[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [aether-users] filtering artifacts
|
This mostly works, but these filter&transform callbacks do not have
access to artifact contents and can't be used to do content-based
filtering, like sha1 validation, as far as I can tell. I can
post-process resolution results to remove unwanted artifacts, but I see
no way to evaluate pom.xml contents, short of providing custom
ArtifactResolver implementation (which javadoc explicitly says I should
not do).
Another problem, but maybe it's specific to Maven aether provider,
relocation pom.xml are not present in the dependency tree and I see no
way to decide if they should be allowed or not (or evaluate their
contents, for that matter).
I think both these problems can be solved by filtering artifacts in
ArtifactResolver, but I don't see a way to do this. Is the an API I
overlook? If there isn't, do you think it makes sense to add such API?
Somewhat related. Can you explain the reason why some filter/transform
callbacks are at system session level, while other, DependencyFilter in
particular, are at request level?
--
Regards,
Igor
On 2014-09-26, 15:53, Benjamin Bentmann wrote:
Igor Fedorenko wrote:
Unlike maven dependency <excludes> I need suppressed dependencies to be
treated as missing and result in collection (or resolution?) failure, as
if these dependencies were not available from any enabled repository,
local or remote. I also need to report dependency trail that led to the
suppressed dependency, so I can go and fix the poms.
AFAIU, there's nothing there neatly fits your use case.
If you need to report a failure instead of silent suppression, only
thing that comes to mind is using a DependencyGraphTransformer instead
of the DependencySelector, walk the graph (before or after conflict
resolution depending on your exact needs) and have the graph transformer
throw a RepositoryException (similar to the way ConflictResolver can
throw UnsolvableVersionConflictException).
I assume you will still need the VersionFilter to trim version ranges to
not bail when alternative versions are still available.
Further, you might want a DependencyTraverser that blocks child
dependencies (and POM retrieval for them) for blocked artifacts to
optimize network access.
Benjamin
_______________________________________________
aether-users mailing list
aether-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe
from this list, visit
https://dev.eclipse.org/mailman/listinfo/aether-users
