiles-->
- </configuration>
</plugin>
- <!-- jacoco is since java 8 enabled by default -->
<plugin>
- <groupId>org.jacoco</groupId>
- <artifactId>jacoco-maven-plugin</artifactId>
- <version>${turbine.jacoco.version}</version>
- <configuration>
- <skip>${jacoco.skip}</skip>
- <excludes>
- <exclude>*/*Test*</exclude>
- </excludes>
- </configuration>
- <executions>
- <execution>
- <id>default-prepare-agent</id>
- <goals>
- <goal>prepare-agent</goal>
- </goals>
- </execution>
- <execution><!-- check or delete jacoco-sessions.html -->
- <id>report</id>
- <phase>prepare-package</phase>
- <goals>
- <goal>report</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
+ <groupId>org.jacoco</groupId>
+ <artifactId>jacoco-maven-plugin</artifactId>
+ </plugin>
</plugins>
</build>
+ <properties>
+ <dependency.check.skip>false</dependency.check.skip>
+ </properties>
</profile>
- <!--
- Configure site plugin to support both Maven2 and Maven3, see:
- http://maven.apache.org/plugins/maven-site-plugin/maven-3.html#Using_the_same_version_of_maven-site-plugin_for_both_Maven_2_and_Maven_3
- Thanks to Apache Commons
- -->
+ <!-- Configure site plugin to support both Maven2 and Maven3, see: http://maven.apache.org/plugins/maven-site-plugin/maven-3.html#Using_the_same_version_of_maven-site-plugin_for_both_Maven_2_and_Maven_3
+ Thanks to Apache Commons -->
<profile>
<id>maven-3</id>
<activation>
<file>
- <!-- The basedir expression is only recognized by Maven 3.x (see MNG-2363) -->
+ <!-- The basedir expression is only recognized by Maven 3.x (see
+ MNG-2363) -->
<exists>${basedir}</exists>
</file>
</activation>
@@ -492,12 +514,12 @@
<artifactId>maven-site-plugin</artifactId>
<dependencies>
<dependency>
- <!-- add support for ssh/scp -->
- <groupId>org.apache.maven.wagon</groupId>
- <artifactId>wagon-ssh</artifactId>
- <version>${turbine.wagon-ssh.version}</version>
- </dependency>
- </dependencies>
+ <!-- add support for ssh/scp -->
+ <groupId>org.apache.maven.wagon</groupId>
+ <artifactId>wagon-ssh</artifactId>
+ <version>${turbine.wagon-ssh.version}</version>
+ </dependency>
+ </dependencies>
<executions>
<execution>
<id>attach-descriptor</id>
@@ -515,48 +537,48 @@
<id>cobertura</id>
<reporting>
<plugins>
- <!-- [WARN] JavaNCSS got an error while parsing the java file containing an ERROR ParseException, which is caused by Java8 syntax - reports are still generated - and it's already a registered issue: https://github.com/cobertura/cobertura/issues/176 -->
- <plugin>
- <groupId>org.codehaus.mojo</groupId>
- <artifactId>cobertura-maven-plugin</artifactId>
- <version>2.7</version>
- <!--reportSets>
- <reportSet>
- <reports>
- <report>cobertura</report>
- </reports>
- </reportSet>
- </reportSets-->
- </plugin>
+ <!-- [WARN] JavaNCSS got an error while parsing the java file containing
+ an ERROR ParseException, which is caused by Java8 syntax - reports are still
+ generated - and it's already a registered issue: https://github.com/cobertura/cobertura/issues/176 -->
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>cobertura-maven-plugin</artifactId>
+ <version>2.7</version>
+ <!--reportSets> <reportSet> <reports> <report>cobertura</report>
+ </reports> </reportSet> </reportSets -->
+ </plugin>
</plugins>
</reporting>
<properties>
- <cobertura.skip>false</cobertura.skip>
+ <cobertura.skip>false</cobertura.skip>
</properties>
</profile>
- <!-- ignore doclint errors (should be warnings) for site generation, if using java 8 or above -->
+ <!-- ignore doclint errors (should be warnings) for site generation,
+ if using java 8 or above -->
<!-- Use java 8 compatible version of FindBugs -->
<profile>
- <id>java8</id>
- <activation>
- <jdk>8</jdk>
- </activation>
- <properties>
- <doclint>none</doclint><!-- since javadoc v.3 this is required instead of -Xdoclint:none -->
