Skip to content

build: fix maven-enforcer config and enforce plugin versions#1867

Open
spannm wants to merge 2 commits into
datafaker-net:mainfrom
spannm:build/harden-maven-enforcer
Open

build: fix maven-enforcer config and enforce plugin versions#1867
spannm wants to merge 2 commits into
datafaker-net:mainfrom
spannm:build/harden-maven-enforcer

Conversation

@spannm

@spannm spannm commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Summary

According to Official Apache Maven documentation, Maven 3.8.x and earlier have reached End of Life (EOL) and new plugin releases will require Maven 3.9.0 or later.

This PR updates our build constraints accordingly, raises the minimum required Maven version to 3.9, and fixes a misconfiguration within the maven-enforcer-plugin.

Changes

  • Drop EOL Maven Support: Bumped minimum Maven version constraint from [3.6,) to [3.9,) within requireMavenVersion.
  • Fix Enforcer Configuration: Moved the requireMavenVersion rule inside the <rules> element to resolve the unknown parameter warning.
  • Enforce Plugin Versioning: Added the requirePluginVersions rule to guarantee reproducible builds by banning missing plugin versions, excluding common core plugins via unCheckedPluginList.

@codecov-commenter

codecov-commenter commented Jun 30, 2026

Copy link
Copy Markdown

⚠️ Please install the 'codecov app svg image' to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92.48%. Comparing base (bd917e9) to head (71dfb2c).
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files
@@             Coverage Diff              @@
##               main    #1867      +/-   ##
============================================
- Coverage     92.52%   92.48%   -0.05%     
+ Complexity     3563     3561       -2     
============================================
  Files           346      346              
  Lines          7050     7050              
  Branches        684      684              
============================================
- Hits           6523     6520       -3     
- Misses          365      366       +1     
- Partials        162      164       +2     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

- Move requireMavenVersion rule inside the <rules> block to fix warning
- Raise minimum required Maven version to 3.9
- Add requirePluginVersions rule to ensure reproducible builds
@kingthorin kingthorin force-pushed the build/harden-maven-enforcer branch from cfdd025 to d0c17c1 Compare June 30, 2026 22:19
@kingthorin

kingthorin commented Jul 1, 2026

Copy link
Copy Markdown
Collaborator

Should the project's maven wrapper be updated as well?

(I have no idea how that's handled, my primary projects use gradle)

Updated maven wrapper scripts and properties using the command:
./mvnw wrapper:wrapper
@spannm

spannm commented Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

Should the project's maven wrapper be updated as well?

Yes @kingthorin, I just updated the wrapper scripts and properties using ./mvnw wrapper:wrapper.
The Maven version itself in .mvn/wrapper/maven-wrapper.properties was already up-to-date, but the underlying wrapper infrastructure had updates available. I've pushed the changes in a separate commit.

@kingthorin kingthorin left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me

@asolntsev asolntsev added this to the 3.0.0 milestone Jul 3, 2026
@asolntsev asolntsev added enhancement New feature or request dependencies Pull requests that update a dependency file labels Jul 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file enhancement New feature or request

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants