Add validation for mixins in consumer POM without flattening (fixes #11456) (#11463)

Maven now fails with a clear error message when a POM contains mixins
but consumer POM flattening is disabled. Mixins require model version 4.2.0
and cannot be part of the consumer POM, so they must be removed during
transformation through flattening.

Changes:
- Added validation in DefaultConsumerPomBuilder to check for mixins when
  flattening is disabled and throw MavenException with helpful message
- Added integration test MavenITgh11456MixinsConsumerPomTest with three scenarios

The error message guides users to either enable flattening by setting
maven.consumer.pom.flatten=true, using preserve.model.version=true, or remove mixins from their POM.

Fixes #11456

Author: gnodet

impl/maven-core/src/main/java/org/apache/maven/internal/transformation/impl/DefaultConsumerPomBuilder.java

@@ -40,6 +40,7 @@
 import org.apache.maven.api.model.Profile;
 import org.apache.maven.api.model.Repository;
 import org.apache.maven.api.model.Scm;
+import org.apache.maven.api.services.MavenException;
 import org.apache.maven.api.services.ModelBuilder;
 import org.apache.maven.api.services.ModelBuilderException;
 import org.apache.maven.api.services.ModelBuilderRequest;
@@ -53,6 +54,45 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+/**
+ * Builds consumer POMs from project models, transforming them into a format suitable for downstream consumers.
+ * <p>
+ * A consumer POM is a simplified version of a project's POM that is published for consumption by other projects.
+ * It removes build-specific information and internal details while preserving essential information like
+ * dependencies, repositories, and distribution management.
+ * <p>
+ * This builder applies two orthogonal transformations:
+ * <ul>
+ *   <li><b>Dependency Flattening</b>: When enabled via {@code maven.consumer.pom.flatten=true}, dependency management
+ *       is flattened into direct dependencies for non-POM projects, and mixins are removed.</li>
+ *   <li><b>Model Version Handling</b>: When {@code preserve.model.version=true} is set, the consumer POM
+ *       maintains the original model version (4.2.0) instead of downgrading to 4.0.0 for Maven 3 compatibility.
+ *       This allows modern features like mixins to be preserved in the consumer POM.</li>
+ * </ul>
+ * <p>
+ * <b>Mixin Handling</b>: Mixins are only supported in model version 4.2.0 or later. If a POM contains mixins:
+ * <ul>
+ *   <li>Setting {@code preserve.model.version=true} preserves them in the consumer POM with model version 4.2.0</li>
+ *   <li>Setting {@code maven.consumer.pom.flatten=true} removes them during transformation</li>
+ *   <li>Otherwise, an exception is thrown requiring one of the above options or manual mixin removal</li>
+ * </ul>
+ * <p>
+ * <b>Dependency Filtering</b>: For non-POM projects with dependency management, the builder:
+ * <ul>
+ *   <li>Filters dependencies to include only those with transitive scopes (compile/runtime)</li>
+ *   <li>Applies managed dependency metadata (version, scope, optional flag, exclusions) to direct dependencies</li>
+ *   <li>Removes managed dependencies that are not used by direct dependencies</li>
+ *   <li>Retains only managed dependencies that appear in the resolved dependency tree</li>
+ * </ul>
+ * <p>
+ * <b>Repository and Profile Pruning</b>: The consumer POM removal strategy:
+ * <ul>
+ *   <li>Removes the central repository (only non-central repositories are kept)</li>
+ *   <li>Removes build, mailing lists, issue management, and other build-specific information</li>
+ *   <li>Removes profiles that have no activation, build, dependencies, or properties</li>
+ *   <li>Preserves relocation information in distribution management</li>
+ * </ul>
+ */
 @Named
 class DefaultConsumerPomBuilder implements PomBuilder {
     private static final String BOM_PACKAGING = "bom";
@@ -80,6 +120,20 @@ public Model build(RepositorySystemSession session, MavenProject project, ModelS
         // Check if this is a BOM (original packaging is "bom")
         boolean isBom = BOM_PACKAGING.equals(originalPackaging);
 
+        // Check if mixins are present without flattening enabled
+        if (!model.getMixins().isEmpty() && !flattenEnabled && !model.isPreserveModelVersion()) {
+            throw new MavenException("The consumer POM for "
+                    + project.getId()
+                    + " cannot be created because the POM contains mixins. "
+                    + "Mixins are not supported in the default consumer POM format. "
+                    + "You have the following options to resolve this:" + System.lineSeparator()
+                    + "  1. Preserve the model version by setting 'preserve.model.version=true' to generate a consumer POM with <modelVersion>4.2.0</modelVersion>, which supports mixins"
+                    + System.lineSeparator()
+                    + "  2. Enable flattening by setting the property 'maven.consumer.pom.flatten=true' to remove mixins during transformation"
+                    + System.lineSeparator()
+                    + "  3. Remove the mixins from your POM");
+        }
+
         // Check if consumer POM flattening is disabled
         if (!flattenEnabled) {
             // When flattening is disabled, treat non-POM projects like parent POMs

its/core-it-suite/src/test/java/org/apache/maven/it/MavenITgh11456MixinsConsumerPomTest.java

@@ -0,0 +1,125 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.maven.it;
+
+import java.io.Reader;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+
+import org.apache.maven.api.model.Model;
+import org.apache.maven.model.v4.MavenStaxReader;
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+/**
+ * This is a test set for <a href="https://github.com/apache/maven/issues/11456">GH-11456</a>.
+ * @since 4.1.0
+ */
+class MavenITgh11456MixinsConsumerPomTest extends AbstractMavenIntegrationTestCase {
+
+    /**
+     * Verify that Maven fails when a POM has non-empty mixins without flattening being enabled.
+     */
+    @Test
+    void testMixinsWithoutFlattening() throws Exception {
+        Path basedir = extractResources("/gh-11456-mixins-consumer-pom/non-flattened").toPath();
+
+        Verifier verifier = newVerifier(basedir.toString());
+        verifier.addCliArgument("-Dmaven.repo.local=" + basedir.resolve("repo"));
+        verifier.addCliArgument("package");
+        try {
+            verifier.execute();
+        } catch (VerificationException e) {
+            // Expected to fail due to mixins without flattening
+        }
+
+        verifier.verifyTextInLog("cannot be created because the POM contains mixins");
+        verifier.verifyTextInLog("maven.consumer.pom.flatten=true");
+    }
+
+    /**
+     * Verify that Maven succeeds when mixins are used with flattening enabled.
+     */
+    @Test
+    void testMixinsWithFlattening() throws Exception {
+        Path basedir = extractResources("/gh-11456-mixins-consumer-pom/flattened").toPath();
+
+        Verifier verifier = newVerifier(basedir.toString());
+        verifier.addCliArgument("-Dmaven.repo.local=" + basedir.resolve("repo").toString());
+        verifier.addCliArgument("package");
+        verifier.execute();
+        verifier.verifyErrorFreeLog();
+
+        // Verify consumer POM was created
+        Path consumerPom = basedir.resolve(Paths.get(
+                "target",
+                "project-local-repo",
+                "org.apache.maven.its.gh11456",
+                "flattened",
+                "1.0",
+                "flattened-1.0-consumer.pom"));
+        assertTrue(Files.exists(consumerPom), "consumer pom not found at " + consumerPom);
+
+        // Verify mixins are removed from consumer POM
+        Model consumerPomModel;
+        try (Reader r = Files.newBufferedReader(consumerPom)) {
+            consumerPomModel = new MavenStaxReader().read(r);
+        }
+        assertTrue(
+                consumerPomModel.getMixins().isEmpty(),
+                "Mixins should be removed from consumer POM when flattening is enabled");
+    }
+
+    /**
+     * Verify that Maven succeeds when mixins are used with flattening enabled.
+     */
+    @Test
+    void testMixinsWithPreserveModelVersion() throws Exception {
+        Path basedir = extractResources("/gh-11456-mixins-consumer-pom/preserve-model-version").toPath();
+
+        Verifier verifier = newVerifier(basedir.toString());
+        verifier.addCliArgument("-Dmaven.repo.local=" + basedir.resolve("repo").toString());
+        verifier.addCliArgument("package");
+        verifier.execute();
+        verifier.verifyErrorFreeLog();
+
+        // Verify consumer POM was created
+        Path consumerPom = basedir.resolve(Paths.get(
+                "target",
+                "project-local-repo",
+                "org.apache.maven.its.gh11456",
+                "preserve-model-version",
+                "1.0",
+                "preserve-model-version-1.0-consumer.pom"));
+        assertTrue(Files.exists(consumerPom), "consumer pom not found at " + consumerPom);
+
+        // Verify mixins are removed from consumer POM
+        Model consumerPomModel;
+        try (Reader r = Files.newBufferedReader(consumerPom)) {
+            consumerPomModel = new MavenStaxReader().read(r);
+        }
+        assertFalse(
+                consumerPomModel.getMixins().isEmpty(),
+                "Mixins should be kept in consumer POM when preserveModelVersion is enabled");
+    }
+}
+

its/core-it-suite/src/test/java/org/apache/maven/it/MavenITmng5102MixinsTest.java

