Created
April 22, 2024 19:14
-
-
Save dutoitns/3185c1327255dc20aacf6e82479d9fcd to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-8" standalone="no"?> | |
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> | |
<name>aws_deployer</name> | |
<artifactId>aws_deployer</artifactId> | |
<groupId>za.co.ndutoit</groupId> | |
<version>1.0.0</version> | |
<modelVersion>4.0.0</modelVersion> | |
<packaging>pom</packaging> | |
<properties> | |
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> | |
<maven.compiler.source>21</maven.compiler.source> | |
<maven.compiler.target>21</maven.compiler.target> | |
</properties> | |
<modules> | |
<!-- Modules will be built in this order --> | |
<module>shared</module> | |
<module>cdk-deployments</module> | |
<module>cloudformation-deployments</module> | |
</modules> | |
<!-- https://stackoverflow.com/questions/7513319/passing-command-line-arguments-from-maven-as-properties-in-pom-xml --> | |
<!-- https://stackoverflow.com/questions/41117214/maven-how-to-print-the-current-profile-on-the-console --> | |
<profiles> | |
<profile> | |
<id>default_profile</id> | |
<activation> | |
<activeByDefault>true</activeByDefault> | |
</activation> | |
<properties> | |
<skip_integration_tests>true</skip_integration_tests> | |
</properties> | |
</profile> | |
<profile> | |
<id>build_server</id> | |
<activation> | |
<property> | |
<name>env</name> | |
<value>build_server</value> | |
</property> | |
</activation> | |
<properties> | |
<skip_integration_tests>false</skip_integration_tests> | |
</properties> | |
</profile> | |
</profiles> | |
<dependencies> | |
<!-- | |
╔══════════════════════╗ | |
║ Logging dependencies ║ | |
╚══════════════════════╝ | |
--> | |
<!-- | |
SLF4J | |
https://mvnrepository.com/artifact/org.slf4j/slf4j-api | |
--> | |
<dependency> | |
<groupId>org.slf4j</groupId> | |
<artifactId>slf4j-api</artifactId> | |
<version>1.7.32</version> | |
</dependency> | |
<!-- | |
Log4j2 | |
https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-bom | |
Not as per the Log4j2 documentation (couldn't get their way to work and it seems more recondite) | |
https://logging.apache.org/log4j/2.x/maven-artifacts.html | |
--> | |
<dependency> | |
<groupId>org.apache.logging.log4j</groupId> | |
<artifactId>log4j-api</artifactId> | |
<version>2.17.1</version> | |
</dependency> | |
<dependency> | |
<groupId>org.apache.logging.log4j</groupId> | |
<artifactId>log4j-core</artifactId> | |
<version>2.17.1</version> | |
</dependency> | |
<!-- | |
SLF4J bridge for Log4j2 | |
Existing components that use SLF4J will have their logging routed to Log4j2 | |
--> | |
<dependency> | |
<groupId>org.apache.logging.log4j</groupId> | |
<artifactId>log4j-slf4j-impl</artifactId> | |
<version>2.17.1</version> | |
</dependency> | |
<!-- | |
╔═══════════════════╗ | |
║ Test dependencies ║ | |
╚═══════════════════╝ | |
--> | |
<!-- https://www.baeldung.com/junit-5-gradle --> | |
<dependency> | |
<groupId>org.junit.jupiter</groupId> | |
<artifactId>junit-jupiter-api</artifactId> | |
<version>5.8.2</version> | |
<scope>test</scope> | |
</dependency> | |
<dependency> | |
<groupId>org.junit.jupiter</groupId> | |
<artifactId>junit-jupiter-engine</artifactId> | |
<version>5.8.2</version> | |
<scope>test</scope> | |
</dependency> | |
</dependencies> | |
<build> | |
<pluginManagement><!-- lock down plugins versions to avoid using Maven defaults (may be moved to parent pom) --> | |
<plugins> | |
<!-- clean lifecycle, see https://maven.apache.org/ref/current/maven-core/lifecycles.html#clean_Lifecycle --> | |
<plugin> | |
<artifactId>maven-clean-plugin</artifactId> | |
<version>3.3.1</version> | |
</plugin> | |
<!-- default lifecycle, jar packaging: see https://maven.apache.org/ref/current/maven-core/default-bindings.html#Plugin_bindings_for_jar_packaging --> | |
<plugin> | |
<artifactId>maven-resources-plugin</artifactId> | |
<version>3.3.1</version> | |
</plugin> | |
<plugin> | |
<artifactId>maven-compiler-plugin</artifactId> | |
<version>3.11.0</version> | |
</plugin> | |
<plugin> | |
<artifactId>maven-surefire-plugin</artifactId> | |
<version>3.1.2</version> | |
</plugin> | |
<plugin> | |
<artifactId>maven-jar-plugin</artifactId> | |
<version>3.3.0</version> | |
</plugin> | |
<plugin> | |
<artifactId>maven-install-plugin</artifactId> | |
<version>3.1.1</version> | |
</plugin> | |
<plugin> | |
<artifactId>maven-deploy-plugin</artifactId> | |
<version>3.1.1</version> | |
</plugin> | |
<!-- site lifecycle, see https://maven.apache.org/ref/current/maven-core/lifecycles.html#site_Lifecycle --> | |
<plugin> | |
<artifactId>maven-site-plugin</artifactId> | |
<version>4.0.0-M8</version> | |
</plugin> | |
<plugin> | |
<artifactId>maven-project-info-reports-plugin</artifactId> | |
<version>3.4.5</version> | |
</plugin> | |
<!-- https://stackoverflow.com/questions/38230639/how-to-skip-integration-test-in-maven --> | |
<!-- https://stackoverflow.com/questions/7513319/passing-command-line-arguments-from-maven-as-properties-in-pom-xml --> | |
<plugin> | |
<groupId>org.apache.maven.plugins</groupId> | |
<artifactId>maven-failsafe-plugin</artifactId> | |
<version>3.1.0</version> | |
<configuration> | |
<skipITs>${skip_integration_tests}</skipITs> | |
</configuration> | |
</plugin> | |
</plugins> | |
</pluginManagement> | |
</build> | |
<!-- | |
Check dependencies for security vulnerabilities. | |
To execute: mvn org.owasp:dependency-check-maven:aggregate | |
To help debug problems: mvn org.owasp:dependency-check-maven:check | |
https://mvnrepository.com/artifact/org.owasp/dependency-check-maven | |
https://github.com/jeremylong/DependencyCheck | |
https://jeremylong.github.io/DependencyCheck/dependency-check-maven/plugin-info.html | |
https://jeremylong.github.io/DependencyCheck/dependency-check-maven/configuration.html | |
https://nullbeans.com/how-to-identify-vulnerable-dependencies-in-a-maven-project/#Suppressing_false_positives | |
https://bootcamptoprod.com/owasp-dependency-check-maven-plugin/ | |
For possible future reference: | |
https://stackoverflow.com/questions/63338623/disable-modules-in-owasp-dependency-check-maven-plugin | |
--> | |
<reporting> | |
<plugins> | |
<plugin> | |
<groupId>org.owasp</groupId> | |
<artifactId>dependency-check-maven</artifactId> | |
<version>9.1.0</version> | |
<configuration> | |
<yarnAuditAnalyzerEnabled>false</yarnAuditAnalyzerEnabled> | |
</configuration> | |
<reportSets> | |
<reportSet> | |
<reports> | |
<report>aggregate</report> | |
</reports> | |
</reportSet> | |
</reportSets> | |
</plugin> | |
</plugins> | |
</reporting> | |
</project> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment