fix: Deactivated the failure of dependencies verification when ad unu…

…sed dependency is found. (#7)

.github/workflows/pr-validation.yml

@@ -12,7 +12,7 @@ on:
 jobs:
   pr-validation:
     runs-on: ubuntu-latest
-    
+
     steps:
       - name: PR title validation
         uses: amannn/action-semantic-pull-request@c3cd5d1ea3580753008872425915e343e351ab54
@@ -37,18 +37,52 @@ jobs:
       - name: Checkout the repository
         uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
 
+      - name: Cache JDK
+        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8
+        id: cache-jdk
+        with:
+          key: OpenJDK17U-jdk_x64_linux_hotspot_17.0.7_7.tar.gz
+          path: |
+            ${{ runner.temp }}/jdk_setup.tar.gz
+            ${{ runner.temp }}/jdk_setup.sha256
+      
       - name: Download JDK and verify its hash
+        if: steps.cache-jdk.outputs.cache-hit != 'true'
         run: |
-          echo "e9458b38e97358850902c2936a1bb5f35f6cffc59da9fcd28c63eab8dbbfbc3b  ${{ runner.temp }}/jdkfile.tar.gz" >> ${{ runner.temp }}/jdkfile.sha256
-          curl -L "https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.7%2B7/OpenJDK17U-jdk_x64_linux_hotspot_17.0.7_7.tar.gz" -o "${{ runner.temp }}/jdkfile.tar.gz"
-          sha256sum --check --status "${{ runner.temp }}/jdkfile.sha256"
-      
+          echo "e9458b38e97358850902c2936a1bb5f35f6cffc59da9fcd28c63eab8dbbfbc3b  ${{ runner.temp }}/jdk_setup.tar.gz" >> ${{ runner.temp }}/jdk_setup.sha256
+          curl -L "https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.7%2B7/OpenJDK17U-jdk_x64_linux_hotspot_17.0.7_7.tar.gz" -o "${{ runner.temp }}/jdk_setup.tar.gz"
+          sha256sum --check --status "${{ runner.temp }}/jdk_setup.sha256"
+
       - name: Setup JDK 
         uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2
         with:
           distribution: "jdkfile"
-          jdkFile: "${{ runner.temp }}/jdkfile.tar.gz"
+          jdkFile: "${{ runner.temp }}/jdk_setup.tar.gz"
           java-version: "17"
-
+          cache: maven
+
+
+      - name: Cache Maven
+        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8
+        id: cache-maven
+        with:
+          key: apache-maven-3.9.2-bin.tar.gz
+          path: |
+            ${{ runner.temp }}/maven_setup.tar.gz
+            ${{ runner.temp }}/maven_setup.sha256
+
+      - name: Download Maven and verify its hash
+        if: steps.cache-maven.outputs.cache-hit != 'true'
+        run: |
+          echo "809ef3220c6d179195c06c324cb9a6d34d8ecba566c5cfd8eb83167bc034117d  ${{ runner.temp }}/maven_setup.tar.gz" >> ${{ runner.temp }}/maven_setup.sha256
+          curl -L "https://dlcdn.apache.org/maven/maven-3/3.9.2/binaries/apache-maven-3.9.2-bin.tar.gz" -o "${{ runner.temp }}/maven_setup.tar.gz"
+          sha256sum --check --status "${{ runner.temp }}/maven_setup.sha256"
+
+      - name: Setup Maven
+        run: |
+          mkdir ${{ runner.temp }}/maven
+          tar -xvf ${{ runner.temp }}/maven_setup.tar.gz -C ${{ runner.temp }}/maven --strip-components=1
+          echo "<settings><servers><server><id>github</id><username>${{ secrets.GIT_USER }}</username><password>${{ secrets.GIT_PAT }}</password></server></servers></settings>" >> ${{ runner.temp }}/settings.xml
+
       - name: Execute unit-testing
-        run: mvn clean test --no-transfer-progress
+        run: ${{ runner.temp }}/maven/bin/mvn clean test -s ${{ runner.temp }}/settings.xml --no-transfer-progress

.github/workflows/release.yml

@@ -40,28 +40,76 @@ jobs:
           dry_run: true
 
       #
-      # Setup JDK
+      # Cache JDK.
+      #
+      - name: Cache JDK
+        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8
+        id: cache-jdk
+        with:
+          key: OpenJDK17U-jdk_x64_linux_hotspot_17.0.7_7.tar.gz
+          path: |
+            ${{ runner.temp }}/jdk_setup.tar.gz
+            ${{ runner.temp }}/jdk_setup.sha256
+      
+      #
+      # Download JDK and verify its hash.
       #
       - name: Download JDK and verify its hash
+        if: steps.cache-jdk.outputs.cache-hit != 'true'
         run: |
-          echo "e9458b38e97358850902c2936a1bb5f35f6cffc59da9fcd28c63eab8dbbfbc3b  ${{ runner.temp }}/jdkfile.tar.gz" >> ${{ runner.temp }}/jdkfile.sha256
-          curl -L "https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.7%2B7/OpenJDK17U-jdk_x64_linux_hotspot_17.0.7_7.tar.gz" -o "${{ runner.temp }}/jdkfile.tar.gz"
-          sha256sum --check --status "${{ runner.temp }}/jdkfile.sha256"
-      
-      - name: Setup JDK 
+          echo "e9458b38e97358850902c2936a1bb5f35f6cffc59da9fcd28c63eab8dbbfbc3b  ${{ runner.temp }}/jdk_setup.tar.gz" >> ${{ runner.temp }}/jdk_setup.sha256
+          curl -L "https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.7%2B7/OpenJDK17U-jdk_x64_linux_hotspot_17.0.7_7.tar.gz" -o "${{ runner.temp }}/jdk_setup.tar.gz"
+          sha256sum --check --status "${{ runner.temp }}/jdk_setup.sha256"
+
+      #
+      # Setup JDK.
+      #
+      - name: Setup JDK
         uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2
         with:
           distribution: "jdkfile"
-          jdkFile: "${{ runner.temp }}/jdkfile.tar.gz"
+          jdkFile: "${{ runner.temp }}/jdk_setup.tar.gz"
           java-version: "17"
-
+          cache: maven
+
+      #
+      # Cache Maven.
+      #
+      - name: Cache Maven
+        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8
+        id: cache-maven
+        with:
+          key: apache-maven-3.9.2-bin.tar.gz
+          path: |
+            ${{ runner.temp }}/maven_setup.tar.gz
+            ${{ runner.temp }}/maven_setup.sha256
+
+      #
+      # Download Maven and verify its hash.
+      #
+      - name: Download Maven and verify its hash
+        if: steps.cache-maven.outputs.cache-hit != 'true'
+        run: |
+          echo "809ef3220c6d179195c06c324cb9a6d34d8ecba566c5cfd8eb83167bc034117d  ${{ runner.temp }}/maven_setup.tar.gz" >> ${{ runner.temp }}/maven_setup.sha256
+          curl -L "https://dlcdn.apache.org/maven/maven-3/3.9.2/binaries/apache-maven-3.9.2-bin.tar.gz" -o "${{ runner.temp }}/maven_setup.tar.gz"
+          sha256sum --check --status "${{ runner.temp }}/maven_setup.sha256"
+
+      #
+      # Setup Maven.
+      #
+      - name: Setup Maven
+        run: |
+          mkdir ${{ runner.temp }}/maven
+          tar -xvf ${{ runner.temp }}/maven_setup.tar.gz -C ${{ runner.temp }}/maven --strip-components=1
+          echo "<settings><servers><server><id>github</id><username>${{ secrets.GIT_USER }}</username><password>${{ secrets.GIT_PAT }}</password></server></servers></settings>" >> ${{ runner.temp }}/settings.xml
+
       #
       # Update of pom.xml with the new version + Git add + commit + push of the updated pom.xml.
       #
       - name: Update of pom.xml with the new version + Git add + commit + push of the updated pom.xml
         if: steps.semantic.outputs.new_release_published == 'true'
         run: |
-          mvn versions:set -DnewVersion=${{ steps.semantic.outputs.new_release_version }} --no-transfer-progress
+          ${{ runner.temp }}/maven/bin/mvn versions:set -DnewVersion=${{ steps.semantic.outputs.new_release_version }} -s ${{ runner.temp }}/settings.xml --no-transfer-progress
           git config user.name "GitHub Workflow"
           git config user.email "<>"
           git add pom.xml
@@ -85,17 +133,8 @@ jobs:
           dry_run: false
 
