Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add enforcer rule for jdk version used in dependencies #251

Open
wants to merge 3 commits into
base: main
Choose a base branch
from

Conversation

the-other-tim-brown
Copy link
Contributor

What is the purpose of the pull request

Prevents runtime issues where we depend on a dependency that requires a newer version of java to run.

Brief change log

  • Add enforcer rule
  • Update some execution phases so rules do not slow down compile time and style check runs in test instead of integration-test phase for quicker feedback

Verify this pull request

This pull request is a trivial rework / code cleanup without any test coverage.

<!-- Ensure no dependencies are using incompatible versions of java -->
<enforceBytecodeVersion>
<maxJdkVersion>${java.version}</maxJdkVersion>
<ignoredScopes>test</ignoredScopes>
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know how frequent such a usecase is but i'm tempted to put <strict>true</strict> as well here. By default it's set to false and could lead to issues? Thoughts?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll try it out. It is better to be as "strict" as possible for now :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This causing lots of breakages: jackson, lombok, log4j all trigger the enforcer rule now

@ksumit
Copy link

ksumit commented Jul 25, 2024

@the-other-tim-brown should we revive this PR? I used this idea on one of my projects, thanks for exploring these options.

BTW, we can add more specific enforcements to fail the build if lets say they try to build with jdk8. Here are few rules that I'm using at compile phase itself and found them useful:

<bannedDependencies>
    <excludes>
        <exclude>org.slf4j:slf4j-log4j12</exclude>
        <exclude>log4j:log4j</exclude>
    </excludes>
</bannedDependencies>
<dependencyConvergence/>
<requireJavaVersion>
    <version>[${source.java.version},)</version>
    <message>
        At least JDK ${source.java.version} is required to build this project.
    </message>
</requireJavaVersion>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants