This is an automated email from the ASF dual-hosted git repository.
siddteotia pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pinot.git
The following commit(s) were added to refs/heads/master by this push:
new f164da11c3 Add Maven Enforcer Rule to automatically enforce Dependency
Management Guidelines during PR check-in (Part 2) (#15795)
f164da11c3 is described below
commit f164da11c335cc424aecdab89f7ca723ef2d7a73
Author: Eujean Lee <[email protected]>
AuthorDate: Thu May 15 13:12:35 2025 -0700
Add Maven Enforcer Rule to automatically enforce Dependency Management
Guidelines during PR check-in (Part 2) (#15795)
* yml file created
* Set up the environment and added Java logic to perform validation checks
* code clean up
* DepVerifier test hardcoded version within POM
* minor changes
* minor changes
* Complete Java logic that enforces dep guidelines + added
scala-2.13,version in root POM
* test isInsideTagBlock
* test isMaven
* test actual pom files
* fix on yml file
* yml file created
* Set up the environment and added Java logic to perform validation checks
* code clean up
* DepVerifier test hardcoded version within POM
* minor changes
* minor changes
* Complete Java logic that enforces dep guidelines + added
scala-2.13,version in root POM
* test isInsideTagBlock
* test isMaven
* test actual pom files
* fix on yml file
* class cannot find
* fix environment build
* Customize Maven Enforcer Plugin
* comment out pinotCustomDependencyVersionRule
* yml fix
* yml fix
* yml fix 1
* yml fix 2
* yml fix 3
* yml fix 4
* yml fix 5
* commented
* commented entire enforcer
* add back commented section
* delete yml and sh files
* Unit test done
* reorder pinot-dependency-verifier in modules list
* addressed Tianle's comments
* addressed remaining comments
* minor changes
* minor fix
* add `mvn clean install` in linter.sh
* batch 4
* batch 5
* batch 6
* add README, comments, set property true by default
* add license
* 2 phase build
* First PR: Install pinot-dependency-verifier before running full build
* Remove README.md
* Minor fix
* Full build with pinot-dependency-verifier + README
* 2 phase build in yml + add enforcer profile
* Update README, minor fix on error message
* Remove full build CLI + minor tweak in README
* Remove `run.dependency.verifier` property
---
.github/workflows/pinot_tests.yml | 6 ++
.github/workflows/scripts/.pinot_linter.sh | 2 +-
pinot-dependency-verifier/README.md | 79 ++++++++++++++++++++++
.../verifier/PinotCustomDependencyVersionRule.java | 3 +-
pom.xml | 37 ++++++++++
5 files changed, 125 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/pinot_tests.yml
b/.github/workflows/pinot_tests.yml
index 3740a3fce7..511fd604ec 100644
--- a/.github/workflows/pinot_tests.yml
+++ b/.github/workflows/pinot_tests.yml
@@ -56,6 +56,12 @@ jobs:
java-version: 11
distribution: 'temurin'
cache: 'maven'
+ - name: Install pinot-dependency-verifier into repo
+ run: |
+ mvn clean install \
+ -pl pinot-dependency-verifier \
+ -am \
+ -DskipTests
- name: Linter Test
env:
DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
diff --git a/.github/workflows/scripts/.pinot_linter.sh
b/.github/workflows/scripts/.pinot_linter.sh
index ef4ba7a5f3..76f75cec3f 100755
--- a/.github/workflows/scripts/.pinot_linter.sh
+++ b/.github/workflows/scripts/.pinot_linter.sh
@@ -30,4 +30,4 @@ mvn -B -ntp -T1C license:check || exit 1
mvn -B -ntp -T1C checkstyle:check || exit 1
mvn -B -ntp -T1C spotless:check || exit 1
mvn -B -ntp -T1C enforcer:enforce || exit 1
-
+mvn -B -ntp -T1C enforcer:enforce -Pdependency-verifier || exit 1
diff --git a/pinot-dependency-verifier/README.md
b/pinot-dependency-verifier/README.md
new file mode 100644
index 0000000000..3852101652
--- /dev/null
+++ b/pinot-dependency-verifier/README.md
@@ -0,0 +1,79 @@
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+-->
+
+# Pinot Dependency Verifier
+
+This module implements a custom Maven Enforcer plugin rule that validates
dependency declarations in the Apache Pinot
+project. It enforces internal
+[Dependency Management
Guidelines](https://docs.pinot.apache.org/developers/developers-and-contributors/dependency-management)
+by checking for hardcoded versions and misplaced dependencies.
