Move version range check to check-buildplan

Author: slawekjaranowski

…version-range-no-fail/invoker.properties …an-version-range-fail/invoker.propertiessrc/it/compare-version-range-no-fail/invoker.properties renamed to src/it/check-buildplan-version-range-fail/invoker.properties src/it/compare-version-range-no-fail/invoker.properties renamed to src/it/check-buildplan-version-range-fail/invoker.properties

@@ -15,8 +15,5 @@
 # specific language governing permissions and limitations
 # under the License.
 
-# initial reference build: install
-invoker.goals.1=clean install
-# second build: verify (could be package, but not install to avoid overriding reference)
-invoker.goals.2=clean verify artifact:compare
-
+invoker.goals=artifact:check-buildplan
+invoker.buildResult=failure

src/it/compare-version-range-fail/pom.xml …eck-buildplan-version-range-fail/pom.xmlsrc/it/compare-version-range-fail/pom.xml renamed to src/it/check-buildplan-version-range-fail/pom.xml src/it/compare-version-range-fail/pom.xml renamed to src/it/check-buildplan-version-range-fail/pom.xml

@@ -29,6 +29,7 @@
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    <project.build.outputTimestamp>0</project.build.outputTimestamp>
   </properties>
 
   <dependencies>

…pare-version-range-no-fail/verify.groovy …ildplan-version-range-fail/verify.groovysrc/it/compare-version-range-no-fail/verify.groovy renamed to src/it/check-buildplan-version-range-fail/verify.groovy src/it/compare-version-range-no-fail/verify.groovy renamed to src/it/check-buildplan-version-range-fail/verify.groovy

@@ -20,6 +20,7 @@
 
 def buildLog = new File(basedir, 'build.log').text
 
-assert buildLog =~ /(?m)^\[WARNING] Dependency io\.cucumber:messages:jar:.+ \(compile\) via io\.cucumber:gherkin:jar:.+ is referenced with a range version \[32\.0\.0,33\.0\.0\)\s*$/
-assert buildLog =~ /(?m)^\[WARNING] Dependency commons-io:commons-io:jar:.+ \(compile\) is referenced with a range version \[2.20.0,\)\s*$/
-assert buildLog =~ /(?m)^\[WARNING] Dependency commons-collections:commons-collections:jar:LATEST \(compile\) is referenced with a range version LATEST\s*$/
+assert buildLog.contains('[ERROR] Version with range found in dependencies, project can be non-reproducible')
+assert buildLog.contains(' - Dependency io.cucumber:messages:jar:32.2.0 (compile) via io.cucumber:gherkin:jar:38.0.0 is referenced with a range version [32.0.0,33.0.0)')
+assert buildLog.contains(' - Dependency commons-io:commons-io:jar:2.21.0 (compile) is referenced with a range version [2.20.0,)')
+assert buildLog.contains(' - Dependency commons-collections:commons-collections:jar:LATEST (compile) is referenced with a range version LATEST')

…re-version-range-fail/invoker.properties …version-range-no-fail/invoker.propertiessrc/it/compare-version-range-fail/invoker.properties renamed to src/it/check-buildplan-version-range-no-fail/invoker.properties src/it/compare-version-range-fail/invoker.properties renamed to src/it/check-buildplan-version-range-no-fail/invoker.properties

@@ -15,9 +15,4 @@
 # specific language governing permissions and limitations
 # under the License.
 
