Maven Enforcer Plugin

Overview
Maven is build automation tool primarily used for java projects. Maven helps in build, documentation, dependency management, distribution etc., Maven has multiple plug-ins out of which enforcer plug-in is one where certain rules can be enforced which can cause the build to fail if those rules are not met. The enforcer plug-in helps in having standardized and reproducible build across different project environments. This plugin is termed as “Maven Enforcer Plugin – The Loving Iron Fist of Maven”

My Use cases:
We are working on restructuring on our project setup to make it more standardized and reproducible. During this process we have two typical issues:

  • We want to restrict some dependencies on few of the modules
  • We also want to ensure that multiple versions of same jars or not imported, basically we want to ensure dependency convergence

Maven Enforcer Plugin
Maven Enforcer provides rules to enforce banned dependencies and dependency convergence. It also provides additional standard rules from perspective of Maven, Java versions and others, detailed rules can be found here.

Dependecy Convergence
This rule ensures that dependency version numbers converge. If a project has two dependencies A and B which are dependent on C, if the version of C that A is dependent is different than the version B is dependent then this rule will make the build fail.

Banned Dependencies
Some of the projects will have restriction not to depend on internal projects to ensure those are mutually exclusive during run time. There can also be restriction not to depend on snapshot versions and specific releases. These kind of restrictions can be implemented via enforcer plugin rules

Implementing Banned dependencies and Dependency Convergence

The below code snippet provides the following features:

  • All the maven modules which are inherited to parent will have Banned Dependencies and Dependency Convergence rules implemented.
  • The mentioned artifacts under excludes will be banned in the build process, the regex can also be included under excludes.
  • The artifact mentioned under includes tag will be allowed as an exception to excluded artifacts.
  • The current enforce rule execution is executed during validate phase which is the first phase under maven life cycle execution.
  • As per current rule configuration, the build will fail if any of the child projects has banned dependencies or dependency convergence issues. The fail tag can be set to false, so that violations will only be logged as Warnings allowing build to be successful.
  • By default the enforce rule-Banned Dependency will also be implemented for transitive dependencies, which can be disabled by inclusion of searchTransitive as false.
<project>
 <groupId>com.siva.mavensetup.multi</groupId>
  <artifactId>project-root</artifactId>
   <version>1.0</version>
   <packaging>pom</packaging>
  [...]
  <build>
    <plugins>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-enforcer-plugin</artifactId>
        <version>1.4.1</version>
        <executions>
          <execution>
            <id>enforce-my-rules</id>
            <phase>validate</phase>
            <goals>
              <goal>enforce</goal>
            </goals>
            <configuration>
              <rules>
     <!-- Configuration for banned dependencies -->
                <bannedDependencies>
                  <excludes>
                    <exclude>org.apache.maven</exclude>
                    <exclude>*:badArtifact</exclude>
                  </excludes>
                  <includes>
                    <!--only 1.0 of badArtifact is allowed-->
                    <include>org.apache.maven:badArtifact:1.0</include>
                  </includes>
                </bannedDependencies>
       <!-- Configuration for dependency convergence -->
                <dependencyConvergence/>
              </rules>
              <fail>true</fail>
            </configuration>
          </execution>
        </executions>
      </plugin>
    </plugins>
  </build>
  [...]
</project>

Disable Maven Enforcer Rules On Specific Child Projects
The enforcer rules implemented on parent will be applied on the child projects. In case of scenario where specific child project need to be exempted from enforcer rules, enforcer-plugin need to be overridden mapping to none of the life cycle phases. Find below the code snippet

<project>
[...]
<parent>
  <groupId>com.siva.mavensetup.multi</groupId>
  <artifactId>project-root</artifactId>
  <version>1.0</version>
</parent>
 
<build>
   <plugins>
     <!-- -->
      <plugin>
        <artifactId>maven-enforcer-plugin</artifactId>
        <executions>
          <execution>
            <id>enforce-my-rules</id>
            <phase>none</phase>
          </execution>
        </executions>
      </plugin>
   </plugins>
</build>
 [...]
</project>