[MGPG-125] Fix "bestPractices"

[cstamas]

As currently due defaulted values it would always fail, unless user explicitly re-configures plugin. So, do not set "default value" on mojo level, instead handle it programmatically, when bestPractices is not set. Added ITs for "bestPractices", one for success and one for failure.

---

https://issues.apache.org/jira/browse/MGPG-125

[bmarwell]

Mostly a little groovy and nesting readability thoughts.

[bmarwell]

Groovy can do that without plexus utils:

String logContent = new File( basedir, "build.log").text

[bmarwell]

Groovy's native assert is quite suitable here:

assert logContent.contains( "..." )

[bmarwell]

As best practices will probably be extended in the future, why not just refactor out a method here?

Suggested change

	if (bestPractices) {
	if (isNotBlank(passphrase) || isNotBlank(passphraseServerId)) {
	// Stop propagating worst practices: passphrase MUST NOT be in any file on disk
	throw new MojoFailureException(
	"Do not store passphrase in any file (disk or SCM repository), rely on GnuPG agent or provide passphrase in "
	+ passphraseEnvName + " environment variable.");
	}
	} else {
	if (bestPractices) {
	checkForBestPractices();
	} else {

[bmarwell]

I feel this is a default case inside an else-if nesting. However, as the isolated if(bestPractices) improves readability, I'd say: keep it for now.

One solution would be to refactor out a method like setDefaults(), but probably not worth it.

[cstamas]

These fields are deprecated and are meant to be removed.. so IMO that would be overkill. Soon, when "bestPractices" can be true only (removed), all these will be gone.

[cstamas]

Btw, this whole PR (with all "non groovy-ness") was copy pasted from other ITs... So maybe we need a "sweeping change" instead where we rewrite the ITs in this plugin to "groovy-like" constructs.

[slawekjaranowski]

?
we can use @version.maven-compiler-plugin@ properties for plugins versions are defined in parent

[slawekjaranowski]

😄

[slawekjaranowski]

assert file.isFile()

[cstamas]

Updated PR with comments, but now the new IT is considerably slower (?) and also locally did not, but on CI fails (I guess the force sources creation is needed as there are actually no sources...) @slawekjaranowski ?

[slawekjaranowski]

but now the new IT is considerably slower ...

do you have any number to compare?

[cstamas]

For last build this PR:

[INFO] Building: sign-release-best-practices/pom.xml
[INFO] run post-build script verify.groovy
[INFO]           sign-release-best-practices/pom.xml .............. SUCCESS (4.002 s)

2nd build/commit:

[INFO] Building: sign-release-best-practices/pom.xml
[INFO] run post-build script verify.groovy
[INFO]           sign-release-best-practices/pom.xml .............. SUCCESS (3.877 s)

Hm, minimal... unsure what I "feel" locally. Maybe that these two ITs use new plugins (hence downoads them) while all the rest use old/ancient plugins but some version?

[slawekjaranowski]

It can be a time needed for downloading new plugins version into tarted/local-repo
Too small difference to more investigating

build with mvn clean ...

gpg
[INFO]           sign-release-best-practices/pom.xml .............. SUCCESS (8.135 s)

bc
[INFO]           sign-release-best-practices/pom.xml .............. SUCCESS (2.189 s)

next without clean

gpg
[INFO]           sign-release-best-practices/pom.xml .............. SUCCESS (2.653 s)

bc
[INFO]           sign-release-best-practices/pom.xml .............. SUCCESS (2.237 s)

[jira-importer]

Resolve #257

[jira-importer]

Resolve #257