Enforce dependency management (#417)

Builds off of #413 to enable the dependency management plugin in non-report mode.

Author: bpkroth

.devcontainer/devcontainer.json

@@ -46,6 +46,7 @@
                 "github.vscode-github-actions",
                 "github.vscode-pull-request-github",
                 "huntertran.auto-markdown-toc",
+                "redhat.fabric8-analytics",
                 "vscjava.vscode-java-pack"
             ]
         }

.github/workflows/maven.yml

@@ -76,8 +76,9 @@ jobs:
         cache: 'maven'
         distribution: 'temurin'
 
-    - name: Package with Maven
-      run: mvn -B package -P ${{matrix.profile}} --file pom.xml -DskipTests -D descriptors=src/main/assembly/tgz.xml
+    - name: Package and verify with Maven
+      run: |
+        mvn -B package verify -P ${{matrix.profile}} --file pom.xml -DskipTests -D descriptors=src/main/assembly/tgz.xml
 
     - name: Upload TGZ artifact
       uses: actions/upload-artifact@v3

.vscode/extensions.json

@@ -3,6 +3,7 @@
         "EditorConfig.EditorConfig",
         "github.vscode-pull-request-github",
         "huntertran.auto-markdown-toc",
+        "redhat.fabric8-analytics",
         "vscjava.vscode-java-pack"
     ]
 }

pom.xml

@@ -84,6 +84,7 @@
                     <groupId>org.postgresql</groupId>
                     <artifactId>postgresql</artifactId>
                     <version>42.6.0</version>
+                    <scope>runtime</scope>
                 </dependency>
             </dependencies>
         </profile>
@@ -103,6 +104,7 @@
                     <groupId>mysql</groupId>
                     <artifactId>mysql-connector-java</artifactId>
                     <version>8.0.30</version>
+                    <scope>runtime</scope>
                 </dependency>
             </dependencies>
         </profile>
@@ -144,6 +146,7 @@
                     <groupId>org.mariadb.jdbc</groupId>
                     <artifactId>mariadb-java-client</artifactId>
                     <version>3.1.4</version>
+                    <scope>runtime</scope>
                 </dependency>
             </dependencies>
         </profile>
@@ -163,6 +166,7 @@
                     <groupId>com.google.cloud</groupId>
                     <artifactId>google-cloud-spanner-jdbc</artifactId>
                     <version>2.10.0</version>
+                    <scope>runtime</scope>
                 </dependency>
             </dependencies>
         </profile>
@@ -182,6 +186,7 @@
                     <groupId>org.postgresql</groupId>
                     <artifactId>postgresql</artifactId>
                     <version>42.6.0</version>
+                    <scope>runtime</scope>
                 </dependency>
             </dependencies>
         </profile>
@@ -201,6 +206,7 @@
                     <groupId>org.apache.phoenix</groupId>
                     <artifactId>phoenix-client-hbase-2.4</artifactId>
                     <version>5.1.3</version>
+                    <scope>runtime</scope>
                 </dependency>
             </dependencies>
         </profile>
@@ -220,6 +226,7 @@
                     <groupId>com.microsoft.sqlserver</groupId>
                     <artifactId>mssql-jdbc</artifactId>
                     <version>11.2.3.jre17</version>
+                    <scope>runtime</scope>
                 </dependency>
             </dependencies>
         </profile>
@@ -233,6 +240,7 @@
         </dependency>
 
         <dependency>
+            <!-- Drop-in replacement of log4j -->
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-reload4j</artifactId>
             <version>2.0.9</version>
@@ -245,6 +253,7 @@
         </dependency>
 
         <dependency>
+            <!-- For templated benchmark -->
             <groupId>commons-jxpath</groupId>
             <artifactId>commons-jxpath</artifactId>
             <version>1.3</version>
@@ -268,6 +277,13 @@
             <version>2.15.1</version>
         </dependency>
 
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-text</artifactId>
+            <version>1.10.0</version>
+            <scope>compile</scope>
+        </dependency>
+
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-collections4</artifactId>
@@ -293,15 +309,18 @@
         </dependency>
 