+
+## Skipped Modules
+
+To avoid circular resolution and redundant checks, the enforcer rule is
skipped in these submodules:
+- pinot-plugins
+- pinot-connectors
+- pinot-integration-tests
+- pinot-tools
+- contrib
+- pinot-dependency-verifier
+
+That means when you run the full project build, those modules will be excluded
from dependency‐verifier validation.
+
+## Two-Phase Build Workflow
+
+Maven resolves plugin dependencies before building reactor modules. This means
it cannot build the verifier JAR and
+use it in the same build cycle. Therefore, any changes to the
`pinot-dependency-verifier` module must follow a
+two-phase process:
+
+### Phase 1 - Build & Install the Verifier Module
+
+From the repo root, build and install only `pinot-dependency-verifier` without
triggering verification.
+This ensures the artifact is available in the local Maven repository:
+
+```bash
+mvn clean install \
+ -pl pinot-dependency-verifier \
+ -am \
+ -DskipTests
+ ```
+
+### Phase 2 – Full Reactor Build + Dependency Verifier
+
+Run the full Pinot build with the Enforcer Plugin enabled to execute the
custom rule:
+
+```bash
+ mvn clean verify \
+ -Pbin-dist,dependency-verifier
+ -DskipTests
+ ``````
+
+## Running the Plugin
+
+To manually run the enforcer plugin without the customized rule:
+```bash
+mvn enforcer:enforce
+```
+
+To manually run it with the custom rule activated:
+```bash
+mvn enforcer:enforce -Pdependency-verifier
+```
\ No newline at end of file
diff --git
a/pinot-dependency-verifier/src/main/java/org/apache/pinot/verifier/PinotCustomDependencyVersionRule.java
b/pinot-dependency-verifier/src/main/java/org/apache/pinot/verifier/PinotCustomDependencyVersionRule.java
index da7d28b510..48c6ddac34 100644
---
a/pinot-dependency-verifier/src/main/java/org/apache/pinot/verifier/PinotCustomDependencyVersionRule.java
+++
b/pinot-dependency-verifier/src/main/java/org/apache/pinot/verifier/PinotCustomDependencyVersionRule.java
@@ -130,7 +130,8 @@ public class PinotCustomDependencyVersionRule implements
EnforcerRule {
for (Dependency d : deps) {
if (d.getVersion() != null) {
throw new EnforcerRuleException(
- String.format("Module '%s' declares version '%s' for dependency
%s:%s. "
+ String.format("Module '%s' declares version '%s' for dependency
%s:%s. Version tag is not allowed in a "
+ + "non-root POM unless the module is declared in
\"skipModules\". "
+ "Please refer to
https://docs.pinot.apache.org/developers/developers-and-contributors";
+ "/dependency-management for the best practice",
project.getArtifactId(), d.getVersion(), d.getGroupId(),
d.getArtifactId())
diff --git a/pom.xml b/pom.xml
index 3e8e8af866..1245f8c92f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -315,6 +315,43 @@
</properties>
<profiles>
+ <profile>
+ <id>dependency-verifier</id>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-enforcer-plugin</artifactId>
+ <extensions>true</extensions>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.pinot</groupId>
+ <artifactId>pinot-dependency-verifier</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ </dependencies>
+ <executions>
+ <execution>
+ <id>default-cli</id> <!-- magic id, used when calling
enforcer:enforce -->
+ <goals>
+ <goal>enforce</goal>
+ </goals>
+ <phase>validate</phase>
+ <configuration>
+ <rules>
+ <pinotCustomDependencyVersionRule
implementation="org.apache.pinot.verifier.PinotCustomDependencyVersionRule">
+
<skipModules>pinot-plugins,pinot-connectors,pinot-integration-tests,
+
pinot-tools,contrib,pinot-dependency-verifier</skipModules>
+ </pinotCustomDependencyVersionRule>
+ </rules>
+ <fail>true</fail>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
<profile>
<id>pinot-fastdev</id>
<!-- disable verifying plugins that can be easily fixed after a
successful implementation -->
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
