demo/validator
1
0
Fork 0
mirror of https://github.com/itplr-kosit/validator.git synced 2026-05-25 16:55:39 +00:00
Code Issues Projects Releases Packages Wiki Activity
validator/pom.xml
svanteschubert 9060d4ba18 Allow builds with java 25 or java 11
2026-02-17 21:17:11 +01:00

777 lines
33 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8" ?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<name>KoSIT XML Validator</name>
<groupId>org.kosit</groupId>
<artifactId>validator</artifactId>
<version>1.6.3-SNAPSHOT</version>
<description>KoSIT XML Validator against XSD and Schematron based on defined scenarios.</description>
<developers>
<!-- In alphabetical order by last name -->
<developer>
<id>fabian.buettner</id>
<name>Fabian Büttner</name>
<organization>KoSIT</organization>
<organizationUrl>https://xoev.de/</organizationUrl>
</developer>
<developer>
<id>renzo.kottmann</id>
<name>Renzo Kottmann</name>
<organization>KoSIT</organization>
<organizationUrl>https://xeinkauf.de</organizationUrl>
<roles>
<role>Product Owner</role>
</roles>
</developer>
<developer>
<id>andreas.penski</id>
<name>Andreas Penski</name>
<organization>]init[ AG</organization>
<organizationUrl>https://www.init.de</organizationUrl>
<roles>
<role>developer</role>
</roles>
</developer>
</developers>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<version.assertj>3.27.7</version.assertj>
<version.commons-io>2.21.0</version.commons-io>
<version.commons-lang>3.20.0</version.commons-lang>
<!-- JaCoCo 0.8.14+ required for Java 25 (class file major version 69) -->
<version.jacoco>0.8.14</version.jacoco>
<version.jaxb-api>4.0.4</version.jaxb-api>
<version.jaxb-impl>4.0.6</version.jaxb-impl>
<version.lombok>1.18.42</version.lombok>
<version.mockito>5.21.0</version.mockito>
<version.owasp-dependency-check>12.1.8</version.owasp-dependency-check>
<!-- 6.0.0 requires Java 17+ -->
<version.rest-assured>5.5.7</version.rest-assured>
<version.saxon-he>12.9</version.saxon-he>
<version.slf4j>2.0.17</version.slf4j>
<version.jaxb-maven-plugin>4.0.11</version.jaxb-maven-plugin>
<!-- Set to true to skip formatter:validate (e.g. -DskipFormatterValidation=true) when formatting is not yet applied or in CI -->
<skipFormatterValidation>false</skipFormatterValidation>
</properties>
<repositories>
<repository>
<id>project.local</id>
<name>project</name>
<url>file:${project.basedir}/libs</url>
</repository>
<repository>
<name>Central Portal Snapshots</name>
<id>central-portal-snapshots</id>
<url>https://central.sonatype.com/repository/maven-snapshots/</url>
<releases>
<enabled>false</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>${version.lombok}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>${version.slf4j}</version>
</dependency>
<dependency>
<groupId>net.sf.saxon</groupId>
<artifactId>Saxon-HE</artifactId>
<version>${version.saxon-he}</version>
</dependency>
<dependency>
<groupId>info.picocli</groupId>
<artifactId>picocli</artifactId>
<version>4.7.7</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.fusesource.jansi</groupId>
<artifactId>jansi</artifactId>
<version>2.4.2</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-simple</artifactId>
<version>${version.slf4j}</version>
<optional>true</optional>
</dependency>
<!-- 3.18.0+ fixes CVE-2025-48924 (uncontrolled recursion in ClassUtils.getClass on long inputs); 3.10 had no remediation in older scanners -->
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>${version.commons-lang}</version>
</dependency>
<dependency>
<groupId>org.glassfish.jaxb</groupId>
<artifactId>jaxb-runtime</artifactId>
<version>${version.jaxb-impl}</version>
<optional>true</optional>
</dependency>
<dependency>
<groupId>jakarta.xml.bind</groupId>
<artifactId>jakarta.xml.bind-api</artifactId>
<version>${version.jaxb-api}</version>
</dependency>
<dependency>
<groupId>org.assertj</groupId>
<artifactId>assertj-core</artifactId>
<version>${version.assertj}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.13.2</version>
<scope>test</scope>
</dependency>
<!-- 2.17.0+ fixes CVE-2024-47554 (XML DoS in XmlStreamReader) and directory traversal in FileNameUtils.normalize; 2.6 was vulnerable -->
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>${version.commons-io}</version>
</dependency>
<dependency>
<groupId>io.rest-assured</groupId>
<artifactId>rest-assured</artifactId>