-# initial reference build: install
-invoker.goals.1=clean install
-# second build: verify (could be package, but not install to avoid overriding reference)
-invoker.goals.2=clean verify artifact:compare
-invoker.buildResult.2=failure
-
+invoker.goals=artifact:check-buildplan

…it/compare-version-range-no-fail/pom.xml …-buildplan-version-range-no-fail/pom.xmlsrc/it/compare-version-range-no-fail/pom.xml renamed to src/it/check-buildplan-version-range-no-fail/pom.xml src/it/compare-version-range-no-fail/pom.xml renamed to src/it/check-buildplan-version-range-no-fail/pom.xml

@@ -63,7 +63,7 @@
           <artifactId>@project.artifactId@</artifactId>
           <version>@project.version@</version>
           <configuration>
-            <failVersionRange>false</failVersionRange>
+            <failOnNonReproducible>false</failOnNonReproducible>
           </configuration>
         </plugin>
       </plugins>

…compare-version-range-fail/verify.groovy …plan-version-range-no-fail/verify.groovysrc/it/compare-version-range-fail/verify.groovy renamed to src/it/check-buildplan-version-range-no-fail/verify.groovy src/it/compare-version-range-fail/verify.groovy renamed to src/it/check-buildplan-version-range-no-fail/verify.groovy

@@ -20,6 +20,7 @@
 
 def buildLog = new File(basedir, 'build.log').text
 
-assert buildLog =~ /(?m)^\[ERROR] Dependency io\.cucumber:messages:jar:.+ \(compile\) via io\.cucumber:gherkin:jar:.+ is referenced with a range version \[32\.0\.0,33\.0\.0\)\s*$/
-assert buildLog =~ /(?m)^\[ERROR] Dependency commons-io:commons-io:jar:.+ \(compile\) is referenced with a range version \[2.20.0,\)\s*$/
-assert buildLog =~ /(?m)^\[ERROR] Dependency commons-collections:commons-collections:jar:LATEST \(compile\) is referenced with a range version LATEST\s*$/
+assert buildLog.contains('[WARNING] Version with range found in dependencies, project can be non-reproducible')
+assert buildLog.contains(' - Dependency io.cucumber:messages:jar:32.2.0 (compile) via io.cucumber:gherkin:jar:38.0.0 is referenced with a range version [32.0.0,33.0.0)')
+assert buildLog.contains(' - Dependency commons-io:commons-io:jar:2.21.0 (compile) is referenced with a range version [2.20.0,)')
+assert buildLog.contains(' - Dependency commons-collections:commons-collections:jar:LATEST (compile) is referenced with a range version LATEST')

src/it/compare-version-range-no-fail-depMan/invoker.properties

@@ -15,8 +15,5 @@
 # specific language governing permissions and limitations
 # under the License.
 
-# initial reference build: install
-invoker.goals.1=clean install
-# second build: verify (could be package, but not install to avoid overriding reference)
-invoker.goals.2=clean verify artifact:compare
+invoker.goals=artifact:check-buildplan
 

src/main/java/org/apache/maven/plugins/artifact/buildinfo/CheckBuildPlanMojo.java

@@ -28,6 +28,7 @@
 import java.util.Map;
 import java.util.Properties;
 import java.util.Set;
+import java.util.stream.Collectors;
 
 import org.apache.maven.execution.MavenSession;
 import org.apache.maven.lifecycle.LifecycleExecutor;
@@ -39,6 +40,7 @@
 import org.apache.maven.plugins.annotations.Mojo;
 import org.apache.maven.plugins.annotations.Parameter;
 import org.apache.maven.project.MavenProject;
+import org.eclipse.aether.graph.DependencyNode;
 import org.eclipse.aether.util.version.GenericVersionScheme;
 import org.eclipse.aether.version.InvalidVersionSpecificationException;
 import org.eclipse.aether.version.Version;
@@ -91,11 +93,15 @@ public class CheckBuildPlanMojo extends AbstractMojo {
 
     private final VersionScheme versionScheme = new GenericVersionScheme();
 
+    private final RangesUtil rangesUtil;
+
     @Inject
-    public CheckBuildPlanMojo(MavenProject project, MavenSession session, LifecycleExecutor lifecycleExecutor) {
+    public CheckBuildPlanMojo(
+            MavenProject project, MavenSession session, LifecycleExecutor lifecycleExecutor, RangesUtil rangesUtil) {
         this.project = project;
         this.session = session;
         this.lifecycleExecutor = lifecycleExecutor;
+        this.rangesUtil = rangesUtil;
     }
 
     protected MavenExecutionPlan calculateExecutionPlan() throws MojoExecutionException {
@@ -164,6 +170,8 @@ public void execute() throws MojoExecutionException {
             getLog().info("No known issue in " + okCount + " plugins");
         }
 