@@ -90,7 +90,7 @@ public void testWithGav() throws Exception {
         verifier = newVerifier(new File(testDir, "project").getAbsolutePath());
         verifier.setAutoclean(false);
         verifier.deleteDirectory("target");
-        verifier.addCliArgument("install");
+        verifier.addCliArguments("install", "-Dmaven.consumer.pom.flatten");
         verifier.execute();
         verifier.verifyErrorFreeLog();
 
@@ -126,7 +126,7 @@ public void testWithClassifier() throws Exception {
         verifier = newVerifier(new File(testDir, "project").getAbsolutePath());
         verifier.setAutoclean(false);
         verifier.deleteDirectory("target");
-        verifier.addCliArgument("install");
+        verifier.addCliArguments("install", "-Dmaven.consumer.pom.flatten");
         verifier.execute();
         verifier.verifyErrorFreeLog();
 

its/core-it-suite/src/test/resources/gh-11456-mixins-consumer-pom/flattened/.mvn/.gitkeep

@@ -0,0 +1 @@
+maven.consumer.pom.flatten=true

its/core-it-suite/src/test/resources/gh-11456-mixins-consumer-pom/flattened/.mvn/maven-user.properties

@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" root="true" xsi:schemaLocation="http://maven.apache.org/POM/4.2.0 http://maven.apache.org/xsd/maven-4.2.0.xsd">
+  <modelVersion>4.2.0</modelVersion>
+  <groupId>org.apache.maven.its.gh11456</groupId>
+  <artifactId>flattened</artifactId>
+  <version>1.0</version>
+  <packaging>jar</packaging>
+
+  <name>Maven Integration Test :: GH-11456 :: Mixins with Consumer POM Flattened</name>
+  <description>Test that Maven succeeds when mixins are used with flattening enabled.</description>
+
+  <mixins>
+    <mixin>
+      <groupId>org.apache.maven.its.gh11456</groupId>
+      <artifactId>test-mixin-flattened</artifactId>
+      <version>1.0</version>
+    </mixin>
+  </mixins>
+</project>
+

its/core-it-suite/src/test/resources/gh-11456-mixins-consumer-pom/flattened/pom.xml

@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.2.0">
+  <modelVersion>4.2.0</modelVersion>
+  <groupId>org.apache.maven.its.gh11456</groupId>
+  <artifactId>test-mixin-flattened</artifactId>
+  <version>1.0</version>
+  <packaging>pom</packaging>
+
+  <properties>
+    <test.property>from-mixin-flattened</test.property>
+  </properties>
+</project>
+

its/core-it-suite/src/test/resources/gh-11456-mixins-consumer-pom/flattened/repo/org/apache/maven/its/gh11456/test-mixin-flattened/1.0/test-mixin-flattened-1.0.pom

@@ -0,0 +1,20 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+public class Test {}
+

its/core-it-suite/src/test/resources/gh-11456-mixins-consumer-pom/flattened/src/main/java/Test.java

@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" root="true" xsi:schemaLocation="http://maven.apache.org/POM/4.2.0 http://maven.apache.org/xsd/maven-4.2.0.xsd">
+  <modelVersion>4.2.0</modelVersion>
+  <groupId>org.apache.maven.its.gh11456</groupId>
+  <artifactId>non-flattened</artifactId>
+  <version>1.0</version>
+  <packaging>jar</packaging>
+
+  <name>Maven Integration Test :: GH-11456 :: Mixins with Consumer POM</name>
+  <description>Test that Maven fails when mixins are used without flattening enabled.</description>
+
+  <mixins>
+    <mixin>
+      <groupId>org.apache.maven.its.gh11456</groupId>
+      <artifactId>test-mixin</artifactId>
+      <version>1.0</version>
+    </mixin>
+  </mixins>
+</project>
+