How polite is to enforcer.skip?

[Aldrin Leal]

Hey there,

I'm updating one of my plugins, and I ran into the RequireUpperBoundDeps issue:

$ mvn clean package

[INFO] Scanning for projects...

[INFO] 

[INFO] -------< br.com.ingenieux.jenkins.plugins:codecommit-url-helper >-------

[INFO] Building AWS CodeCommit URL Helper 0.0.2-SNAPSHOT

[INFO] --------------------------------[ hpi ]---------------------------------

[INFO] 

[INFO] --- maven-clean-plugin:3.0.0:clean (default-clean) @ codecommit-url-helper ---

[INFO] 

[INFO] --- maven-hpi-plugin:2.6:validate (default-validate) @ codecommit-url-helper ---

[INFO] 

[INFO] --- maven-enforcer-plugin:3.0.0-M1:display-info (display-info) @ codecommit-url-helper ---

[INFO] Maven Version: 3.5.4

[INFO] JDK Version: 1.8.0_151 normalized as: 1.8.0-151

[INFO] OS Info: Arch: amd64 Family: unix Name: linux Version: 4.13.0-46-generic

[INFO] 

[INFO] --- maven-enforcer-plugin:3.0.0-M1:enforce (display-info) @ codecommit-url-helper ---

[WARNING] Rule 4: org.apache.maven.plugins.enforcer.RequireUpperBoundDeps failed with message:

Failed while enforcing RequireUpperBoundDeps. The error(s) are [

Require upper bound dependencies error for org.jenkins-ci:annotation-indexer:1.11 paths to dependency are:

+-br.com.ingenieux.jenkins.plugins:codecommit-url-helper:0.0.2-SNAPSHOT

  +-org.jenkins-ci.plugins:git:3.9.1

    +-org.jenkins-ci:annotation-indexer:1.11

and

+-br.com.ingenieux.jenkins.plugins:codecommit-url-helper:0.0.2-SNAPSHOT

  +-org.jenkins-ci.main:jenkins-core:2.121.3

    +-org.jenkins-ci:annotation-indexer:1.12

and

+-br.com.ingenieux.jenkins.plugins:codecommit-url-helper:0.0.2-SNAPSHOT

  +-org.kohsuke:access-modifier-annotation:1.15

    +-org.jenkins-ci:annotation-indexer:1.4

and

+-br.com.ingenieux.jenkins.plugins:codecommit-url-helper:0.0.2-SNAPSHOT

  +-org.jenkins-ci.plugins:git:3.9.1

    +-com.infradna.tool:bridge-method-annotation:1.17

      +-org.jenkins-ci:annotation-indexer:1.4

and

+-br.com.ingenieux.jenkins.plugins:codecommit-url-helper:0.0.2-SNAPSHOT

  +-org.jenkins-ci.main:jenkins-core:2.121.3

    +-org.jenkins-ci:bytecode-compatibility-transformer:1.8

      +-org.jenkins-ci:annotation-indexer:1.4

, 

Require upper bound dependencies error for org.jenkins-ci.plugins:junit:1.2 paths to dependency are:

+-br.com.ingenieux.jenkins.plugins:codecommit-url-helper:0.0.2-SNAPSHOT

  +-org.jenkins-ci.plugins:git:3.9.1

    +-org.jenkins-ci.plugins:matrix-project:1.7.1

      +-org.jenkins-ci.plugins:junit:1.2

and

+-br.com.ingenieux.jenkins.plugins:codecommit-url-helper:0.0.2-SNAPSHOT

  +-org.jenkins-ci.plugins:git:3.9.1

    +-org.jenkins-ci.plugins:mailer:1.18

      +-org.jenkins-ci.plugins:display-url-api:0.2

        +-org.jenkins-ci.plugins:junit:1.3

]

[INFO] ------------------------------------------------------------------------

[INFO] BUILD FAILURE

[INFO] ------------------------------------------------------------------------

[INFO] Total time: 7.760 s

[INFO] Finished at: 2018-08-17T16:54:32-05:00

[INFO] ------------------------------------------------------------------------

[ERROR] Failed to execute goal org.apache.maven.plugins:maven-enforcer-plugin:3.0.0-M1:enforce (display-info) on project codecommit-url-helper: Some Enforcer rules have failed. Look above for specific messages explaining why the rule failed. -> [Help 1]

[ERROR] 

[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.

[ERROR] Re-run Maven using the -X switch to enable full debug logging.

[ERROR] 

[ERROR] For more information about the errors and possible solutions, please read the following articles:

[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException

What should be the right approach? In my case, this plugin explictly depends on both Git and AWS Credentials

--
-- Aldrin Leal, <ald...@leal.eng.br> / https://ingenieux.io/about/

[Daniel Beck]

> On 17. Aug 2018, at 23:55, Aldrin Leal <ald...@leal.eng.br> wrote:
>
> What should be the right approach?

If you cannot update your dependencies to make the transitive dependencies consistent, try adding explicit dependencies on:

+-org.jenkins-ci.plugins:junit:1.3
+-org.jenkins-ci:annotation-indexer:1.12

[Ulli Hafner]

Declaring it as direct dependency will work but feels wrong from an architectural viewpoint. Isn‘t there anything we can do to make this process simpler for Jenkins plugins? Dependency resolution of Jenkins plugin versions is done dynamically when Jenkins starts so it does not make much sense that Maven checks the static build-time versions of plugins. These version will be never user in practice, normally you always run Jenkins with the latest versions.

> --
> You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/99A4CC71-3B23-44DD-ADA7-468D41F7F7FA%40beckweb.net.
> For more options, visit https://groups.google.com/d/optout.

[Jesse Glick]

On Sat, Aug 18, 2018 at 2:16 PM Ulli Hafner <ullrich...@gmail.com> wrote:
> Declaring it as direct dependency will work but feels wrong

I would rather suggest using `<dependencyManagement>`.

> Isn‘t there anything we can do to make this process simpler for Jenkins plugins?

> […]

> These version will be never user in practice, normally you always run Jenkins with the latest versions.

That is why I advocate JENKINS-47498¹ to address this and other
issues. You would merely pick some number for the parent POM (or
perhaps some other property or meta-import in your POM), giving you a
set of dependency management guaranteed to be consistent; and if you
wanted to use some newer APIs, just pick a newer (probably the newest)
number.

¹ https://issues.jenkins-ci.org/browse/JENKINS-47498