+        fail = checkVersionRangeInDependencies();
+
         if (fail) {
             getLog().info("current module pom.xml is " + project.getBasedir() + "/pom.xml");
             MavenProject parent = project;
@@ -183,6 +191,23 @@ public void execute() throws MojoExecutionException {
         }
     }
 
+    private boolean checkVersionRangeInDependencies() throws MojoExecutionException {
+        Map<DependencyNode, String> versionRangeDependencies =
+                rangesUtil.findVersionRangeDependencies(session, project);
+        if (!versionRangeDependencies.isEmpty()) {
+            String message = "Version with range found in dependencies, project can be non-reproducible"
+                    + versionRangeDependencies.values().stream()
+                            .collect(Collectors.joining(
+                                    System.lineSeparator() + " - ", System.lineSeparator() + " - ", ""));
+            if (failOnNonReproducible) {
+                getLog().error(message);
+            } else {
+                getLog().warn(message);
+            }
+        }
+        return !versionRangeDependencies.isEmpty();
+    }
+
     private Properties loadIssues() throws MojoExecutionException {
         try (InputStream in = (pluginIssues == null)
                 ? getClass().getResourceAsStream("not-reproducible-plugins.properties")

src/main/java/org/apache/maven/plugins/artifact/buildinfo/CompareMojo.java

@@ -32,13 +32,9 @@
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
-import java.util.Objects;
 import java.util.Properties;
-import java.util.stream.Collectors;
 
-import org.apache.maven.RepositoryUtils;
 import org.apache.maven.execution.MavenSession;
-import org.apache.maven.model.DependencyManagement;
 import org.apache.maven.plugin.MojoExecutionException;
 import org.apache.maven.plugins.annotations.Mojo;
 import org.apache.maven.plugins.annotations.Parameter;
@@ -49,17 +45,9 @@
 import org.eclipse.aether.RepositorySystem;
 import org.eclipse.aether.RepositorySystemSession;
 import org.eclipse.aether.artifact.Artifact;
-import org.eclipse.aether.artifact.ArtifactTypeRegistry;
-import org.eclipse.aether.collection.CollectRequest;
-import org.eclipse.aether.collection.DependencyCollectionException;
-import org.eclipse.aether.graph.Dependency;
-import org.eclipse.aether.graph.DependencyNode;
 import org.eclipse.aether.repository.RemoteRepository;
 import org.eclipse.aether.util.artifact.ArtifactIdUtils;
-import org.eclipse.aether.util.graph.visitor.PathRecordingDependencyVisitor;
-import org.eclipse.aether.version.VersionConstraint;
 
-import static java.util.Optional.ofNullable;
 import static org.apache.maven.plugins.artifact.buildinfo.BuildInfoWriter.getArtifactFilename;
 
 /**
@@ -110,14 +98,6 @@ public class CompareMojo extends AbstractBuildinfoMojo {
     @Parameter(property = "compare.fail", defaultValue = "true")
     private boolean fail;
 
-    /**
-     * Fail the build if dependencies with version range are found in project or transitive dependencies.
-     *
-     * @since 3.6.2
-     */
-    @Parameter(property = "compare.failVersionRange", defaultValue = "true")
-    private boolean failVersionRange;
-
     /**
      * The entry point to Maven Artifact Resolver, i.e. the component doing all the work.
      */
@@ -137,8 +117,6 @@ public CompareMojo(
     @Override
     public void execute(Map<Artifact, String> artifacts) throws MojoExecutionException {
         getLog().info("Checking against reference build from " + referenceRepo + "...");
-
-        checkVersionRangeInDependencies();
         checkAgainstReference(artifacts, session.getProjects().size() == 1);
     }
 
