Uploaded image for project: 'Jenkins Artifactory Plug-in'
  1. Jenkins Artifactory Plug-in
  2. HAP-639

Possible to release Maven project with snapshot dependencies when versions are defined as properties

    Details

      Description

      Code snippet below seem to contain the faulty code:

      PomTransformer.java
      private void verifyNonSnapshotVersion(ModuleName moduleName, Element element, Namespace ns) {
              if (!failOnSnapshot) {
                  return;
              }
              Element versionElement = element.getChild("version", ns);
              if (versionElement != null) {
                  String currentVersion = versionElement.getText();
                  if (currentVersion.endsWith("-SNAPSHOT")) {
                      throw new SnapshotNotAllowedException(String.format("Snapshot detected in file '%s': %s:%s",
                              pomFile.getAbsolutePath(), moduleName, currentVersion));
                  }
              }
          }
      

      The code only checks the versions tag for text that ends with "-SNAPSHOT". If the pom looks like this:

      ...
      <properties>
        <dependency.version>1.0.0-SNAPSHOT</dependency.version>
      </properties>
      ...
      <dependencies>
        <dependency>
          <artifactId>lib</artifactId>
          <groupId>com.example</groupId>
          <version>${dependency.version}</version>
        </dependency>
      </dependencies>
      

      The code will not find "-SNAPSHOT" in the version-tag text and will therefore let the release go through.

      Expected result: Code should when finding a reference to a property in the versions tag look for properties defined either in this pom or a parent pom and also check those for snapshot references.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                tamirh Tamir Hadad
                Reporter:
                christoffer.kylvag Christoffer Kylvåg
              • Votes:
                2 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: