Add default maven-enforcer configuration

[hinerm]

Configures the maven-enforcer plugin to run during each build. Some rules can be disabled if necessary.

[hinerm]

@dscho @ctrueden - are you OK with this direction for the maven-enforcer plugin?

I like separating rules into profiles that are enabled by default, and can then be turned off if desired. I put the rules that conflict with Fiji into the strict-rules profile.

Anything else from the core or extended ruleset you'd like to see?

Should I be more granular in my profile setup, e.g. create several tiers of rules so that different chunks can be disabled or enabled..?

If interested, you can test this by checking on this branch, installing it to your local repo, and changing a scijava project (e.g. scijava-common) to use the 3.7-SNAPSHOT parent pom. If you build the project, it will then fail (because it has a SNAPSHOT dependency). If you build again with mvn -P \!strict-rules it should pass.

[ctrueden]

Should I be more granular in my profile setup

For now I think not. Let's just have two levels: strict and loose. More than that starts being too complex, unless there is a specific need for it.

[ctrueden]

Anything else from the core or extended ruleset you'd like to see?

Definitely:

• requirePluginVersions - This is the most important one. Without it, builds are not reproducible. So just like release version dependencies, we need to require specific pinned plugin versions of all used plugins.
• requireMavenVersion - and matching the minimum defined in the <prerequisites> section, maybe using a property.
• requirePrerequisites - needed, since the <prerequisites> section is not inherited, apparently.

[hinerm]

@ctrueden I believe I addressed everything.. see anything you don't like?

[ctrueden]

Thanks Mark! Looks awesome! I wrote one whitespace nitpick, and otherwise I am totally happy with it!

[dscho]

FWIW I think that we should never, ever use the non-strict mode. Since switching to the release coupling strategy (in particular for pom-fiji), it is no problem to bump the parent POM version only when the enforcer passes in strict mode.

[hinerm]

@dscho I agree that we should only release things that pass the strict mode. But this configuration causes enforcer:enforce to run in every maven build.. if we ever want to develop against SNAPSHOTs, non-strict mode gives an easy way to build locally first.

[dscho]

if we ever want to develop against SNAPSHOTs, non-strict mode gives an easy way to build locally first.

But would enforcer really require all dependencies of a SNAPSHOT to be on release versions? I thought that would only be enforced for release versions, not SNAPSHOT versions, of the artifact to build...?

[ctrueden]

But would enforcer really require all dependencies of a SNAPSHOT to be on release versions?

@dscho I would be very surprised if that rule didn't apply to SNAPSHOT builds. After all: we ourselves want all dependencies to be releases, always, except when developing topic branches which we plan to rewrite before merging.

[hinerm]

But would enforcer really require all dependencies of a SNAPSHOT to be on release versions?

Yup. Enforcer doesn't care. If you take the current master of SJC and change its parent to pom-scijava 3.7-SNAPSHOT, it will not build without -Dscijava.enforce.skip because it now contains a SNAPSHOT parent. Even though its version itself is a SNAPSHOT.

[dscho]

Okay, okay. I slouch corrected.