sbernard31 commented on issue #1703: URL: https://github.com/apache/maven-resolver/issues/1703#issuecomment-3636577864
Thx a lot for your answers 🙏. I understand that with version I tried this is normal that `org.apache` are consider as "this and only this". All makes sense now --------------------------- I tried with heimdall (0.1.3) but strangly If I had : ``` ... org.apache org.apache.maven.plugin ... ``` Then I get this error : ``` [ERROR] Plugin org.apache.maven.plugins:maven-compiler-plugin:3.13.0 or one of its dependencies could not be resolved: [ERROR] The following artifacts could not be resolved: org.apache.maven:maven-parent:pom:41 (present, but unavailable): G:org.apache.maven NOT allowed from central (https://repo.maven.apache.org/maven2, default, releases) ``` But if I only put : ``` ... org.apache ... ``` It works. Is it expected ? ------------------------------------------------------- When I have all my artefacts (dependencies and plugins) already downloaded locally. If add a rule which doesn't allow to download an artefact at all (forbidden on all repo for testing purpose) then I face several behaviour. (Not sure) but for plugins it seems that I get an error (like just above) (event if the artefact is already there) and for code dependencies, if artefact is locally present : no error, no warning. Is it expected ? --------------------------------------------------------- > And one final note: I understand this is still "just experimenting" with RRF, but in general, filtering Central is not something you want. The intent is better explained in demo: https://github.com/cstamas/rrf-demo Maybe I try to describe what I want to do and you tell me if I'm on the wrong direction. So my goal is to have a full control of "where is download what" without usage of tools like nexus. I want that everything is downloaded on maven central. Except some third party (private) library under given groupId. So my first idea was to just add groupId.thirdpartyrepo rules. But I see that if there is no maven central rules then it is allowed to used it (even for that thirdparty lib) So I try to add a rules file for central with something that allow everything except thirdpartylib. But I see [this is not doable for now](https://github.com/apache/maven-resolver/issues/1668). (By the way [will it be available in heimdall ?](https://github.com/apache/maven-resolver/issues/1668#issuecomment-3633525045)) So I tried to create a kind of minimal maven central file with very few line putting only some well known groupid (org.apache, org.junit ... ) + the disallow rules for my thirdpartylib and that's how I came to ask you all of that question... (I know I can record but I wanted to have a most simple as possible rules file) Digging into that, I also discover that a dependency can discretely add a new repository and so maven will also search in that repository for artefacts and as default rules when no filtering file for a given repo is ALLOW every thing. I feel there is something wrong here. 🤔 Did I miss something ? or Do I try to to use Remote Repository Filtering for something it is not made for ? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