<version>${version.rest-assured}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<version>${version.mockito}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>de.kosit.validationtool</groupId>
<artifactId>packaged-test-scenarios</artifactId>
<version>1.0.2</version>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<resources>
<resource>
<directory>src/main/model</directory>
</resource>
<resource>
<!-- for logging and app info properties -->
<directory>src/main/resources</directory>
<filtering>true</filtering>
</resource>
</resources>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.sonatype.central</groupId>
<artifactId>central-publishing-maven-plugin</artifactId>
<version>0.10.0</version>
<extensions>true</extensions>
<configuration>
<publishingServerId>central</publishingServerId>
<autoPublish>true</autoPublish>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>3.2.8</version>
</plugin>
</plugins>
</pluginManagement>
<plugins>
<!-- for PR 152 -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
<version>3.3.1</version>
<configuration>
<propertiesEncoding>ISO-8859-1</propertiesEncoding>
</configuration>
</plugin>
<plugin>
<artifactId>maven-resources-plugin</artifactId>
<version>3.4.0</version>
<executions>
<execution>
<id>copy-license-notice</id>
<phase>process-resources</phase>
<goals>
<goal>copy-resources</goal>
</goals>
<configuration>
<outputDirectory>${project.build.outputDirectory}/META-INF</outputDirectory>
<resources>
<resource>
<directory>${project.basedir}</directory>
<includes>
<include>NOTICE</include>
</includes>
</resource>
</resources>
<overwrite>true</overwrite>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>build-helper-maven-plugin</artifactId>
<version>3.6.1</version>
<executions>
<execution>
<id>reserve-network-port</id>
<goals>
<goal>reserve-network-port</goal>
</goals>
<phase>process-resources</phase>
<configuration>
<portNames>
<portName>validator.server.port</portName>
<portName>jacoco.tcp.port</portName>
</portNames>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>3.6.1</version>
<executions>
<execution>
<id>enforce-versions</id>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<requireMavenVersion>
<!-- minimum for OWASP check-->
<version>[3.6.3,)</version>
</requireMavenVersion>
<requireJavaVersion>
<!-- Required for "-proc:full" required for Lombok:
Any Java 11 (LTS) >= 11.0.23
No Java 12 to 16
Any Java 17 (LTS) >= 17.0.11
No Java 18 to 20
Any Java 21 or higher
-->
<version>[11.0.23,12),[17.0.11,18),[21,)</version>
</requireJavaVersion>
</rules>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.14.0</version>
<configuration>
<release>11</release>
<encoding>UTF-8</encoding>
<!-- This is required for Lombok only since JDK 23
Was backported to 17.0.11 and 11.0.23.
See: https://inside.java/2024/06/18/quality-heads-up/
-->
<proc>full</proc>
<!-- Explicit processor path ensures Lombok runs on JDK 25; without it the compiler may not invoke the processor and getters/setters/log are missing -->
<annotationProcessorPaths>
<path>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>${version.lombok}</version>
</path>
</annotationProcessorPaths>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-shade-plugin</artifactId>
<version>3.6.1</version>
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>shade</goal>
</goals>
<configuration>
<createDependencyReducedPom>false</createDependencyReducedPom>
<shadedArtifactAttached>true</shadedArtifactAttached>
<shadedClassifierName>standalone</shadedClassifierName>
<transformers>
<transformer implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
<mainClass>de.kosit.validationtool.cmd.CommandLineApplication</mainClass>
</transformer>
<!--
Some open source producers (including the Apache Software Foundation) include a copy of their
license in the META-INF directory. These are conventionally named either LICENSE,LICENSE.txt
or LICENSE.md. When merging these dependencies, adding these resources may cause confusion.
The ApacheLicenseResourceTransformer ensures that duplicate licenses (named according to this
convention) are not merged.
Technically it simply avoids adding them into the final JAR.
We don't need the detailed licensed in the shaded JAR.
-->
<transformer implementation="org.apache.maven.plugins.shade.resource.ApacheLicenseResourceTransformer" />
<!--
Some licenses (including the Apache License, Version 2) require that notices are preserved by
downstream distributors. ApacheNoticeResourceTransformer automates the assembly of an
appropriate NOTICE.
