This repo demonstrates a simple way using to ensure that Maven dependencies can be locked down.
-
Any change to the classpath (eg by adding a new
<dependency>or changing the version of an existing<dependency>) will result in the tests failing. -
The change in classpath can be easily reviewed and the change then approved (ie accepted) if it was intentional.
The implementation is very simple, using the JUnit, the Approval Tests library, and the Maven dependency plugin.
To demo:
-
prereqs: install a graphical diff tool, lots are supported for Windows and Mac (otherwise will fall back to a text report in JUnit).
-
lockdown should pass:
mvn clean install -Dlockdown
-
update any
<dependency>in the pom -
running lockdown again should fail:
mvn clean install -Dlockdown
-
Review the changes, use the diff tool to inspect the differences and update the approvals file:
-
run lockdown once more, should pass:
mvn clean install -Dlockdown
