jonathanlermitage / oga-maven-plugin Goto Github PK

:jigsaw: Old GroupIds Alerter - A Maven plugin that checks for deprecated groupId+artifactId (e.g. did you know that graphql-spring-boot-starter moved from com.graphql-java to com.graphql-java-kickstart?).

Home Page: https://central.sonatype.com/search?q=biz.lermitage.oga

License: MIT License

Shell 2.92% Batchfile 2.67% Kotlin 94.40%

maven-plugin dependency-analysis

oga-maven-plugin's Introduction

Senior Backend Software Developer playing with IntelliJ plugins, Spring Boot, Java, Kotlin, Python, Docker and Kubernetes 🐱.

oga-maven-plugin's People

Contributors

Stargazers

Watchers

Forkers

froque merikan pwhittlesea delanym dertobsch timtebeek

oga-maven-plugin's Issues

Jetty 12

https://eclipse.dev/jetty/documentation/jetty-12/programming-guide/index.html#pg-migration-11-to-12

check version

Reduce false positives by checking on a per version basis.
For example, I'm still using commons-collections:commons-collections:3.2.2. This should not be changed to org.apache.commons:commons-collections4:3.2.2

reactivex

io.reactivex -> io.reactivex.rxjava2
- ReactiveX/RxJava#4031
- https://github.com/ReactiveX/RxJava/wiki/What's-different-in-2.0
io.reactivex.rxjava2 -> io.reactivex.rxjava3
- ReactiveX/RxJava#6421
- https://github.com/ReactiveX/RxJava/wiki/What's-different-in-3.0

request skip option

Hi,
I like to request a skip option, for two reasons:

In the cases where I do not have a internet connection, I would like the possibility to skip the check on the command line.
In our multi-branch pipeline we first want to know if the feature is compiling successfully, and in a later step on this check with the enforcer checks.

Since I am not able to create a pull request, please consider my supplied ZIP file

feature.zip
(edit) removed the patch file, because it had my email

Strange output when not failing the build

After solving #18 the build output is a little bit awkward when the flag is false.

[INFO] --- oga-maven-plugin:1.3.0:check (new-artifacts) @ railz.algemeen ---
[INFO] Old GroupId Alerter - github.com/jonathanlermitage/oga-maven-plugin
[INFO] Loading definitions from https://raw.githubusercontent.com/jonathanlermitage/oga-maven-plugin/master/uc/og-definitions.json
[INFO] Loaded 423 definitions, updated on 2021/06/27
[INFO] Checking dependencies...
[ERROR] 'javax.servlet:javax.servlet-api' should be replaced by 'jakarta.servlet:jakarta.servlet-api' (context: Java EE new home is Jakarta EE, see https://wiki.eclipse.org/Jakarta_EE_Maven_Coordinates)
[ERROR] Project has old dependencies; see warning/error messages
[INFO] No problem detected. Good job! :-)

I think the last line should be suppressed if there are errors.

failOnError broken

This configuration will fail the build if a relocation is found:

      <plugin>
        <groupId>biz.lermitage.oga</groupId>
        <artifactId>oga-maven-plugin</artifactId>
        <version>1.8.0</version>
        <executions>
          <execution>
            <id>default-cli</id>
            <goals>
              <goal>check</goal>
            </goals>
            <phase>validate</phase>
            <configuration>
              <failOnError>false</failOnError>
              <skip>false</skip>
            </configuration>
          </execution>
        </executions>
      </plugin>

[feaure request] make the og-definitions.json configurable

Hi,

Thanks for your plugin contribution, it is useful.
It would be even more useful if we could add an alternative og-definitions.json which would be either concatenated with the one provided with the plugin and/or one with either no public libraries or so old libraries that would make no sense to add in this very public definition file.

If this feature already exists, it would be nice to document it.

Here an example how maven-checkstyle-plugin add the configurable definitions for checkstyle configuration.