@@ -148,8 +126,6 @@ protected void skip(MavenProject last) throws MojoExecutionException {
             return;
         }
 
-        checkVersionRangeInDependencies();
-
         // try to download reference artifacts for current project and check if there are issues to give early feedback
         checkAgainstReference(generateBuildinfo(true), true);
     }
@@ -393,87 +369,4 @@ private RemoteRepository createDeploymentArtifactRepository(String id, String ur
                 repoSystem.newResolutionRepositories(repoSession, Collections.singletonList(repository));
         return repositories.isEmpty() ? repository : repositories.get(0);
     }
-
-    private void checkVersionRangeInDependencies() throws MojoExecutionException {
-        DependencyNode rootNode = collectDependencies();
-        List<String> versionRangeDependencies = collectVersionRangeDependencies(rootNode);
-        if (!versionRangeDependencies.isEmpty()) {
-            if (failVersionRange) {
-                versionRangeDependencies.forEach(getLog()::error);
-                throw new MojoExecutionException("Version range dependencies found: " + versionRangeDependencies.size()
-                        + ". Please fix them to have a fixed version for better reproducibility");
-            } else {
-                versionRangeDependencies.forEach(getLog()::warn);
-            }
-        }
-    }
-
-    private DependencyNode collectDependencies() throws MojoExecutionException {
-        ArtifactTypeRegistry artifactTypeRegistry =
-                session.getRepositorySession().getArtifactTypeRegistry();
-
-        List<Dependency> dependencies = project.getDependencies().stream()
-                .map(d -> RepositoryUtils.toDependency(d, artifactTypeRegistry))
-                .collect(Collectors.toList());
-
-        List<Dependency> managedDependencies = ofNullable(project.getDependencyManagement())
-                .map(DependencyManagement::getDependencies)
-                .map(list -> list.stream()
-                        .map(d -> RepositoryUtils.toDependency(d, artifactTypeRegistry))
-                        .collect(Collectors.toList()))
-                .orElse(null);
-
-        CollectRequest collectRequest =
-                new CollectRequest(dependencies, managedDependencies, project.getRemoteProjectRepositories());
-        collectRequest.setRootArtifact(RepositoryUtils.toArtifact(project.getArtifact()));
-
-        try {
-            return repoSystem.collectDependencies(repoSession, collectRequest).getRoot();
-        } catch (DependencyCollectionException e) {
-            throw new MojoExecutionException("Cannot build dependency tree: " + e.getMessage(), e);
-        }
-    }
-
-    private List<String> collectVersionRangeDependencies(DependencyNode rootNode) {
-        List<String> result = new ArrayList<>();
-
-        rootNode.accept(new PathRecordingDependencyVisitor((node, parents) -> {
-            VersionConstraint versionConstraint = node.getVersionConstraint();
-            if (isVersionRange(versionConstraint)) {
-                String path = "";
-                if (parents.size() > 1) {
-                    path = " via "
-                            + parents.stream()
-                                    .limit(parents.size() - 1)
-                                    .map(n -> n.getDependency().getArtifact().toString())
-                                    .collect(Collectors.joining(" --> "));
-                }
-                result.add("Dependency " + node.getDependency() + path + " is referenced with a range version "
-                        + versionConstraint);
-            }
-
-            // track all dependencies
-            return false;
-        }));
-
-        return result;
-    }
-
-    private boolean isVersionRange(VersionConstraint versionConstraint) {
-        if (versionConstraint == null) {
-            return false;
-        }
-
-        if (versionConstraint.getVersion() != null) {
-            String version = versionConstraint.getVersion().toString();
-            return version.equals("LATEST") || version.equals("RELEASE");
-        }
-
-        if (versionConstraint.getRange() != null) {
-            return !Objects.equals(
-                    versionConstraint.getRange().getLowerBound(),
-                    versionConstraint.getRange().getUpperBound());
-        }
-        return false;
-    }
 }