From 78488535e0cfc37e26707c12d944ff8437b94fc4 Mon Sep 17 00:00:00 2001
From: Slawomir Jaranowski <s.jaranowski@gmail.com>
Date: Fri, 24 Mar 2023 22:03:35 +0100
Subject: [PATCH] [MENFORCER-276] Allow ignoring dependency scopes in
 RequireUpperBoundDeps

---
 .../dependency/RequireUpperBoundDeps.java     | 11 ++-
 .../src/site/apt/requireUpperBoundDeps.apt.vm | 17 ++++
 .../dependency/RequireUpperBoundDepsTest.java |  4 +
 ...container-default-1.0-alpha-9-stable-1.pom |  2 +-
 .../repository/menforcer138_utils-1.0.4.pom   |  4 +-
 .../invoker.properties                        | 18 ++++
 .../pom.xml                                   | 83 +++++++++++++++++++
 .../verify.groovy                             | 26 ++++++
 8 files changed, 159 insertions(+), 6 deletions(-)
 create mode 100644 maven-enforcer-plugin/src/it/projects/require-upper-bound-dependencies-scope-change/invoker.properties
 create mode 100644 maven-enforcer-plugin/src/it/projects/require-upper-bound-dependencies-scope-change/pom.xml
 create mode 100644 maven-enforcer-plugin/src/it/projects/require-upper-bound-dependencies-scope-change/verify.groovy

diff --git a/enforcer-rules/src/main/java/org/apache/maven/enforcer/rules/dependency/RequireUpperBoundDeps.java b/enforcer-rules/src/main/java/org/apache/maven/enforcer/rules/dependency/RequireUpperBoundDeps.java
index 8bc9a113..85abf2b2 100644
--- a/enforcer-rules/src/main/java/org/apache/maven/enforcer/rules/dependency/RequireUpperBoundDeps.java
+++ b/enforcer-rules/src/main/java/org/apache/maven/enforcer/rules/dependency/RequireUpperBoundDeps.java
@@ -73,6 +73,11 @@ public final class RequireUpperBoundDeps extends AbstractStandardEnforcerRule {
      */
     private List<String> includes = null;
 
+    /**
+     * Scope to exclude.
+     */
+    private List<String> excludedScopes = Arrays.asList(SCOPE_TEST, SCOPE_PROVIDED);
+
     private RequireUpperBoundDepsVisitor upperBoundDepsVisitor;
 
     private final ResolverUtil resolverUtil;
@@ -101,14 +106,14 @@ public void setIncludes(List<String> includes) {
 
     @Override
     public void execute() throws EnforcerRuleException {
-        DependencyNode node =
-                resolverUtil.resolveTransitiveDependenciesVerbose(Arrays.asList(SCOPE_TEST, SCOPE_PROVIDED));
+        DependencyNode node = resolverUtil.resolveTransitiveDependenciesVerbose(excludedScopes);
         upperBoundDepsVisitor = new RequireUpperBoundDepsVisitor()
                 .setUniqueVersions(uniqueVersions)
                 .setIncludes(includes);
+        getLog().debug(() -> resolverUtil.dumpTree(node));
         node.accept(upperBoundDepsVisitor);
         List<String> errorMessages = buildErrorMessages(upperBoundDepsVisitor.getConflicts());
-        if (errorMessages.size() > 0) {
+        if (!errorMessages.isEmpty()) {
             throw new EnforcerRuleException(
                     "Failed while enforcing RequireUpperBoundDeps. The error(s) are " + errorMessages);
         }
diff --git a/enforcer-rules/src/site/apt/requireUpperBoundDeps.apt.vm b/enforcer-rules/src/site/apt/requireUpperBoundDeps.apt.vm
index cf53856f..802bdfe1 100644
--- a/enforcer-rules/src/site/apt/requireUpperBoundDeps.apt.vm
+++ b/enforcer-rules/src/site/apt/requireUpperBoundDeps.apt.vm
@@ -29,6 +29,18 @@
   information about Maven dependency resolution, see 
   {{{http://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html}the Maven site}}.
 
