Avoid using un-versioned plugins

If you have associated a plugin with your application POM, without a version, then Maven will download the corresponding maven-metadata.xml file and store it locally. Only the latest released version of the plugin will be downloaded and used in the project. This can easily create certain uncertainties. Your project might work fine with the current version of a plugin, but later if there is a new release of the same plugin, your Maven project will start to use the latest one automatically. This can result in unpredictable behaviors and lead to a debugging mess.

It is always recommended that you specify the plugin version along with the plugin configuration. You can enforce this as a rule, with the Maven enforcer plugin, as shown in the following code:

<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-enforcer-plugin</artifactId>
  <version>1.3.1</version>
  <executions>
    <execution>
      <id>enforce-plugin-versions</id>
      <goals>
        <goal>enforce</goal>
      </goals>
      <configuration>
        <rules>
          <requirePluginVersions>
            <message>………… <message>
            <banLatest>true</banLatest>
            <banRelease>true</banRelease>
            <banSnapshots>true</banSnapshots>
            <phases>clean,deploy,site</phases>
            <additionalPlugins>
              <additionalPlugin>
                org.apache.maven.plugins:maven-eclipse-plugin
              </additionalPlugin>
              <additionalPlugin>
                org.apache.maven.plugins:maven-reactor-plugin
              </additionalPlugin>
            </additionalPlugins>
            <unCheckedPluginList>
              org.apache.maven.plugins:maven-enforcer-plugin,org.apache.maven.plugins:maven-idea-plugin
            </unCheckedPluginList>
          </requirePluginVersions>
        </rules>
      </configuration>
    </execution>
  </executions>
</plugin>

The following points explain each of the key configuration elements defined in the previous code:

  • message: Use this to define an optional message to the user if the rule execution fails.
  • banLatest: Use this to restrict the use of LATEST as the version for any plugin.
  • banRelease: Use this to restrict the use of RELEASE as the version for any plugin.
  • banSnapshots: Use this to restrict the use of SNAPSHOT plugins.
  • banTimestamps: Use this to restrict the use of SNAPSHOT plugins with the timestamp version.
  • phases: This is a comma-separated list of phases that should be used to find lifecycle plugin bindings. The default value is clean,deploy,site.
  • additionalPlugins: This is a list of additional plugins to enforce to have versions. These plugins might not be defined in application POM files, but are used anyway, such as help and eclipse. The plugins should be specified in the groupId:artifactId form.
  • unCheckedPluginList: This is a comma-separated list of plugins to skip version checking.

    Note

    You can read more details about the requirePluginVersions rule at http://maven.apache.org/enforcer/enforcer-rules/requirePluginVersions.html.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.224.30.19