This repository has been archived by the owner on Apr 9, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 13
/
TODO
106 lines (66 loc) · 4.39 KB
/
TODO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
When inspecting artifactIds, groupIds, versions, etc, from the original model, it'll miss things.
- eg. version in depMgmt may be 1.3, and in deps it may be overridden as ${somever}, which *may* resolve to 1.3
make properties for configuration consistent
fix misleading error messages from GAVOrder rule
make version-property-hyphen rule suppressable from the property itself.
generate (better?) output report file
figure out what to do about multi-module projects
revisit rule configuration (spring vs not-spring)
mojo help
What to do about profiles?
Rules:
In Maven 3.0, all pom.* properties are deprecated. Use project.* instead!
Was there at one time a projectVersion property as well?
Profiles named "with-*" should only ever add modules.(Company specific best-practice)
- should make it easy for users of the plugin to create a rule like this
The string "target" should never be in poms.
- Suggest project.output.directory, or for target/classes, project.build.outputDirectory.
No duplicate dependencies.
No dependencies being version-managed by Maven.
No more than X children of a parent declaring a dependency with the same version.
MNG-1577?
- are there other bugs with Maven or plugins that lint could help avoid?
- some we’ve run into:
- [JA] MRELEASE-274
- MINVOKER-118
- MSITE-604
- MSITE-501
- MRELEASE-715
- MCOMPILER-130 (fixed in 2.4, but not released yet)
[JA] when a plugin is pinned to a specific version due to a bug (with particularly formatted
comment), checking Jira to see if there’s a newer version of that plugin with the bug fixed
would be neat.
- [DL] mvn lint:checkJIRA, or something like that
[JA] I don’t like version ranges. Something to check for them and complain if they a) exist, b)
are too wide.
http://mail-archives.apache.org/mod_mbox/maven-dev/200703.mbox/%[email protected]%3E
Repositories in the pom
distributionManagement overridden in child pom?
Timestamped-snapshot dependency
If the plugin block is not defining an execution (and thus binding maven to do something in the lifecycle), put that block in pluginManagment
Grouping dependencies with the same groupId together in the pom
Blacklist certain dependencies, like the big-spring artifact.
Filtered resources not in src/xyz/filtered-resources (Company specific best-practice)
- should make it easy for users of the plugin to create a rule like this
http://www.slideshare.net/brettporter/more-apache-maven-best-practices-presentation
Repetition instead of properties (for dependency versions, and other things)
Ban "LATEST" and "RELEASE" version dependencies/plugins
What about scopes? Overriding scope of parent's dependency in a child?
[JA] nested empty stanzas. eg. “<build><pluginManagement></pluginManagement><plugins></plugins></build>” should say “Delete <build>.”
[JA] If an artifact has <scope>compile</scope>, ensure its overriding a non-compile scope (and recommend a comment about it).
[JA] Certain artifacts are really just interfaces and have an associated -impl package;
ensuring the scope of those packages is correct. (probably should be ‘provided’)
Archetypes: need to check src/main/resources/archetype-resources/pom.xml has @project.version@ not a hardcoded version?
[JA] Sometimes a set of artifacts are related to each other (foo and foo-impl) and are best to share the same version number. Warning if version differs/specified multiple times and optionally suggest to push into property?
[JA] Standardizing on how to specify version number properties for particular packages (spring.version vs com.springsource.version/etc).
[JA] Look for bad advice on Stack Overflow.
[JA] Best practices around enabling/disabling pmd/checkstyle/findbugs/cpd plugins on command line builds vs CI builds vs Eclipse.
[JA] Are you using the deploy plugin to deploy a file when it would be better to just attach it to the reactor via build-helper plugin?
[JA] Are there “bad” ways to detect M2E? (recommended right now is <property><name>m2e.version).
Anything around site?
Plugin executions bound to lifecycles that execute in different order than defined in the pom as read top-to-bottom
ArtifactItems (ie. in dependency plugin) that aren't listed as dependencies.
Look for empty list elements:
<exclusions></exclusions>
<executions></executions>
Also see “nested empty stanzas” above.