Technically it merges all NOTICE files together
-->
<transformer implementation="org.apache.maven.plugins.shade.resource.ApacheNoticeResourceTransformer">
<addHeader>false</addHeader>
</transformer>
</transformers>
<filters>
<filter>
<artifact>*:*</artifact>
<excludes>
<!-- E.g. MANIFEST.MF -->
<exclude>META-INF/*.MF</exclude>
<!-- Required for JAR signing artefacts -->
<exclude>META-INF/*.SF</exclude>
<exclude>META-INF/*.DSA</exclude>
<exclude>META-INF/*.RSA</exclude>
<!-- We're breaking the Java module system -->
<exclude>**/module-info.class</exclude>
</excludes>
</filter>
</filters>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-assembly-plugin</artifactId>
<version>3.7.1</version>
<executions>
<execution>
<id>full_dist</id>
<phase>package</phase>
<goals>
<goal>single</goal>
</goals>
<configuration>
<descriptors>
<descriptor>src/assembly/assembly-dist.xml</descriptor>
</descriptors>
<attach>true</attach>
<appendAssemblyId>false</appendAssemblyId>
<outputDirectory>target/</outputDirectory>
<workDirectory>target/assembly/full</workDirectory>
</configuration>
</execution>
</executions>
</plugin>
<!-- Generate model classes from XSD. Plugin default pulls JAXB 2.3.0 which uses sun.misc.Unsafe.defineClass, removed in Java 21+; overrides below fix generate goal on modern JDKs -->
<plugin>
<groupId>org.jvnet.jaxb</groupId>
<artifactId>jaxb-maven-plugin</artifactId>
<version>${version.jaxb-maven-plugin}</version>
<executions>
<execution>
<goals>
<goal>generate</goal>
</goals>
</execution>
</executions>
<configuration>
<extension>true</extension>
<schemaDirectory>src/main/model/xsd</schemaDirectory>
<bindingDirectory>src/main/model/binding</bindingDirectory>
<packageLevelAnnotations>false</packageLevelAnnotations>
<args>
<arg>-Xinheritance</arg>
</args>
<plugins>
<plugin>
<groupId>org.jvnet.jaxb</groupId>
<artifactId>jaxb-plugins</artifactId>
<version>${version.jaxb-maven-plugin}</version>
</plugin>
</plugins>
</configuration>
</plugin>
<!-- Code coverage. Version must be 0.8.14+ on Java 25 (see version.jacoco property comment). -->
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<version>${version.jacoco}</version>
<configuration>
<excludes>
<exclude>**/validationtool/model/**</exclude>
<exclude>**/validationtool/cmd/assertions/**</exclude>
</excludes>
</configuration>
<executions>
<execution>
<id>prepareJacocoSurefireArgLine</id>
<goals>
<goal>prepare-agent</goal>
</goals>
<configuration>
<propertyName>jacocoSurefire</propertyName>
</configuration>
</execution>
<execution>
<id>prepareJacocoFailsafeArgLine</id>
<phase>pre-integration-test</phase>
<goals>
<goal>prepare-agent</goal>
</goals>
<configuration>
<propertyName>jacocoFailsafe</propertyName>
<output>tcpserver</output>
<address>localhost</address>
<port>${jacoco.tcp.port}</port>
</configuration>
</execution>
<execution>
<id>dump</id>
<phase>post-integration-test</phase>
<goals>
<goal>dump</goal>
</goals>
<configuration>
<address>localhost</address>
<port>${jacoco.tcp.port}</port>
<append>true</append>
</configuration>
</execution>
<execution>
<id>generateJacocoReport</id>
<goals>
<goal>report</goal>
</goals>
<phase>verify</phase>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>3.5.3</version>
<configuration>
<!--suppress MavenModelInspection -->
<argLine>-Dfile.encoding=UTF-8 ${jacocoSurefire}</argLine>
<systemProperties>
<property>
<name>java.net.useSystemProxies</name>
<value>true</value>
</property>
</systemProperties>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<version>3.3.1</version>
<executions>
<execution>
<id>attach-sources</id>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-release-plugin</artifactId>
<version>3.1.1</version>
<configuration>
<tagNameFormat>v@{project.version}</tagNameFormat>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<version>3.6.2</version>
<executions>
<execution>
<id>run</id>
<phase>pre-integration-test</phase>
<goals>
<goal>exec</goal>
</goals>
</execution>
</executions>
<configuration>
<inheritIo>true</inheritIo>
<!-- have to catch exit codes, cause daemon throws 1 if shutdown is not proper-->
<successCodes>0,1</successCodes>
<executable>java</executable>
<longClasspath>false</longClasspath>
<async>true</async>
<asyncDestroyOnShutdown>true</asyncDestroyOnShutdown>
<cleanupDaemonThreads>false</cleanupDaemonThreads>
<arguments>
<!--suppress MavenModelInspection -->
<argument>${jacocoFailsafe}</argument>
