diff --git a/pomchecker-cli/src/main/java/org/kordamp/maven/checker/cli/AbstractCommand.java b/pomchecker-cli/src/main/java/org/kordamp/maven/checker/cli/AbstractCommand.java index 1af1b26b..539a2593 100644 --- a/pomchecker-cli/src/main/java/org/kordamp/maven/checker/cli/AbstractCommand.java +++ b/pomchecker-cli/src/main/java/org/kordamp/maven/checker/cli/AbstractCommand.java @@ -25,6 +25,8 @@ import java.io.File; import java.nio.file.Path; import java.nio.file.Paths; +import java.util.LinkedHashSet; +import java.util.Set; import java.util.concurrent.Callable; /** @@ -72,6 +74,11 @@ void setPomFile(Path pomFile) { this.pomFile = pomFileWithDefault; } + @CommandLine.Option(names = {"--repository"}, + paramLabel = "", + description = "Absolute path to a local Maven repository") + String[] repositories; + protected C parent() { return parent; } @@ -113,4 +120,14 @@ public Integer call() { } protected abstract void execute(); + + protected Set collectRepositories() { + Set set = new LinkedHashSet<>(); + if (null != repositories) { + for (String repository : repositories) { + set.add(Paths.get(repository.trim())); + } + } + return set; + } } diff --git a/pomchecker-cli/src/main/java/org/kordamp/maven/checker/cli/CheckBom.java b/pomchecker-cli/src/main/java/org/kordamp/maven/checker/cli/CheckBom.java index 14fed118..1c33ea29 100644 --- a/pomchecker-cli/src/main/java/org/kordamp/maven/checker/cli/CheckBom.java +++ b/pomchecker-cli/src/main/java/org/kordamp/maven/checker/cli/CheckBom.java @@ -40,7 +40,7 @@ public class CheckBom extends AbstractCommand
{ protected void execute() { try { logger.info("BOM checks: {}", pomFile.toAbsolutePath().toString()); - MavenProject project = PomParser.createMavenProject(pomFile.toFile()); + MavenProject project = PomParser.createMavenProject(pomFile.toFile(), collectRepositories()); BomChecker.check(logger, project, new BomChecker.Configuration() .withFailOnError(failOnError)); } catch (PomCheckException e) { diff --git a/pomchecker-cli/src/main/java/org/kordamp/maven/checker/cli/CheckMavenCentral.java b/pomchecker-cli/src/main/java/org/kordamp/maven/checker/cli/CheckMavenCentral.java index d4e77a69..e0199c52 100644 --- a/pomchecker-cli/src/main/java/org/kordamp/maven/checker/cli/CheckMavenCentral.java +++ b/pomchecker-cli/src/main/java/org/kordamp/maven/checker/cli/CheckMavenCentral.java @@ -58,7 +58,7 @@ public class CheckMavenCentral extends AbstractCommand
{ protected void execute() { try { logger.info("Maven Central checks: {}", pomFile.toAbsolutePath().toString()); - MavenProject project = PomParser.createMavenProject(pomFile.toFile()); + MavenProject project = PomParser.createMavenProject(pomFile.toFile(), collectRepositories()); MavenCentralChecker.check(logger, project, new MavenCentralChecker.Configuration() .withRelease(release) .withStrict(strict) diff --git a/pomchecker-cli/src/main/java/org/kordamp/maven/checker/cli/internal/PomParser.java b/pomchecker-cli/src/main/java/org/kordamp/maven/checker/cli/internal/PomParser.java index 848994d1..23d978e5 100644 --- a/pomchecker-cli/src/main/java/org/kordamp/maven/checker/cli/internal/PomParser.java +++ b/pomchecker-cli/src/main/java/org/kordamp/maven/checker/cli/internal/PomParser.java @@ -22,6 +22,8 @@ import eu.maveniverse.maven.mima.context.Context; import eu.maveniverse.maven.mima.context.ContextOverrides; import eu.maveniverse.maven.mima.context.Runtimes; +import org.apache.maven.artifact.repository.ArtifactRepository; +import org.apache.maven.artifact.repository.ArtifactRepositoryPolicy; import