- </properties>
+ <id>java8</id>
+ <activation>
+ <jdk>8</jdk>
+ </activation>
+ <properties>
+ <doclint>none</doclint><!-- since javadoc v.3 this is required instead
+ of -Xdoclint:none -->
+ </properties>
</profile>
- <profile>
- <id>java12</id>
- <activation>
- <jdk>[12,)</jdk>
- </activation>
- <properties>
- <java.version>12</java.version>
- <!-- maven.compiler.* is now different from compilerVersion, which requires to fork -->
- <turbine.compiler.fork>true</turbine.compiler.fork>
- <turbine.compiler.compilerVersion>1.12</turbine.compiler.compilerVersion>
- <maven.compiler.release>8</maven.compiler.release>
- </properties>
+ <profile>
+ <id>java12</id>
+ <activation>
+ <jdk>[12,)</jdk>
+ </activation>
+ <properties>
+ <java.version>12</java.version>
+ <!-- maven.compiler.* is now different from compilerVersion, which
+ requires to fork -->
+ <turbine.compiler.fork>true</turbine.compiler.fork>
+ <turbine.compiler.compilerVersion>1.12</turbine.compiler.compilerVersion>
+ <maven.compiler.release>8</maven.compiler.release>
+ </properties>
</profile>
</profiles>
@@ -575,28 +597,28 @@
<turbine.surefire.java>${JAVA_HOME}/bin/java</turbine.surefire.java>
<!-- Plugin versions (allows same value in reporting and build sections) -->
- <turbine.compiler.version>3.8.1</turbine.compiler.version>
- <turbine.surefire.version>3.0.0-M3</turbine.surefire.version>
- <turbine.surefire-report.version>3.0.0-M3</turbine.surefire-report.version>
+ <turbine.compiler.version>3.8.1</turbine.compiler.version>
+ <turbine.surefire.version>3.0.0-M4</turbine.surefire.version>
+ <turbine.surefire-report.version>3.0.0-M4</turbine.surefire-report.version>
<turbine.javadoc.version>3.2.0</turbine.javadoc.version>
<turbine.rat.version>0.13</turbine.rat.version>
- <turbine.changes.version>2.12.1</turbine.changes.version>
+ <turbine.changes.version>2.12.1</turbine.changes.version>
<turbine.jxr.version>3.0.0</turbine.jxr.version>
<turbine.project-info.version>3.0.0</turbine.project-info.version>
<turbine.wagon-ssh.version>3.3.2</turbine.wagon-ssh.version>
<turbine.site.version>3.8.2</turbine.site.version>
<turbine.findbugs.version>3.0.5</turbine.findbugs.version>
<turbine.jacoco.version>0.8.5</turbine.jacoco.version>
+ <turbine.dependency.check.version>5.3.2</turbine.dependency.check.version>
<!-- may replace local settings -->
<turbine.log4j2.version>2.13.3</turbine.log4j2.version>
<jacoco.skip>false</jacoco.skip>
<cobertura.skip>true</cobertura.skip>
+ <dependency.check.skip>true</dependency.check.skip>
- <!--
- Encoding of Java source files: Make sure, that the compiler and
- the javadoc generator use the right encoding. Subprojects may
- overwrite this, if they are using another encoding.
- -->
+ <!-- Encoding of Java source files: Make sure, that the compiler and
+ the javadoc generator use the right encoding. Subprojects may overwrite this,
+ if they are using another encoding. -->
<turbine.encoding>UTF-8</turbine.encoding>
<turbine.docEncoding>${turbine.encoding}</turbine.docEncoding>
<turbine.resourceEncoding>${turbine.encoding}</turbine.resourceEncoding>
@@ -605,9 +627,10 @@
<project.build.sourceEncoding>${turbine.encoding}</project.build.sourceEncoding>
<project.reporting.outputEncoding>${turbine.encoding}</project.reporting.outputEncoding>
- <!-- Javadoc link to Java API. Default is Java 1.8; components can override to other versions -->
+ <!-- Javadoc link to Java API. Default is Java 1.8; components can override
+ to other versions -->
<turbine.javadoc.java.link>https://docs.oracle.com/javase/8/docs/api/</turbine.javadoc.java.link>
- <!-- servlet 3.1, websocket, JSR-342 -->
+ <!-- servlet 3.1, websocket, JSR-342 -->
<turbine.javadoc.javaee.link>https://docs.oracle.com/javaee/7/api/</turbine.javadoc.javaee.link>
<!-- build meta inf -->