Old GroupIds Alerter - Maven Plugin
A Maven plugin that checks for deprecated groupId + artifactId couples, in order to reduce usage of non-maintained 3rd-party code (e.g. did you know that artifact graphql-spring-boot-starter
moved from from com.graphql-java
to com.graphql-java-kickstart
?).
Works with Maven 3.3+ and JDK8+.
Looking for a Gradle plugin? Check oga-gradle-plugin.
Author
Jonathan Lermitage ([email protected])
Linkedin profile: jonathan-lermitage-092711142
Usage
Goal
There's one maven goal: biz.lermitage.oga:oga-maven-plugin:check
.
Execution will produce error message everytime a deprecated groupId + artifactId couple is found.
You may see something like [ERROR] 'com.graphql-java:graphql-spring-boot-starter' should be replaced by 'com.graphql-java-kickstart:graphql-spring-boot-starter'
, and Maven build failure.
Maven coordinates
Maven coordinates (Nexus):
<groupId>biz.lermitage.oga</groupId>
<artifactId>oga-maven-plugin</artifactId>
<version>1.7.0</version>
Configuration
You can use an alternate definitions file by using the ogDefinitionsUrl
property. You can also choose to not fail the build if deprecated dependencies are found with the failOnError
property (defaults to true):
<build>
<plugins>
<plugin>
<groupId>biz.lermitage.oga</groupId>
<artifactId>oga-maven-plugin</artifactId>
<version>1.7.0</version>
<configuration>
<ogDefinitionsUrl>https://your-custom-location/your-og-definitions.json</ogDefinitionsUrl>
<failOnError>false</failOnError>
</configuration>
</plugin>
</plugins>
</build>
You can also provide a JSON ignore-list in order to exclude some groupIds or groupId + artifactIds:
<configuration>
<ignoreListFile>local-ignore-list.json</ignoreListFile>
<!-- or -->
<ignoreListUrl>https://website.com/remote-ignore-list.json</ignoreListUrl>
</configuration>
Please see the sample ignore-list file. For each of your dependencies or proposed migrations, the plugin will ignore it if it finds its coordinates in the ignore-list. So, by ignoring "foo:bar" (or "foo"), you will ignore this coordinate from your project dependencies and from the definitions file.
You can skip check (useful in multi-branch pipeline) by using the oga.maven.skip
property.
Finally, you can also set configuration in command line with -DogDefinitionsUrl
, -DignoreListFile
, -DignoreListUrl
, -DfailOnError
, -Doga.maven.skip
properties.
Build
Just call ./mvnw clean install
or ./do i
to build plugin and install into local Maven repository.
Contribution
Code
Open an issue or a pull-request. Contributions must be tested at least on JDK8.
Please reformat new code only: do not reformat the whole project or entire existing file (in other words, try do limit the amount of changes in order to speed up code review).
Definitions file
The list of deprecated groupId + artifactId couples is stored in og-definitions.json file. To remove/update/add entries, you can open an issue, submit a merge request, or simply send an email ([email protected]).
Find new entries for definitions file
Go to maven-index-search-suspect-coordinates: this project downloads Maven Central indexes and looks for potential entries, then saves it to a file; i.e. artifactIds that exists for two different groupIds (keep in mind that 90~99% are false-positive).
You can view resulting file here: suspiciousCoordinates.txt (warning, it's a ~3 MB file).
A filtered version is available here: suspiciousCoordinates-filtered.txt (~500 KB). In this file, we keep only dependency couples where a groupId is a part of the other groupdId, like com.graphql-java
and com.graphql-java-kickstart
.
License
MIT License. In other words, you can do what you want: this project is entirely OpenSource, Free and Gratis.