       #
-      # Build
+      # Build and deploy.
       #
-      - name: Build
+      - name: Build and deploy
         if: steps.semantic.outputs.new_release_published == 'true'
-        run: |
-          mvn clean install --no-transfer-progress
-
-      #
-      # Publish
-      #
-      - name: Publish
-        run: mvn --batch-mode deploy
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: ${{ runner.temp }}/maven/bin/mvn --batch-mode deploy -s ${{ runner.temp }}/settings.xml

README.md

@@ -9,13 +9,36 @@ Generates the file with the sha256 of project dependencies, that will be used to
 Verifies the sha256 of project dependencies using the file generated with the goal depcheck:generate.
 
 ## Usage
+Declare in your setting.xml the credentials to download this plugin from GitHub Maven Registry:
+
+```xml
+<settings>
+	<servers>
+		<server>
+			<id>github</id>
+			<username>YOUR GITHUB USER NAME</username>
+			<password>YOUR GITHUB PERSONAL ACCESS TOKEN WITH AT LEAST read:packages SCOPE</password>
+		</server>
+	</servers>
+</settings>
+```
+
+Declare in your pom.xml the GitHub Maven Registry to download this plugin:
+
+```xml
+<pluginRepository>
+	<id>github</id>
+	<url>https://maven.pkg.github.com/pagopa/depcheck</url>
+</pluginRepository>
+```
+
 Declare in your pom.xml the depcheck plugin:
 
 ```xml
 <plugin>
 	<groupId>it.pagopa.maven</groupId>
 	<artifactId>depcheck</artifactId>
-	<version>1.0.0</version>
+	<version>1.0.2</version>
 	<executions>
 		<execution>
 			<phase>validate</phase>
@@ -25,7 +48,7 @@ Declare in your pom.xml the depcheck plugin:
 		</execution>
 	</executions>
 	<configuration>
-		<fileName>urlenctest-dep-sha256.json</fileName>
+		<fileName>dep-sha256.json</fileName>
 		<includePlugins>false</includePlugins>
 		<includeParent>false</includeParent>
 	</configuration>

pom.xml

@@ -1,17 +1,21 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
+
 	<groupId>it.pagopa.maven</groupId>
 	<artifactId>depcheck</artifactId>
 	<version>1.0.2</version>
 	<packaging>maven-plugin</packaging>
+
 	<description>This Maven plugin generates and verifies sha256 of project dependencies</description>
+
 	<developers>
 		<developer>
 			<name>Antonio Tarricone</name>
 			<email>[email protected]</email>
 			<organization>PagoPA S.p.A.</organization>
 		</developer>
 	</developers>
+
 	<properties>
 		<java.version>17</java.version>
 		<maven.compiler.release>${java.version}</maven.compiler.release>
@@ -20,6 +24,7 @@
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
 	</properties>
+
 	<build>
 		<plugins>
 			<plugin>
@@ -81,11 +86,10 @@
 					</execution>
 				</executions>
 			</plugin>
-			<!--
 			<plugin>
 				<groupId>it.pagopa.maven</groupId>
 				<artifactId>depcheck</artifactId>
-				<version>1.0.0</version>
+				<version>1.0.2</version>
 				<executions>
 					<execution>
 						<phase>validate</phase>
@@ -100,9 +104,9 @@
 					<includeParent>false</includeParent>
 				</configuration>
 			</plugin>
-			-->
 		</plugins>
 	</build>
+
 	<dependencies>
 		<dependency>
 			<groupId>org.apache.maven</groupId>
@@ -145,6 +149,14 @@
 			<version>5.3.1</version>
 		</dependency>
 	</dependencies>
+
+	<pluginRepositories>
+		<pluginRepository>
+			<id>github</id>
+			<url>https://maven.pkg.github.com/pagopa/depcheck</url>
+		</pluginRepository>
+	</pluginRepositories>
+
 	<distributionManagement>
 		<repository>
 			<id>github</id>

src/main/java/it/pagopa/maven/depcheck/DependenciesDataVerifierMojo.java

@@ -93,7 +93,7 @@ public void execute() throws MojoExecutionException, MojoFailureException {
 			} else if (!map.isEmpty()) {
 				getLog().warn("The following dependencies are not used:");
 				map.keySet().stream().forEach(k -> getLog().warn(k));
-				throw new MojoExecutionException("Dependencies not used.");
+				//throw new MojoExecutionException("Dependencies not used.");
 			}
 		} catch (FileNotFoundException e) {
 			getLog().error(f.getAbsolutePath() + " not found.");

src/test/java/it/pagopa/maven/depcheck/DependenciesDataVerifierMojoTest.java

@@ -239,39 +239,39 @@ public void testWoParentWoPluginsWrongHash() throws Exception {
 	 * 
 	 * @throws Exception
 	 */
-	public void testWoParentWoPluginsUnusedHash() throws Exception {
-		Artifact artifact1 = new ArtifactStub();
-		artifact1.setArtifactId("artifact_1");
-		artifact1.setFile(getTestFile("src/test/resources/unit-test/artifact_1.txt"));
-		artifact1.setGroupId("group_1");
-		artifact1.setVersion("version_1");
-
-		Artifact artifact2 = new ArtifactStub();
-		artifact2.setArtifactId("artifact_2");
-		artifact2.setFile(getTestFile("src/test/resources/unit-test/artifact_2.txt"));
-		artifact2.setGroupId("group_2");
-		artifact2.setVersion("version_2");
-
-		MavenProject project = new MavenProject();
-		project.setName("PROJECT_STUB_WO_PARENT_WO_PLUGINS_UNUSED_HASH");
-		project.setArtifacts(Set.of(artifact1, artifact2));
-		project.setPluginArtifacts(null);
-		project.setParent(null);
-
-		File pom = getTestFile("src/test/resources/unit-test/pom.xml");
-		DependenciesDataVerifierMojo mojo = (DependenciesDataVerifierMojo) lookupMojo("verify", pom);
-		setVariableValueToObject(mojo, "project", project);
-		setVariableValueToObject(mojo, "fileName", "src/test/resources/unit-test/wo-parent-w-plugins-verify-ok.json");
-		setVariableValueToObject(mojo, "includePlugins", false);
-		setVariableValueToObject(mojo, "includeParent", false);
-		try {
-			mojo.execute();
-			fail();
-		} catch (MojoExecutionException e) {
-		} catch (Throwable e) {
-			fail();
-		}
-	}
+//	public void testWoParentWoPluginsUnusedHash() throws Exception {
+//		Artifact artifact1 = new ArtifactStub();
+//		artifact1.setArtifactId("artifact_1");
+//		artifact1.setFile(getTestFile("src/test/resources/unit-test/artifact_1.txt"));
+//		artifact1.setGroupId("group_1");
+//		artifact1.setVersion("version_1");
+//
+//		Artifact artifact2 = new ArtifactStub();
+//		artifact2.setArtifactId("artifact_2");
+//		artifact2.setFile(getTestFile("src/test/resources/unit-test/artifact_2.txt"));
+//		artifact2.setGroupId("group_2");
+//		artifact2.setVersion("version_2");
+//
+//		MavenProject project = new MavenProject();
+//		project.setName("PROJECT_STUB_WO_PARENT_WO_PLUGINS_UNUSED_HASH");
+//		project.setArtifacts(Set.of(artifact1, artifact2));
+//		project.setPluginArtifacts(null);
+//		project.setParent(null);
+//
+//		File pom = getTestFile("src/test/resources/unit-test/pom.xml");
+//		DependenciesDataVerifierMojo mojo = (DependenciesDataVerifierMojo) lookupMojo("verify", pom);
+//		setVariableValueToObject(mojo, "project", project);
+//		setVariableValueToObject(mojo, "fileName", "src/test/resources/unit-test/wo-parent-w-plugins-verify-ok.json");
+//		setVariableValueToObject(mojo, "includePlugins", false);
+//		setVariableValueToObject(mojo, "includeParent", false);
+//		try {
+//			mojo.execute();
+//			fail();
+//		} catch (MojoExecutionException e) {
+//		} catch (Throwable e) {
+//			fail();
+//		}
+//	}
 
 	/**
 	 *