Pom customization has unwanted side-effect of reversing bom import ordering

[rupertwaldron]

We found an issue at work whereby we were importing several boms in order and creating two jars, one for code and one for libraries. Our jenkins pipeline then publishes the artifacts but the task still builds the library jar (our pipeline doesn't expect two jars). We noticed that this jar had different library version to the one that we created earlier in the pipeline.

So after a day or so of debugging we found that if we publish a Pom then the ordering of the imports is reversed so we get different versions. This is caused by Collections.reverse(importedBoms) in StandardPomDependencyManagementConfigurer which reverses the original list so dependencies end up in the reverse order. I just fixed this by taking a copy of the original list. Test added to.

[pivotal-cla]

@rupertwaldron Please sign the Contributor License Agreement!

Click here to manually synchronize the status of this Pull Request.

See the FAQ for frequently asked questions.

[pivotal-cla]

@rupertwaldron Thank you for signing the Contributor License Agreement!

[wilkinsona]

@rupertwaldron Many thanks for making your first contribution to the dependency management plugin.

[artemptushkin]

@rupertwaldron This changed something, I get a new random error now about the missing dependency. I hope it just highlights an issue. But the changes are very much correct

[Shawyeok]

@rupertwaldron
Nice catch!

@wilkinsona
Is this patch going to pick to 1.0.x?

[wilkinsona]

No more 1.0.x releases are planned. 1.1.x should be a drop-in replacement so please upgrade if you can.