[HAP-639] Possible to release Maven project with snapshot dependencies when versions are defined as properties Created: 25/Sep/15  Updated: 14/Nov/17  Resolved: 08/Jun/16

Status: Resolved
Project: Jenkins Artifactory Plug-in
Component/s: Release Management
Affects Version/s: 2.3.1
Fix Version/s: 2.5.0

Type: Bug Priority: Blocker
Reporter: Christoffer Kylvåg Assignee: Tamir Hadad
Resolution: Fixed Votes: 2
Labels: jenkins, maven3, release
Environment:

N/A


Issue Links:
Dependency
depends on MAP-61 Possible to release Maven project wit... Open

 Description   

Code snippet below seem to contain the faulty code:

PomTransformer.java
private void verifyNonSnapshotVersion(ModuleName moduleName, Element element, Namespace ns) {
        if (!failOnSnapshot) {
            return;
        }
        Element versionElement = element.getChild("version", ns);
        if (versionElement != null) {
            String currentVersion = versionElement.getText();
            if (currentVersion.endsWith("-SNAPSHOT")) {
                throw new SnapshotNotAllowedException(String.format("Snapshot detected in file '%s': %s:%s",
                        pomFile.getAbsolutePath(), moduleName, currentVersion));
            }
        }
    }

The code only checks the versions tag for text that ends with "-SNAPSHOT". If the pom looks like this:

...
<properties>
  <dependency.version>1.0.0-SNAPSHOT</dependency.version>
</properties>
...
<dependencies>
  <dependency>
    <artifactId>lib</artifactId>
    <groupId>com.example</groupId>
    <version>${dependency.version}</version>
  </dependency>
</dependencies>

The code will not find "-SNAPSHOT" in the version-tag text and will therefore let the release go through.

Expected result: Code should when finding a reference to a property in the versions tag look for properties defined either in this pom or a parent pom and also check those for snapshot references.


Generated at Sun Oct 20 06:03:45 UTC 2019 using JIRA 7.6.16#76018-sha1:9ed376192612a49536ac834c64177a0fed6290f5.