While you are at it, could you change the warnings to show just before the final status of the build? Some projects at least in VERBOSE have so many warnings that it makes it much harder to know the project built successfully.
ATM it's something like this. ...Status successful build... Now a bunch of warnings I think for clarity that just needs to be flipped to. ...bunch of warnings... Status of the build -----Original Message----- From: Tamás Cservenák <ta...@cservenak.net> Sent: Friday, May 19, 2023 5:35 AM To: Maven Developers List <dev@maven.apache.org> Subject: Re: maven 3.9.x warnings Howdy, So, have a small local change, probably to go with 3.9.3. changes: - message modified, it is now clear that it is "plugin descriptor" that contains unwanted artifacts - added new check that "checks reality", the plugin resolved dependencies So, now messages on JDBI project look like this (two examples): [WARNING] * org.asciidoctor:asciidoctor-maven-plugin:2.2.3 [WARNING] Declared at location(s): [WARNING] * org.jdbi:jdbi3-docs:3.38.3-SNAPSHOT (docs/pom.xml) @ line 270 [WARNING] Used in module(s): [WARNING] * org.jdbi:jdbi3-docs:3.38.3-SNAPSHOT (docs/pom.xml) [WARNING] Plugin issue(s): [WARNING] * Plugin should declare these Maven artifacts in `provided` scope: [org.apache.maven:maven-core:3.0.5, org.apache.maven:maven-plugin-api:3.0.5] [WARNING] * Plugin descriptor should not contain these Maven artifacts: [org.apache.maven:maven-model-builder:3.0.5, org.apache.maven:maven-core:3.0.5, org.apache.maven:maven-plugin-api:3.0.5, org.apache.maven:maven-model:3.0.5, org.apache.maven:maven-settings:3.0.5, org.apache.maven:maven-artifact:3.0.5, org.apache.maven:maven-repository-metadata:3.0.5, org.apache.maven:maven-aether-provider:3.0.5, org.apache.maven:maven-settings-builder:3.0.5] [WARNING] * Plugin depends on plexus-container-default, which is EOL [WARNING] [WARNING] * org.basepom.maven:inline-maven-plugin:1.0.1 [WARNING] Declared at location(s): [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @ line 145 [WARNING] Used in module(s): [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) [WARNING] Plugin issue(s): [WARNING] * Plugin descriptor should not contain these Maven artifacts: [org.apache.maven:maven-artifact:3.8.4, org.apache.maven:maven-settings-builder:3.8.4, org.apache.maven:maven-repository-metadata:3.8.4, org.apache.maven:maven-builder-support:3.8.4, org.apache.maven:maven-core:3.8.4, org.apache.maven:maven-resolver-provider:3.8.4, org.apache.maven:maven-settings:3.8.4, org.apache.maven:maven-plugin-api:3.8.4, org.apache.maven:maven-model-builder:3.8.4, org.apache.maven:maven-model:3.8.4] Problems of asciidoctor-maven-plugin:2.2.3: 1. does not declare scopes properly: https://github.com/asciidoctor/asciidoctor-maven-plugin/blob/asciidoctor-maven-plugin-2.2.3/pom.xml#L108-L117 2. plugin descriptor (META-INF/maven/plugin.xml) really contains all the listed artifacts, reason is problem in bullet 1: they are not in provided, hence in descriptor full transitive hull is present Problems of inline-maven-plugin:1.0.1 1. descriptor contains WAY TOO MANY artifacts (due MPLUGIN-382) Thanks T On Fri, May 19, 2023 at 10:22 AM Tamás Cservenák <ta...