         <dependency>
+            <!-- Used for (currently manual) code generation from xml schema files. -->
             <groupId>org.glassfish.jaxb</groupId>
             <artifactId>jaxb-runtime</artifactId>
             <version>4.0.4</version>
+            <scope>compile</scope>
         </dependency>
 
         <dependency>
             <groupId>org.hsqldb</groupId>
             <artifactId>hsqldb</artifactId>
             <version>2.7.2</version>
+            <scope>test</scope>
         </dependency>
 
         <dependency>
@@ -319,6 +338,13 @@
         </dependency>
 
         <dependency>
+            <groupId>org.codehaus.janino</groupId>
+            <artifactId>commons-compiler</artifactId>
+            <version>3.1.11</version>
+        </dependency>
+
+        <dependency>
+            <!-- Used by the templated benchmark for internal compiling proceedures. -->
             <groupId>org.codehaus.janino</groupId>
             <artifactId>janino</artifactId>
             <version>3.1.11</version>
@@ -365,6 +391,21 @@
                     </compilerArgs>
                 </configuration>
             </plugin>
+            <!-- TODO: Use PMD to check for various code health things.plugin>
+                Invoked with `mvn pmd:check` or `mvn verify`
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-pmd-plugin</artifactId>
+                <version>3.21.2</version>
+                <configuration>
+                    <excludeRoots>
+                        <excludeRoot>target/generated-sources</excludeRoot>
+                        <excludeRoot>target/generated-test-sources</excludeRoot>
+                    </excludeRoots>
+                    <linkXRef>true</linkXRef>
+                </configuration>
+            </plugin>
+            -->
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-jar-plugin</artifactId>
@@ -461,7 +502,30 @@
                             <goal>analyze-only</goal>
                         </goals>
                         <configuration>
-                            <failOnWarning>false</failOnWarning>
+                            <failOnWarning>true</failOnWarning>
+
+                            <ignoredUnusedDeclaredDependencies>
+                                <!-- Used for (currently manual) code generation from xml schema files. -->
+                                <ignoredUnusedDeclaredDependency>org.glassfish.jaxb:jaxb-runtime:jar</ignoredUnusedDeclaredDependency>
+                                <!-- Drop-in replacement of log4j -->
+                                <ignoredUnusedDeclaredDependency>org.slf4j:slf4j-reload4j:jar</ignoredUnusedDeclaredDependency>
+                                <!-- Used by the templated benchmark for internal compiling proceedures. -->
+                                <ignoredUnusedDeclaredDependency>org.codehaus.janino:janino:jar</ignoredUnusedDeclaredDependency>
+                                <!-- Used by the templated benchmark. -->
+                                <ignoredUnusedDeclaredDependency>commons-jxpath:commons-jxpath:jar</ignoredUnusedDeclaredDependency>
+
+                                <!--
+                                Need to ignore the following profile specific dependencies since they're runtime only.
+                                -->
+                                <ignoredUnusedDeclaredDependency>org.postgresql:postgresql:jar</ignoredUnusedDeclaredDependency>
+                                <ignoredUnusedDeclaredDependency>mysql:mysql-connector-java:jar</ignoredUnusedDeclaredDependency>
+                                <ignoredUnusedDeclaredDependency>com.oracle.database.jdbc:ojdbc11:jar</ignoredUnusedDeclaredDependency>
+                                <ignoredUnusedDeclaredDependency>org.mariadb.jdbc:mariadb-java-client:jar</ignoredUnusedDeclaredDependency>
+                                <ignoredUnusedDeclaredDependency>com.google.cloud:google-cloud-spanner-jdbc:jar</ignoredUnusedDeclaredDependency>
+                                <ignoredUnusedDeclaredDependency>org.apache.phoenix:phoenix-client-hbase-2.4:jar</ignoredUnusedDeclaredDependency>
+                                <ignoredUnusedDeclaredDependency>com.microsoft.sqlserver:mssql-jdbc:jar</ignoredUnusedDeclaredDependency>
+                                <ignoredUnusedDeclaredDependency>org.xerial:sqlite-jdbc:jar</ignoredUnusedDeclaredDependency>
+                            </ignoredUnusedDeclaredDependencies>
                         </configuration>
                     </execution>
                 </executions>
@@ -476,5 +540,4 @@
             </plugin>
         </plugins>
     </build>
-
 </project>