+  The following parameters are supported by this rule:
+
+  * <<uniqueVersions>> - if SNAPSHOTs should be compared by their timestamped version or not. Default: <<<false>>>
+
+  * <<excludes>> - specify the dependencies that will be ignored. The format is <<<groupId[:artifactId]>>>
+
+  * <<includes>> - specify the dependencies that will be checked. If not empty only these will be checked. The format is <<<groupId[:artifactId]>>>
+
+  * <<excludedScopes>> - a list of dependency scope which will be excluded. Default: <<<test>>>, <<<provided>>>
+
+  []
+
   Here is a concrete example. This will cause a build to fail:
   
 -----------------------------------------------------------------------------------
@@ -114,6 +126,11 @@ and
                     <include>com.google.guava:guava</include>
                   </includes>
                   -->
+                  <!-- only artifacts with provided scope will be excluded
+                  <excludedScopes>
+                    <excludedScope>provided</excludedScopes>
+                  </excludedScopes>
+                  -->
                 </requireUpperBoundDeps>
               </rules>
             </configuration>
diff --git a/enforcer-rules/src/test/java/org/apache/maven/enforcer/rules/dependency/RequireUpperBoundDepsTest.java b/enforcer-rules/src/test/java/org/apache/maven/enforcer/rules/dependency/RequireUpperBoundDepsTest.java
index a4aa4744..a6d5f2c0 100644
--- a/enforcer-rules/src/test/java/org/apache/maven/enforcer/rules/dependency/RequireUpperBoundDepsTest.java
+++ b/enforcer-rules/src/test/java/org/apache/maven/enforcer/rules/dependency/RequireUpperBoundDepsTest.java
@@ -18,6 +18,7 @@
  */
 package org.apache.maven.enforcer.rules.dependency;
 
+import org.apache.maven.enforcer.rule.api.EnforcerLogger;
 import org.apache.maven.enforcer.rule.api.EnforcerRuleException;
 import org.apache.maven.enforcer.rules.utils.DependencyNodeBuilder;
 import org.junit.jupiter.api.Test;
@@ -28,6 +29,7 @@
 
 import static org.assertj.core.api.Assertions.assertThatCode;
 import static org.mockito.ArgumentMatchers.anyList;
+import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 
 @ExtendWith(MockitoExtension.class)
@@ -42,6 +44,8 @@ class RequireUpperBoundDepsTest {
     @Test
     void testRule() throws Exception {
 
