remove victims rule, as it seems the victims project is defunct. Adding other rules, and parameterizing via properties to provide more control to projects.

Author: jdcasey

pom.xml

@@ -54,6 +54,7 @@
   </scm>
 
   <properties>
+    <javaVersion>1.7</javaVersion>
     <projectOwner>John Casey</projectOwner>
     <projectEmail>jdcasey@commonjava.org</projectEmail>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -74,6 +75,18 @@
     <version.plugin.install>2.4</version.plugin.install>
     <version.plugin.resources>2.6</version.plugin.resources>
     <version.plugin.site>3.3</version.plugin.site>
+
+    <skipIllegalTransitiveEnforcement>false</skipIllegalTransitiveEnforcement>
+    <enforceManagedDeps>true</enforceManagedDeps>
+
+    <unEnforcedPlugins>org.eclipse.m2e:lifecycle-mapping</unEnforcedPlugins>
+    <enforcedMavenVersion>(,2.1.0),(2.1.0,2.2.0),(2.2.0,)</enforcedMavenVersion>
+    <enforcedJavaVersion>${javaVersion}</enforcedJavaVersion>
+
+    <enforceBestPractices>true</enforceBestPractices>
+    <enforceStandards>true</enforceStandards>
+    <enforceVersions>true</enforceVersions>
+    <enforceTripHazards>true</enforceTripHazards>
   </properties>
 