<plugin>
	<groupId>org.apache.maven.plugins</groupId>
	<artifactId>maven-checkstyle-plugin</artifactId>
	<executions>
		<execution>
			<id>validate</id>
			<phase>validate</phase>
			<goals>
				<goal>check</goal>
			</goals>
			<configuration>
				<configLocation>./</configLocation>
				<suppressionsLocation>./</suppressionsLocation>
			</configuration>
		</execution>
	</executions>
</plugin>

graphql-java-runtime module no longer exists

The graphql-java-runtime module no longer exists . If you're using, you must change to one of graphql-java-client-runtime or graphql-java-server-runtime.

https://github.com/graphql-java-generator/graphql-maven-plugin-project/blob/master_2.x/CHANGELOG.md#1181

Output warnings instead of failing the build

I would like to add this plugin to our standard build to make developers aware of these relocations. Unfortunately, the plugin only supports the failing of the build instead of just output warnings.

Could it be an option to not fail the build?

list relocated Maven projects

Some projects may use the relocation tag (see Maven Guide to relocation).
Improve the maven-index-search-suspect-coordinates project to generate a list of relocated poms.

oga-maven-plugin not working over internet proxy nor can it use local files

I put in my pom.xml:

<reporting>
  <plugins>
    ...	
    <plugin>
      <groupId>biz.lermitage.oga</groupId>
      <artifactId>oga-maven-plugin</artifactId>
      <version>1.8.0</version>
    </plugin>
  </plugins>
</reporting>

When I execute:
mvn biz.lermitage.oga:oga-maven-plugin:check

I get:

[INFO] --- oga-maven-plugin:1.8.0:check (default-cli) @ HelloWorld ---
[INFO] Old GroupId Alerter - github.com/jonathanlermitage/oga-maven-plugin
[INFO] Loading definitions from https://raw.githubusercontent.com/jonathanlermitage/oga-maven-plugin/master/uc/og-definitions.json
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  2.672 s
[INFO] Finished at: 2023-02-06T16:02:10+01:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal biz.lermitage.oga:oga-maven-plugin:1.8.0:check (default-cli) on project HelloWorld:
Plugin failure, please report it to github.com/jonathanlermitage/oga-maven-plugin: Connection refused: connect -> [Help 1]

I have other Maven plugins (e.g. org.owasp / dependency-check-maven) which do manage to download their stuff.
(I'm on Windows + Java 8 and I have environmental variables https_proxy and http_proxy properly set up.)

I thought I could have a workaround - download these .json files locally and point to them:

<plugin>
  <groupId>biz.lermitage.oga</groupId>
  <artifactId>oga-maven-plugin</artifactId>
  <version>1.8.0</version>

  <configuration>
    <ogDefinitionsUrl>src/test/resources/og-definitions.json</ogDefinitionsUrl>
    <ogUnofficialDefinitionsUrl>src/test/resources/og-unofficial-definitions.json</ogUnofficialDefinitionsUrl>
  </configuration>
</plugin>

...but the result is exactly the same.

Add GitHub issue template form for new entries

Hi! Love the project here; I'm wondering if it would help to add a GitHub issue form for new submissions. To start with that might help to standardize new submissions. Once established one could even automate the creation of a PR from a filled in issue form, to further reduce the work (even if it's likely minimal to start with).

Support for additional migrations without overriding community contributed migrations

Having the migrations file managed within this Github repo is fantastic as users of this module can benefit from the community contributions to relocated dependencies.

As a user I have many libraries which I maintain myself and I would love to have a 'business-wide' definition file.
I can specify the ogDefinitionsUrl property to point to a self-managed definitions file but I then lose out on updates to the community contributions.

What would be great is if I had a way to specify an 'additions' file which meant the plugin pulled in ogDefinitionsUrl and then added in my extra definitions. Maybe a property called ogAdditionalDefinitionsUrl?

