Option to use Enforcer rule for obsolete dependency management#1381
Draft
jglick wants to merge 13 commits intojenkinsci:masterfrom
Draft
Option to use Enforcer rule for obsolete dependency management#1381jglick wants to merge 13 commits intojenkinsci:masterfrom
jglick wants to merge 13 commits intojenkinsci:masterfrom
Conversation
- Add maven-hpi-plugin as dependency to maven-enforcer-plugin - Add requireNonObsoleteDependencyManagement rule to display-info execution - Add smoke test IT verifying rule loads and detects obsolete overrides - Add skip-property IT verifying plugins can disable via property The rule will activate once an incremental release of maven-hpi-plugin containing the rule is available. Until then, the ITs demonstrate the configuration is correct but will fail with the current stable version. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Configure rule in display-info execution after requireUpperBoundDeps - Add ignorePattern for junit:junit (intentionally managed by plugin-pom, but appears in guice-bom's effective dependencyManagement) - Update hpi-plugin.version to 3.1820.vd1b_1b_09038b_e (incremental with the rule) The junit:junit exclusion is needed because jenkins-bom imports guice-bom (jenkinsci/jenkins#6014), and guice-bom inherits junit:junit:4.13.2 from guice-parent for guice-testlib support. This conflicts with plugin-pom's intentional management of test library versions. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
jglick
commented
Apr 27, 2026
|
|
||
| Note: jenkins-bom imports guice-bom (added in jenkinsci/jenkins#6014), | ||
| which transitively brings junit into jenkins-bom's effective dependencyManagement. | ||
| This decision may need to be revisited - see jenkinsci/jenkins#6014. |
Closed
jglick
commented
Apr 27, 2026
Comment on lines
+1016
to
+1017
| <writeJunitReport>true</writeJunitReport> | ||
| <junitPackageName>io.jenkins.tools.plugin_pom.its</junitPackageName> |
…a1484e168ab24f4e3270dd4a
…in-pom into dependencyManagement
jglick
changed the title
Since a91c5cc the rule is skipped by default, so add an integration test that explicitly opts in (skip=false) and verifies the build passes when there are no obsolete overrides. Also improve the postbuild assertions to check for specific log messages that confirm the rule actually executed rather than being skipped. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
Adds an opt-in Maven Enforcer rule (sourced from maven-hpi-plugin) to detect obsolete dependencyManagement overrides, along with new integration tests to validate failing, passing, and skipped scenarios.
Changes:
- Bump
maven-hpi-pluginversion and wire it as a dependency ofmaven-enforcer-pluginto expose the new rule. - Add opt-in property
requireNonObsoleteDependencyManagement.skip(defaulting to skip) and configure the rule with an ignore pattern. - Add 3 new Maven Invoker ITs covering: clean (no overrides), smoke (obsolete override fails), and skip-property (rule skipped).
Reviewed changes
Copilot reviewed 14 out of 14 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
pom.xml |
Enables/configures the new enforcer rule (opt-in via skip property), bumps HPI plugin version, and emits JUnit reports for IT runs. |
consume-incrementals |
Tracks the upstream PR this change depends on. |
src/it/bom-obsolete-override-clean/pom.xml |
IT project verifying “no obsolete overrides” case when the rule is enabled. |
src/it/bom-obsolete-override-clean/invoker.properties |
Runs the clean IT with standard goals. |
src/it/bom-obsolete-override-clean/postbuild.groovy |
Asserts the rule executed and reported no violations. |
src/it/bom-obsolete-override-clean/src/main/resources/index.jelly |
Minimal Jelly view required for an HPI IT project. |
src/it/bom-obsolete-override-smoke/pom.xml |
IT project with an intentionally obsolete override to ensure the rule fails the build when enabled. |
src/it/bom-obsolete-override-smoke/invoker.properties |
Runs the smoke IT and expects a failure result. |
src/it/bom-obsolete-override-smoke/postbuild.groovy |
Asserts the rule executed and detected the obsolete override in logs. |
src/it/bom-obsolete-override-smoke/src/main/resources/index.jelly |
Minimal Jelly view required for an HPI IT project. |
src/it/bom-obsolete-override-skip-property/pom.xml |
IT project intended to verify the rule is skipped when the skip property is enabled/defaulted. |
src/it/bom-obsolete-override-skip-property/invoker.properties |
Runs the skip-property IT with standard goals. |
src/it/bom-obsolete-override-skip-property/postbuild.groovy |
Asserts the rule was skipped and no violation message appears. |
src/it/bom-obsolete-override-skip-property/src/main/resources/index.jelly |
Minimal Jelly view required for an HPI IT project. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Downstream of jenkinsci/maven-hpi-plugin#883. For now I am letting this be opt-in since the implementation is a bit crufty and there are surely a lot of edge cases.
oidc-providerand in some CloudBees CI plugins)hpi-plugin.version=999999-SNAPSHOT(Enforcer croaks with a CNFE; workaround: wait until CI publishes an incremental of each upstream commit)