+        rule.setLog(mock(EnforcerLogger.class));
+
         when(resolverUtil.resolveTransitiveDependenciesVerbose(anyList()))
                 .thenReturn(new DependencyNodeBuilder()
                         .withType(DependencyNodeBuilder.Type.POM)
diff --git a/maven-enforcer-plugin/src/it/mrm/repository/menforcer138_container-default-1.0-alpha-9-stable-1.pom b/maven-enforcer-plugin/src/it/mrm/repository/menforcer138_container-default-1.0-alpha-9-stable-1.pom
index de898f99..69121011 100644
--- a/maven-enforcer-plugin/src/it/mrm/repository/menforcer138_container-default-1.0-alpha-9-stable-1.pom
+++ b/maven-enforcer-plugin/src/it/mrm/repository/menforcer138_container-default-1.0-alpha-9-stable-1.pom
@@ -27,7 +27,7 @@
   <dependencies>
     <dependency>
       <groupId>org.apache.maven.plugins.enforcer.its</groupId>
-      <artifactId>menforcer1308_utils</artifactId>
+      <artifactId>menforcer138_utils</artifactId>
       <version>1.0.4</version>
     </dependency>
     <dependency>
diff --git a/maven-enforcer-plugin/src/it/mrm/repository/menforcer138_utils-1.0.4.pom b/maven-enforcer-plugin/src/it/mrm/repository/menforcer138_utils-1.0.4.pom
index 44a20975..f0c89e04 100644
--- a/maven-enforcer-plugin/src/it/mrm/repository/menforcer138_utils-1.0.4.pom
+++ b/maven-enforcer-plugin/src/it/mrm/repository/menforcer138_utils-1.0.4.pom
@@ -21,6 +21,6 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
   <modelVersion>4.0.0</modelVersion>
   <groupId>org.apache.maven.plugins.enforcer.its</groupId>
-  <artifactId>menforcer1308_utils</artifactId>
+  <artifactId>menforcer138_utils</artifactId>
   <version>1.0.4</version>
-</project>
\ No newline at end of file
+</project>
diff --git a/maven-enforcer-plugin/src/it/projects/require-upper-bound-dependencies-scope-change/invoker.properties b/maven-enforcer-plugin/src/it/projects/require-upper-bound-dependencies-scope-change/invoker.properties
new file mode 100644
index 00000000..66b78c06
--- /dev/null
+++ b/maven-enforcer-plugin/src/it/projects/require-upper-bound-dependencies-scope-change/invoker.properties
@@ -0,0 +1,18 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#  http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+invoker.buildResult=failure
diff --git a/maven-enforcer-plugin/src/it/projects/require-upper-bound-dependencies-scope-change/pom.xml b/maven-enforcer-plugin/src/it/projects/require-upper-bound-dependencies-scope-change/pom.xml
new file mode 100644
index 00000000..08b385f4
--- /dev/null
+++ b/maven-enforcer-plugin/src/it/projects/require-upper-bound-dependencies-scope-change/pom.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  * Licensed to the Apache Software Foundation (ASF) under one
+  * or more contributor license agreements.  See the NOTICE file
+  * distributed with this work for additional information
+  * regarding copyright ownership.  The ASF licenses this file
+  * to you under the Apache License, Version 2.0 (the
+  * "License"); you may not use this file except in compliance
+  * with the License.  You may obtain a copy of the License at
+  *
+  * http://www.apache.org/licenses/LICENSE-2.0
+  *
+  * Unless required by applicable law or agreed to in writing,
+  * software distributed under the License is distributed on an
+  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  * KIND, either express or implied.  See the License for the
+  * specific language governing permissions and limitations
+  * under the License. 
+  *
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>org.apache.maven.enforcer.its</groupId>
+  <artifactId>require-upper-bound-dependencies-scope-change</artifactId>
+  <version>1.0-SNAPSHOT</version>
+
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-enforcer-plugin</artifactId>
+        <version>@project.version@</version>
+        <executions>
+          <execution>
+            <id>enforce</id>
+            <goals>
+              <goal>enforce</goal>
+            </goals>
+            <configuration>
+              <rules>
+                <requireUpperBoundDeps>
+                  <excludedScopes>
+                    <!-- only test scope is excluded -->
+                    <scope>test</scope>
+                  </excludedScopes>
+                </requireUpperBoundDeps>
+              </rules>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
+    </plugins>
+  </build>
+
+  <dependencies>
+    <dependency>
+      <groupId>org.apache.maven.plugins.enforcer.its</groupId>
+      <artifactId>menforcer128_api</artifactId>
+      <version>1.4.0</version>
+      <scope>provided</scope>
+    </dependency>
+
+    <dependency>
+      <groupId>org.apache.maven.plugins.enforcer.its</groupId>
+      <artifactId>menforcer466_requires_api150</artifactId>
+      <version>1.0</version>
+    </dependency>
+
+    <dependency>
+      <groupId>org.apache.maven.plugins.enforcer.its</groupId>
+      <artifactId>menforcer138_utils</artifactId>
+      <version>1.0.4</version>
+      <scope>test</scope>
+    </dependency>
+
+    <dependency>
+      <groupId>org.apache.maven.plugins.enforcer.its</groupId>
+      <artifactId>menforcer466_requires_utils30</artifactId>
+      <version>1.0</version>
+    </dependency>
+
+  </dependencies>
+</project>
diff --git a/maven-enforcer-plugin/src/it/projects/require-upper-bound-dependencies-scope-change/verify.groovy b/maven-enforcer-plugin/src/it/projects/require-upper-bound-dependencies-scope-change/verify.groovy
new file mode 100644
index 00000000..0df5839d
--- /dev/null
+++ b/maven-enforcer-plugin/src/it/projects/require-upper-bound-dependencies-scope-change/verify.groovy
@@ -0,0 +1,26 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+def buildLog = new File( basedir, 'build.log' ).text
+
+assert buildLog.contains( 'Rule 0: org.apache.maven.enforcer.rules.dependency.RequireUpperBoundDeps failed with message:' )
+
+assert buildLog.contains('[ERROR] Require upper bound dependencies error for org.apache.maven.plugins.enforcer.its:menforcer128_api:1.4.0 [provided] paths to dependency are:')
+
+assert !buildLog.contains('[ERROR] Require upper bound dependencies error for org.apache.maven.plugins.enforcer.its:menforcer138_utils:1.0.4')