@cservenak.net> wrote: > Henning, your do have open option to go: > > in inline-maven-project upgrade (buggy) maven-plugin-plugin 3.6.2 > (suffers from > https://issues.apache.org/jira/browse/MPLUGIN-382) to a more recent one. > > OTOH, this issue revealed a validation issue: > - it relies on pluginDescriptor/dependencies to perform validation > (that contains wrong entries due MPLUGIN-382) > - we may want to validate the "reality" (plugin POM directly, instead > of derived plugin descriptor that is built out of plugin POM at build > time by maven-plugin-plugin, that may have bug as in this case) > > So, in this case we have an interesting situation: > - your inline project POM is good > - what is not good is bug in used m-plugin-p 3.6.2 (produces wrong > plugin > descriptor) > - Maven 3.9.2 detects this (well, unwanted artifacts in there) and > reports "plugin as wrong" > > Your option is to upgrade m-plugin-p to (possibly latest) version and > release. > > Our option for the next Maven is probably to reconsider the data set > we validate from. > > Thanks > T > > > > On Fri, May 19, 2023 at 7:28 AM Henning Schmiedehausen < > henn...@schmiedehausen.org> wrote: > >> From maven 3.9.2: >> >> [WARNING] * org.basepom.maven:inline-maven-plugin:1.0.1 >> [WARNING] Declared at location(s): >> [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) @ line >> 145 >> [WARNING] Used in module(s): >> [WARNING] * org.jdbi:jdbi3-core:3.38.3-SNAPSHOT (core/pom.xml) >> [WARNING] Plugin issue(s): >> [WARNING] * Plugin should declare these Maven artifacts in `*provided*` >> scope: [ >> org.apache.maven:maven-artifact:3.8.4, >> org.apache.maven:maven-settings-builder:3.8.4, >> org.apache.maven:maven-repository-metadata:3.8.4, >> org.apache.maven:maven-builder-support:3.8.4, >> org.apache.maven:maven-core:3.8.4, >> org.apache.maven:maven-resolver-provider:3.8.4, >> org.apache.maven:maven-settings:3.8.4, >> org.apache.maven:maven-plugin-api:3.8.4, >> org.apache.maven:maven-model-builder:3.8.4, >> org.apache.maven:maven-model:3.8.4] >> >> >> From the plugin project itself, on the 1.0.1 tag: >> >> ❯ mvn dependency:list -pl :inline-maven-plugin | grep provided | sort >> [...] >> [INFO] org.apache.maven:maven-artifact:jar:3.8.4:*provided* -- module >> maven.artifact (auto) >> [INFO] org.apache.maven:maven-builder-support:jar:3.8.4:*provided* -- >> module maven.builder.support (auto) >> [INFO] org.apache.maven:maven-core:jar:3.8.4:*provided* -- module >> maven.core (auto) >> [INFO] org.apache.maven:maven-model-builder:jar:3.8.4:*provided* -- >> module maven.model.builder (auto) >> [INFO] org.apache.maven:maven-model:jar:3.8.4:*provided* -- module >> maven.model (auto) >> [INFO] org.apache.maven:maven-plugin-api:jar:3.8.4:*provided* -- module >> maven.plugin.api (auto) >> [INFO] org.apache.maven:maven-repository-metadata:jar:3.8.4:*provided* >> -- module maven.repository.metadata (auto) >> [INFO] org.apache.maven:maven-resolver-provider:jar:3.8.4:*provided* -- >> module maven.resolver.provider (auto) >> [INFO] org.apache.maven:maven-settings-builder:jar:3.8.4:*provided* -- >> module maven.settings.builder (auto) >> [INFO] org.apache.maven:maven-settings:jar:3.8.4:*provided* -- module >> maven.settings (auto) >> [...] >> >> Sorry, folks, I got nothing. >> >> Maven 3.9.2 complains that the inline plugin needs to declare >> <dependencies> in *provided* scope. A build user might report that to >> their build engineer or report it to the plugin author. >> >> As the plugin author, my plugin in the version 1.0.1 *DOES* declare >> every single dependency that maven warns about in *provided* scope. >> >> There is literally *nothing* that I can do. Neither as build user, >> nor as build engineer, nor as plugin author. >> >> I don't get it. What *is* the point? Really interested to learn *why* >> the maven team has chosen to go down this path. >> >> -h >> >