org.apache.maven.artifact.repository.MavenArtifactRepository; import org.apache.maven.artifact.repository.layout.DefaultRepositoryLayout; import org.apache.maven.execution.DefaultMavenExecutionRequest; @@ -39,11 +41,13 @@ import org.codehaus.plexus.PlexusContainerException; import org.codehaus.plexus.classworlds.ClassWorld; import org.codehaus.plexus.component.repository.exception.ComponentLookupException; -import org.eclipse.aether.repository.RemoteRepository; import java.io.File; +import java.nio.file.Path; +import java.util.List; import java.util.Locale; import java.util.Properties; +import java.util.Set; import java.util.stream.Collectors; /** @@ -54,39 +58,47 @@ public class PomParser { private static final CharMatcher LOWER_ALPHA_NUMERIC = CharMatcher.inRange('a', 'z').or(CharMatcher.inRange('0', '9')); - public static MavenProject createMavenProject(File pomFile) { + public static MavenProject createMavenProject(File pomFile, Set repositories) { // HACK: MIMA provides sisu runtime, but we need Maven components as well, // that are Plexus still. Hence, we "wrap" and boot Plexus around MIMA, and this // awakens MIMA eager singleton activator. ClassWorld classWorld = - new ClassWorld("plexus.core", Thread.currentThread().getContextClassLoader()); + new ClassWorld("plexus.core", Thread.currentThread().getContextClassLoader()); ContainerConfiguration containerConfiguration = - new DefaultContainerConfiguration() - .setClassWorld(classWorld) - .setRealm(classWorld.getClassRealm("plexus.core")) - .setClassPathScanning(PlexusConstants.SCANNING_INDEX) - .setAutoWiring(true) - .setJSR250Lifecycle(true) - .setName("pom-reader"); + new DefaultContainerConfiguration() + .setClassWorld(classWorld) + .setRealm(classWorld.getClassRealm("plexus.core")) + .setClassPathScanning(PlexusConstants.SCANNING_INDEX) + .setAutoWiring(true) + .setJSR250Lifecycle(true) + .setName("pom-reader"); try { PlexusContainer container = new DefaultPlexusContainer(containerConfiguration); try (Context context = Runtimes.INSTANCE.getRuntime().create(ContextOverrides.create().withUserSettings(true).build())) { - return createMavenProject(pomFile, context, container); + return createMavenProject(pomFile, context, container, repositories); } } catch (PlexusContainerException ex) { throw new IllegalStateException(ex); } } - private static MavenProject createMavenProject(File pomFile, Context context, PlexusContainer plexusContainer) { + private static MavenProject createMavenProject(File pomFile, Context context, PlexusContainer plexusContainer, Set repositories) { try { MavenExecutionRequest mavenExecutionRequest = new DefaultMavenExecutionRequest(); ProjectBuildingRequest projectBuildingRequest = mavenExecutionRequest.getProjectBuildingRequest(); projectBuildingRequest.setRepositorySession(context.repositorySystemSession()); - projectBuildingRequest.setRemoteRepositories(context.remoteRepositories() - .stream().map(PomParser::toArtifactRepository).collect(Collectors.toList())); + + List remoteRepositories = context.remoteRepositories() + .stream().map(r -> toArtifactRepository(r.getId(), r.getUrl())).collect(Collectors.toList()); + + int i = 0; + for (Path repository : repositories) { + remoteRepositories.add(toArtifactRepository("pomchecker_repository_" + (i++), repository.toUri().toString())); + } + + projectBuildingRequest.setRemoteRepositories(remoteRepositories); // Profile activation needs properties such as JDK version Properties properties = new Properties(); // allowing duplicate entries properties.putAll(projectBuildingRequest.getSystemProperties()); @@ -142,11 +154,14 @@ private static String osDetectedArch() { } } - private static MavenArtifactRepository toArtifactRepository(RemoteRepository remoteRepository) { - MavenArtifactRepository mavenArtifactRepository = new MavenArtifactRepository(); - mavenArtifactRepository.setId(remoteRepository.getId()); - mavenArtifactRepository.setUrl(remoteRepository.getUrl()); - mavenArtifactRepository.setLayout(new DefaultRepositoryLayout()); - return mavenArtifactRepository; + private static MavenArtifactRepository toArtifactRepository(String id, String url) { + MavenArtifactRepository repository = new MavenArtifactRepository(); + repository.setId(id); + repository.setUrl(url); + repository.setLayout(new DefaultRepositoryLayout()); + ArtifactRepositoryPolicy policy = new ArtifactRepositoryPolicy(true, ArtifactRepositoryPolicy.UPDATE_POLICY_NEVER, ArtifactRepositoryPolicy.CHECKSUM_POLICY_WARN); + repository.setSnapshotUpdatePolicy(policy); + repository.setReleaseUpdatePolicy(policy); + return repository; } } diff --git a/pomchecker-cli/src/test/java/org/kordamp/maven/checker/cli/internal/PomParserTest.java b/pomchecker-cli/src/test/java/org/kordamp/maven/checker/cli/internal/PomParserTest.java index 24e8314b..bf329397 100644 --- a/pomchecker-cli/src/test/java/org/kordamp/maven/checker/cli/internal/PomParserTest.java +++ b/pomchecker-cli/src/test/java/org/kordamp/maven/checker/cli/internal/PomParserTest.java @@ -21,16 +21,29 @@ import org.junit.jupiter.api.Test; import java.io.File; +import java.net.URI; import java.net.URL; +import java.nio.file.Path; +import java.util.Collections; +import java.util.Set; import static org.junit.jupiter.api.Assertions.assertEquals; class PomParserTest { + void parseSingle() throws Exception { + URL resource = getClass().getClassLoader().getResource("test-pom.xml"); + MavenProject mavenProject = PomParser.createMavenProject(new File(resource.toURI()), Collections.emptySet()); + assertEquals("quarkus-slack-parent", mavenProject.getArtifactId()); + } @Test - void parse() throws Exception { - URL resource = getClass().getClassLoader().getResource("test-pom.xml"); - MavenProject mavenProject = PomParser.createMavenProject(new File(resource.toURI())); - assertEquals("quarkus-slack-parent",mavenProject.getArtifactId()); + void parseWithLocalRepository() throws Exception { + URL resource = getClass().getClassLoader().getResource("repository/com/acme/child/1.0.0/child-1.0.0.pom"); + URI uri = getClass().getClassLoader().getResource("repository").toURI(); + Set repositories = Collections.singleton(new File(uri).toPath()); + MavenProject mavenProject = PomParser.createMavenProject(new File(resource.toURI()), repositories); + assertEquals("com.acme", mavenProject.getGroupId()); + assertEquals("child", mavenProject.getArtifactId()); + assertEquals("1.0.0", mavenProject.getVersion()); } } diff --git a/pomchecker-cli/src/test/resources/repository/com/acme/child/1.0.0/child-1.0.0.pom b/pomchecker-cli/src/test/resources/repository/com/acme/child/1.0.0/child-1.0.0.pom new file mode 100644 index 00000000..7799cb76 --- /dev/null +++ b/pomchecker-cli/src/test/resources/repository/com/acme/child/1.0.0/child-1.0.0.pom @@ -0,0 +1,32 @@ + + + + 4.0.0 + + com.acme + parent + 1.0.0 + + child + 1.0.0 + pom + + diff --git a/pomchecker-cli/src/test/resources/repository/com/acme/child/1.0.0/child-1.0.0.pom.asc b/pomchecker-cli/src/test/resources/repository/com/acme/child/1.0.0/child-1.0.0.pom.asc new file mode 100644 index 00000000..a55efa6f --- /dev/null +++ b/pomchecker-cli/src/test/resources/repository/com/acme/child/1.0.0/child-1.0.0.pom.