   <build>
@@ -83,8 +96,8 @@
           <artifactId>maven-compiler-plugin</artifactId>
           <version>${version.plugin.compiler}</version>
           <configuration>
-            <source>1.7</source>
-            <target>1.7</target>
+            <source>${javaVersion}</source>
+            <target>${javaVersion}</target>
           </configuration>
         </plugin>
         <plugin>
@@ -178,38 +191,77 @@
               <artifactId>illegal-transitive-dependency-check</artifactId>
               <version>1.7.4</version>
             </dependency>
-            <dependency>
-              <groupId>com.redhat.victims</groupId>
-              <artifactId>enforce-victims-rule</artifactId>
-              <version>1.3.4</version>
-            </dependency>
           </dependencies>
           <executions>
+            <execution>
+              <id>avoid-trip-hazards</id>
+              <goals>
+                <goal>enforce</goal>
+              </goals>
+              <phase>initialize</phase>
+              <rules>
+                <fail>${enforceTripHazards}</fail>
+                <requireSameVersions>
+                  <dependencies>
+                    <dependency>${project.groupId}*</dependency>
+                  </dependencies>
+                </requireSameVersions>
+              </rules>
+            </execution>
+            <execution>
+              <id>enforce-commonjava-standards</id>
+              <goals>
+                <goal>enforce</goal>
+              </goals>
+              <phase>initialize</phase>
+              <configuration>
+                <fail>${enforceStandards}</fail>
+                <rules>
+                  <requireManagedDeps implementation="org.commonjava.maven.enforcer.rule.EnforceManagedDepsRule">
+                    <!-- <message>Capture dependencies in top-level dependencyManagement section for easy reference.</message> -->
+                    <checkProfiles>false</checkProfiles>
+                    <failOnViolation>${managedDepEnforcement-fail}</failOnViolation>
+                  </requireManagedDeps>
+                  <illegalTransitiveDependencyCheck implementation="de.is24.maven.enforcer.rules.IllegalTransitiveDependencyCheck">
+                    <reportOnly>${illegalTransitivesEnforcement-reportOnly}</reportOnly>
+                    <regexIgnoredClasses>
+                        <regexIgnoredClass>com\.sun\.net\.httpserver\..+</regexIgnoredClass>
+                        <regexIgnoredClass>javax\..+</regexIgnoredClass>
+                        <regexIgnoredClass>org\.w3c\.dom\..+</regexIgnoredClass>
+                        <regexIgnoredClass>org\.xml\.sax\..+</regexIgnoredClass>
+                    </regexIgnoredClasses>
+                    <useClassesFromLastBuild>true</useClassesFromLastBuild>
+                  </illegalTransitiveDependencyCheck>
+                </rules>
+              </configuration>
+            </execution>
             <execution>
               <id>enforce-best-practices</id>
               <goals>
                 <goal>enforce</goal>
               </goals>
               <phase>initialize</phase>
               <configuration>
+                <fail>${enforceBestPractices}</fail>
                 <rules>
                   <requireManagedDeps implementation="org.commonjava.maven.enforcer.rule.EnforceManagedDepsRule">
                     <!-- <message>Capture dependencies in top-level dependencyManagement section for easy reference.</message> -->
                     <checkProfiles>false</checkProfiles>
-                    <failOnViolation>true</failOnViolation>
+                    <failOnViolation>${managedDepEnforcement-fail}</failOnViolation>
                   </requireManagedDeps>
                   <!--
                   <dependencyConvergence />
                   -->
                   <reactorModuleConvergence />
+                  <requireNoRepositories />
                   <requirePluginVersions>
                     <banLatest />
                     <banRelease />
                     <banSnapshots />
-                    <unCheckedPluginList>org.eclipse.m2e:lifecycle-mapping</unCheckedPluginList>
+                    <unCheckedPluginList>${unEnforcedPlugins}</unCheckedPluginList>
                   </requirePluginVersions>
                   <illegalTransitiveDependencyCheck implementation="de.is24.maven.enforcer.rules.IllegalTransitiveDependencyCheck">
-                    <reportOnly>false</reportOnly>
+                    <reportOnly>${illegalTransitivesEnforcement-reportOnly}</reportOnly>
                     <regexIgnoredClasses>
                         <regexIgnoredClass>com\.sun\.net\.httpserver\..+</regexIgnoredClass>
                         <regexIgnoredClass>javax\..+</regexIgnoredClass>
@@ -218,56 +270,23 @@
                     </regexIgnoredClasses>
                     <useClassesFromLastBuild>true</useClassesFromLastBuild>
                   </illegalTransitiveDependencyCheck>
-                  <victimsCheck implementation="com.redhat.victims.VictimsRule">     
-                    <!-- 
-                      Check the project's dependencies against the database using 
-                      name and version. The default mode for this is 'warning'.
-
-                      Valid options are: 
-
-                      disabled: Rule is still run but only INFO level messages aand no errors.
-                      warning : Rule will spit out a warning message but doesn't result in a failure. 
-                      fatal   : Rule will spit out an error message and fail the build. 
-                    -->
-                    <metadata>warning</metadata>
-                    <!--
-                      Check the project's dependencies against the database using 
-                      the SHA-512 checksum of the artifact. The default is fatal. 
-
-                      Valid options are: 
-
-                      disabled: Rule is still run but only INFO level messages aand no errors.
-                      warning : Rule will spit out a warning message but doesn't result in a failure. 
-                      fatal   : Rule will spit out an error message and fail the build. 
-                    -->
-                    <fingerprint>fatal</fingerprint>
-                    <!-- 
-                      Disables the synchronization mechansim. By default the rule will 
-                      attempt to update the database for each build. 
-
-                      Valid options are: 
-
-                      auto  : Automatically update the database entries on each build.
-                      daily : Update the database entries once per day.
-                      weekly: Update the database entries once per week.
-                      offline   : Disable the synchronization mechanism.
-                    -->  
-                    <updates>auto</updates>
-                  </victimsCheck>
                 </rules>
               </configuration>
             </execution>
             <execution>
-              <id>enforce-maven</id>
+              <id>enforce-versions</id>
               <goals>
                 <goal>enforce</goal>
               </goals>
               <configuration>
+                <fail>${enforceVersions}</fail>
                 <rules>
                   <requireMavenVersion>
-                    <version>(,2.1.0),(2.1.0,2.2.0),(2.2.0,)</version>
-                    <message>Maven 2.1.0 and 2.2.0 produce incorrect GPG signatures and checksums respectively.</message>
+                    <version>${enforcedMavenVersion}</version>
                   </requireMavenVersion>
+                  <requireJavaVersion>
+                    <version>${enforcedJavaVersion}</version>
+                  </requireJavaVersion>
                 </rules>
               </configuration>
             </execution>