Support for exclusions file

[commodis]

It is currently supported to set signature files that allow externalizing the linting configuration. But this is not possible with exclusions. Using containers with maven is considered best to cache the dependency container layer with the pom.xml.

FROM maven

COPY pom.xml pom.xml

# cache maven dependencies required for your goal - here 'package'
RUN mvn --strict-checksums package

COPY . .

This allows running a prebaked container image "without" requiring an internet connection for dependencies.

docker run -it $(docker build  -q .) package

The need to modify the pom.xml just to add an exclusion would break the dependency caching.

I could imagine a configuration option that would match the currently used naming like this

<configuration>
    <excludesFiles>
        <excludesFile>excludes.txt</excludesFile>
    </excludesFiles>
</configuration>

[uschindler]

Could you give any other plugin that has exclusions in files? This is not something easy to implement unless Maven has direct support for this.

The current exclusions are a standard Maven feature for plugins.

In addition like in Gradle, if a setting in a pom.xml changes the execution has to be repeated.

If you see a problem with this, please open a bug report in Maven. I don't understand what you intend to do.

[commodis]

Checkstyle [1][2] for example allows this. They allow a XML configuration for example config.xml with a layout like this

<module>
    ...
    <module name="SuppressionFilter">
        <property name="file" value="suppressions.xml"/>
    </module>
</module>

with suppressions.xml looking like this

<suppressions>
    <suppress files="SuppressedJavaFile.java" checks="SuppressedCheckId" />
</suppressions>

A re-execution of your build tool should not matter in terms of dependency resolution to your container build chain if you modify your inclusions/exclusions because the dependencies will (or should) not change from that.

I was not aware that the exclusion configuration is a Maven native setting. Thanks for sharing.
I intend to externalize the configuration as much as possible to prevent modifying the pom.xml as much as possible to allow easy manipulation and management of the exclusions.

So is there an alternative like this?

mvn de.thetaphi:forbiddenapis forbiddenapis:check -Dexclude=my/package/MyClass.class -Dexclude=my/package/OtherClass.class

This would work for me, too.

--

• [1] https://checkstyle.sourceforge.io/apidocs/com/puppycrawl/tools/checkstyle/filters/SuppressionFilter.html
• [2] https://checkstyle.sourceforge.io/apidocs/com/puppycrawl/tools/checkstyle/filters/SuppressionXpathFilter.html

[uschindler]

Hi,
you should be able to use ${forbidden.excludes} inside your POM and then pass -Dforbidden.excludes=......

I only do not know if or how it works with multiple patterns!

Pro Tip: If you want to have your excludes in your project directory, use @SuppressForbidden annotation on the class' source coe instead of manually excluding files.