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP MESSAGE----- +Version: BCPG v@RELEASE_NAME@ + +owCJAhwEAAECAAYFAmbYkIwACgkQzMVcUWdBmtuZew/9Eyh5199gCKU/0CiZU/DK +U6bpjWQs1pxr7+RKXjvlh+JisUewUJ1kXL218abN+FB9PEoEufHbX+xr34mR0l9W +pIZAM6SfnW/eTvGkfason4GpSYlSRalGP2w+h8Fx2t41Usf6k7/FvZPka2giFv+J +2oOgdKYoxKbx+HSww8fB8btVRw9YM0McYfmmMbVd3dL4vw/jP3+BsPz065zz/Jmz +oUR4JMmfr+QXIC3Kf7ldMROU75Wd0sNfIzEE/W3jw/bLw1HyI7zp9WO4f/nxby6j +TStuQHAx8Js8i9b20egZrAPTrJGhCMz341MMPQlUJtC+/UEzmiPCx1rU7XOzuPqE +Sl9vFtH3DUCstXrvwrhLxPb21Tq1e8SZahTdLprh8KqaJYFAuJsPOSpGk4D70FZf +tZ3E8IJcsiIXTRaPMI7yvimDfrmAzc3kpFkoUWuAYSlg+qinBe4YPIlhK332rsZ9 +BIowHTwG1g18hRIn2AyP9xsgaClvmu6cOfZpBfYropvCg9vcitisR9SUF4oo0EOK +d+5Wk+QnSqLMUcVuzDaiXK0TOs9HYIMFN3lk0krN4CjrVzjl8JeZTwtQ/7wuBWOP +VmJIfxPpG4g2oV+9ohQH3Rzl7nBeAG7ewbmtXzGxwKTl591DsY3ECxjuAnd7YfB0 +YwJrQ+oo044BBb8wUTkEmpc= +=oJ9g +-----END PGP MESSAGE----- diff --git a/pomchecker-cli/src/test/resources/repository/com/acme/child/1.0.0/child-1.0.0.pom.md5 b/pomchecker-cli/src/test/resources/repository/com/acme/child/1.0.0/child-1.0.0.pom.md5 new file mode 100644 index 00000000..74639dbc --- /dev/null +++ b/pomchecker-cli/src/test/resources/repository/com/acme/child/1.0.0/child-1.0.0.pom.md5 @@ -0,0 +1 @@ +1974de60c85c85e53bea36d250ea74ec \ No newline at end of file diff --git a/pomchecker-cli/src/test/resources/repository/com/acme/child/1.0.0/child-1.0.0.pom.sha1 b/pomchecker-cli/src/test/resources/repository/com/acme/child/1.0.0/child-1.0.0.pom.sha1 new file mode 100644 index 00000000..978d13b1 --- /dev/null +++ b/pomchecker-cli/src/test/resources/repository/com/acme/child/1.0.0/child-1.0.0.pom.sha1 @@ -0,0 +1 @@ +a0f8d95f7a3b49b0a5c9ea8bba8d304ca339d8f4 \ No newline at end of file diff --git a/pomchecker-cli/src/test/resources/repository/com/acme/child/1.0.0/child-1.0.0.pom.sha256 b/pomchecker-cli/src/test/resources/repository/com/acme/child/1.0.0/child-1.0.0.pom.sha256 new file mode 100644 index 00000000..fa8a133a --- /dev/null +++ b/pomchecker-cli/src/test/resources/repository/com/acme/child/1.0.0/child-1.0.0.pom.sha256 @@ -0,0 +1 @@ +bd9d7622d52effb6420a39849000191104a1675da8d545dc7e025ff8731d518e \ No newline at end of file diff --git a/pomchecker-cli/src/test/resources/repository/com/acme/child/1.0.0/child-1.0.0.pom.sha512 b/pomchecker-cli/src/test/resources/repository/com/acme/child/1.0.0/child-1.0.0.pom.sha512 new file mode 100644 index 00000000..c345aedd --- /dev/null +++ b/pomchecker-cli/src/test/resources/repository/com/acme/child/1.0.0/child-1.0.0.pom.sha512 @@ -0,0 +1 @@ +31b3d2f758857cd1efcc0c4f497dd8a15c74d86afe5c887567a981865d3bee14bdd4fab19c3d82770633ef9421c59ec95abb7a861bafafb52cc6df666b74dcbf \ No newline at end of file diff --git a/pomchecker-cli/src/test/resources/repository/com/acme/child/maven-metadata.xml b/pomchecker-cli/src/test/resources/repository/com/acme/child/maven-metadata.xml new file mode 100644 index 00000000..4e2cc00d --- /dev/null +++ b/pomchecker-cli/src/test/resources/repository/com/acme/child/maven-metadata.xml @@ -0,0 +1,31 @@ + + + + com.acme + child + + 1.0.0 + + 1.0.0 + + 20240904163555 + + \ No newline at end of file diff --git a/pomchecker-cli/src/test/resources/repository/com/acme/parent/1.0.0/parent-1.0.0.pom b/pomchecker-cli/src/test/resources/repository/com/acme/parent/1.0.0/parent-1.0.0.pom new file mode 100644 index 00000000..16dc6c74 --- /dev/null +++ b/pomchecker-cli/src/test/resources/repository/com/acme/parent/1.0.0/parent-1.0.0.pom @@ -0,0 +1,28 @@ + + + + 4.0.0 + com.acme + parent + 1.0.0 + pom + + diff --git a/pomchecker-cli/src/test/resources/repository/com/acme/parent/1.0.0/parent-1.0.0.pom.asc b/pomchecker-cli/src/test/resources/repository/com/acme/parent/1.0.0/parent-1.0.0.pom.asc new file mode 100644 index 00000000..b95f9b77 --- /dev/null +++ b/pomchecker-cli/src/test/resources/repository/com/acme/parent/1.0.0/parent-1.0.0.pom.