So if:

ogDefinitionsUrl was set to https://raw.githubusercontent.com/jonathanlermitage/oga-maven-plugin/master/uc/og-definitions.json
ogAdditionalDefinitionsUrl was set to https://smallbusiness.lan/my-gitlab-instance/business-config/og-definitions.json

And the file at ogDefinitionsUrl contained:

{
    "version": "22",
    "date": "2022/07/07",
    "migration": [
        {
            "old": "acegisecurity",
            "new": "org.acegisecurity"
        }
    ]
}

And file at ogAdditionalDefinitionsUrl contained:

{
    "version": "22",
    "date": "2022/07/07",
    "migration": [
        {
            "old": "lan.smallbusiness:my-framework",
            "new": "lan.smallbusiness:my-relocated-framework"
        }
    ]
}

Then our 'effective' migrations would be:

acegisecurity -> org.acegisecurity
lan.smallbusiness:my-framework -> lan.smallbusiness:my-relocated-framework

Before I jump in and try contribute some code what do people think? Any objections?

apollographql

Apollo Kotlin 3.0 uses a new identifier for its package name, Gradle plugin id, and maven group id: com.apollographql.apollo3.

https://www.apollographql.com/docs/kotlin/migration/3.0#package-name--group-id--plugin-id

remove mutually exclusive definitions

https://github.com/jonathanlermitage/oga-maven-plugin/blame/32253acb90dadc2c21cb42c7721d255095a985ad/uc/og-definitions.json#L533:

        {
            "old": "de.thksystems:tkscommons",
            "new": "de.thksystems:tkscommons-lang"
        },
        {
            "old": "de.thksystems:tkscommons-lang",
            "new": "de.thksystems:tkscommons"
        },

@froque I will add a unit test to detect couples that are mutually exclusive. This is something I should have done from the beginning :-D

jandex

The groupId would change from org.jboss[.jandex] to io.smallrye (or io.smallrye.jandex, but I'd probably prefer the first one :-) ).

task: have separate json for abandoned/stalled projects

implement #42 (comment)

Migration definition `mysql:mysql-connector-java` to `com.mysql:mysql-connector-j`

Old groupId

mysql

Old artifactId

mysql-connector-java

New groupId

com.mysql

New artifactId

mysql-connector-j

Context

MySQL Connector/J artifacts moved to reverse-DNS compliant Maven 2+ coordinates.

Additional information

Relocation record is up at: https://repo1.maven.org/maven2/mysql/mysql-connector-java/8.0.33/mysql-connector-java-8.0.33.pom

Is this an official migration by the same team?

Official
Unofficial

Groovy 4.0 relocation

In Groovy 4.0, the groupId of the maven coordinates for Groovy have changed from org.codehaus.groovy to org.apache.groovy. Please update your Gradle/Maven/other build settings appropriately.

http://groovy-lang.org/releasenotes/groovy-4.0.html

The released versions are still alpha, so I will not create a pull request, but created this issue to keep it on the backlog.

Hibernate ORM 6 relocation

https://hibernate.atlassian.net/browse/HHH-11444

For groupId, org.hibernate -> .org.hibernate.orm.

For artifactId:

hibernate-core -> hibernate-orm

for all others, replace the hibernate- prefix with hibernate-orm-.

The released versions are still alpha, so I will not create a pull request, but created this issue to keep it on the backlog.

Wiremock group id changed

Hi,

The group Id of Wiremock changes from com.github.tomakehurst to org.wiremock

See relocation hint on:
https://mvnrepository.com/artifact/com.github.tomakehurst/wiremock

Thanks and regards

false-positive rate

Hi, I'm considering using this plugin does anyone know the false-positive rate?

relocations for plugins

What is the difference between dependency-maven-plugin and maven-dependency-plugin?
Actually, they are the same, it's just that it was moved and renamed. The dependency-maven-plugin is hosted at Mojo while maven-dependency-plugin is hosted at Apache. The recommended plugin to use is the maven-dependency-plugin.

https://maven.apache.org/plugins/maven-dependency-plugin/faq.html#plugin_name

Shoud this oga-maven-plugin also analyze other maven plugins ?