<argument>-Xmx128m</argument>
<argument>-classpath</argument>
<classpath />
<argument>de.kosit.validationtool.cmd.CommandLineApplication</argument>
<argument>-s</argument>
<argument>${project.build.testOutputDirectory}/examples/simple/scenarios.xml</argument>
<argument>-r</argument>
<argument>${project.build.testOutputDirectory}/examples/simple/repository</argument>
<argument>--port</argument>
<argument>${validator.server.port}</argument>
<argument>-D</argument>
</arguments>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-antrun-plugin</artifactId>
<version>3.1.0</version>
<configuration>
<target>
<!-- schlafen um den Start des Daemon abzuwarten -->
<sleep seconds="10" />
<echo>jacoco.tcp.port=${jacoco.tcp.port}</echo>
</target>
</configuration>
<executions>
<execution>
<id>sleep-for-a-while</id>
<phase>pre-integration-test</phase>
<goals>
<goal>run</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-failsafe-plugin</artifactId>
<version>3.5.3</version>
<executions>
<execution>
<id>test-it</id>
<goals>
<goal>integration-test</goal>
<goal>verify</goal>
</goals>
<configuration>
<!--suppress MavenModelInspection -->
<argLine>-Dfile.encoding=UTF-8 -Ddaemon.port=${validator.server.port}</argLine>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>3.11.2</version>
<configuration>
<source>11</source>
<doclint>none</doclint>
</configuration>
<executions>
<execution>
<id>attach-javadocs</id>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>net.revelc.code.formatter</groupId>
<artifactId>formatter-maven-plugin</artifactId>
<version>2.13.0</version>
<executions>
<execution>
<id>validate</id>
<phase>generate-sources</phase>
<goals>
<goal>validate</goal>
</goals>
<configuration>
<!-- Skip when skipFormatterValidation=true (see property); avoids build failure if sources are not yet formatted -->
<skip>${skipFormatterValidation}</skip>
</configuration>
</execution>
</executions>
<configuration>
<configFile>${project.basedir}/formatter.xml</configFile>
<lineEnding>LF</lineEnding>
</configuration>
</plugin>
</plugins>
</build>
<profiles>
<profile>
<id>release-sign-artifacts</id>
<activation>
<property>
<name>performRelease</name>
<value>true</value>
</property>
</activation>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.sonatype.central</groupId>
<artifactId>central-publishing-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>owasp-check</id>
<build>
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>${version.owasp-dependency-check}</version>
<configuration>
<!-- Specifies if the build should be failed if a CVSS score
above a specified level is identified.
The default is 11 which means since the CVSS scores are 0-10,
by default the build will never fail.-->
<failBuildOnCVSS>0</failBuildOnCVSS>
<suppressionFiles>
<suppressionFile>${project.basedir}/owasp-suppressions.xml</suppressionFile>
</suppressionFiles>
<!-- ref to CI CD variable -->
<nvdApiKey>${NVD_API_KEY}</nvdApiKey>
</configuration>
<executions>
<execution>
<phase>
validate
</phase>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>format</id>
<activation>
<activeByDefault>false</activeByDefault>
</activation>
<build>
<plugins>
<plugin>
<groupId>net.revelc.code.formatter</groupId>
<artifactId>formatter-maven-plugin</artifactId>
<version>2.13.0</version>
<executions>
<execution>
<id>maven-formatting</id>
<phase>initialize</phase>
<goals>
<goal>format</goal>
</goals>
</execution>
</executions>
<configuration>
<configFile>${project.basedir}/formatter.xml</configFile>
</configuration>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>release-snapshot</id>
<build>
<plugins>
<plugin>
<groupId>org.sonatype.central</groupId>
<artifactId>central-publishing-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</profile>
</profiles>
<reporting>
<plugins>
</plugins>
</reporting>
<scm>
<connection>scm:git:https://github.com/itplr-kosit/validator.git</connection>
<developerConnection>scm:git:https://projekte.kosit.org/kosit/validator.git</developerConnection>
<tag>release/1.6.x</tag>
<url>https://github.com/itplr-kosit/validator</url>
</scm>
<url>https://github.com/itplr-kosit/validator</url>
<licenses>
<license>
<name>Apache License, Version 2.0</name>
<url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
<distribution>repo</distribution>
</license>
</licenses>
</project>
Reference in a new issue View git blame Copy permalink