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP MESSAGE----- +Version: BCPG v@RELEASE_NAME@ + +owCJAhwEAAECAAYFAmbYkIwACgkQzMVcUWdBmtvsqhAAoQwMwsDcthX7cTtlK9/8 +hsbILRiQk7iUW5f727QE2OjtpRIXpQt2uf7KjVGzbd5EwbAWi4E9WDtFuTaF2oLx +nZ7UxqDtQcHomUHesw3VYGeZ1nVc4A+P+yUi8lipCNHtrwYBllJ9TIKiWqlg6Ieu +P5bQ12mS7Ug6/rHy9HxPMdwArKnBFeVlD+AGxIWYfgaZ2mQy8u/wPNyuLTljjg/0 +fxj3uLZ70KcKcemLkPc//nANf+B/JaemWzZnowPAyKWHeVVpdf7VNoTZRihM3Arv +Do+M7Y7n77RmAqoSkgJoGLtQvdigOzrcgivZcF2eLOJP2rAORRDCw9KIFqq+IQju +8fsNIfL6RO77zGLeSVghiqoc+3WelSTF9Y6FgASDvHuRZsrlme+MjZkD+3ZlWks4 +iv4OfOhd809nbUeazgVjJ4Ab2fw9e0zyHqTDM7aCaPfZ63u2Nb6s9+IhhnGzlo8c +O5hO9II9vah4fH84SzqyjX7+igaXt9tChpn3SV+gMNo1h3eQeqtxkASSRtwlLqhV +Zgt38FYoM6yDd538tB1+QgK4B8eqn1jXwPPmpsbN4Y2OLgWyUifcP7sjJSfU6Xbg +4gRs1hEczjrf0GUp1wqymWKwDL6FpunRL3of0kPcficqHjBxle2K3ihvj6KZSXzT +3pn7RE/h03ZVKFKMzSbkm2s= +=V9YU +-----END PGP MESSAGE----- diff --git a/pomchecker-cli/src/test/resources/repository/com/acme/parent/1.0.0/parent-1.0.0.pom.md5 b/pomchecker-cli/src/test/resources/repository/com/acme/parent/1.0.0/parent-1.0.0.pom.md5 new file mode 100644 index 00000000..e7c5ed19 --- /dev/null +++ b/pomchecker-cli/src/test/resources/repository/com/acme/parent/1.0.0/parent-1.0.0.pom.md5 @@ -0,0 +1 @@ +024b7fca982b7b8585d3e183335b2069 \ No newline at end of file diff --git a/pomchecker-cli/src/test/resources/repository/com/acme/parent/1.0.0/parent-1.0.0.pom.sha1 b/pomchecker-cli/src/test/resources/repository/com/acme/parent/1.0.0/parent-1.0.0.pom.sha1 new file mode 100644 index 00000000..ae000c27 --- /dev/null +++ b/pomchecker-cli/src/test/resources/repository/com/acme/parent/1.0.0/parent-1.0.0.pom.sha1 @@ -0,0 +1 @@ +70cebe682374b6f0822cbd9107e84bb65fd82f9a \ No newline at end of file diff --git a/pomchecker-cli/src/test/resources/repository/com/acme/parent/1.0.0/parent-1.0.0.pom.sha256 b/pomchecker-cli/src/test/resources/repository/com/acme/parent/1.0.0/parent-1.0.0.pom.sha256 new file mode 100644 index 00000000..c455ff6c --- /dev/null +++ b/pomchecker-cli/src/test/resources/repository/com/acme/parent/1.0.0/parent-1.0.0.pom.sha256 @@ -0,0 +1 @@ +61b57bb51d8decc499215521a9c8d6825aa891d77ef36cd15390430b7fcfe7db \ No newline at end of file diff --git a/pomchecker-cli/src/test/resources/repository/com/acme/parent/1.0.0/parent-1.0.0.pom.sha512 b/pomchecker-cli/src/test/resources/repository/com/acme/parent/1.0.0/parent-1.0.0.pom.sha512 new file mode 100644 index 00000000..a85c79ef --- /dev/null +++ b/pomchecker-cli/src/test/resources/repository/com/acme/parent/1.0.0/parent-1.0.0.pom.sha512 @@ -0,0 +1 @@ +6f4e6614bbc02f6fee96270ed7bf0712fda8cd6475d5ef6d6925a348323f62653768176ccf68cd0a5a96e5008e6563451c123661e818efb1be6a87769ea5fee5 \ No newline at end of file diff --git a/pomchecker-cli/src/test/resources/repository/com/acme/parent/maven-metadata.xml b/pomchecker-cli/src/test/resources/repository/com/acme/parent/maven-metadata.xml new file mode 100644 index 00000000..4e2cc00d --- /dev/null +++ b/pomchecker-cli/src/test/resources/repository/com/acme/parent/maven-metadata.xml @@ -0,0 +1,31 @@ + + + + com.acme + child + + 1.0.0 + + 1.0.0 + + 20240904163555 + + \ No newline at end of file