Exclude dev-tooling dotfiles from RAT check#569
Conversation
Add .sdkmanrc, .tool-versions, .envrc and .mise.toml to the apache-rat-plugin <excludes>. These are local developer-machine files from version managers (SDKMAN!, asdf, mise) and direnv, not project source; a local `mvn verify` otherwise fails rat-check with "unapproved license" on them. This mirrors the existing .java-version exclude already in the same list; combine.children="append" keeps RAT's built-in defaults.
There was a problem hiding this comment.
Pull request overview
Note
Copilot couldn't run its full agentic review because no GitHub Actions runner was available. Make sure your repository has a runner available to run Copilot's review, or add a copilot-setup-steps.yml file specifying one with the runs-on attribute. See the docs for more details.
Updates the parent POM’s Apache RAT configuration to avoid local developer dotfiles (created by common version managers/direnv) causing rat:check failures during local builds.
Changes:
- Added Apache RAT
<exclude>entries for.sdkmanrc,.tool-versions,.envrc, and.mise.toml. - Documented these excludes inline as developer-local tooling files.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| <!-- Developer tooling: version managers / direnv (local, not project source) --> | ||
| <exclude>.sdkmanrc</exclude> | ||
| <exclude>.tool-versions</exclude> | ||
| <exclude>.envrc</exclude> | ||
| <exclude>.mise.toml</exclude> |
There was a problem hiding this comment.
Thanks for the catch. The surrounding excludes in this file (lines 1280-1284: .maven/spy.log, dependency-reduced-pom.xml, .asf.yaml) all use bare filenames, and apache-rat-plugin runs per-module with the inherited <excludes> applied against each module's basedir — so a .sdkmanrc in a submodule would still be matched by the bare pattern at that submodule's rat-check execution.
To stay consistent with the surrounding excludes, leaving as bare. Happy to switch all of them (existing + new) to **/... in a follow-up if maintainers prefer the more defensive form everywhere.
There was a problem hiding this comment.
can be simple file name as is
| <artifactId>apache-rat-plugin</artifactId> | ||
| <configuration> | ||
| <excludes combine.children="append"> | ||
| <exclude>.java-version</exclude> |
There was a problem hiding this comment.
We can put all tools together, line by line
What & why
Dropping common developer-machine dotfiles into a checkout makes a local
mvn verifyfail atapache-rat-plugin:checkwith "Too many files withunapproved license". These are not project source — they are local
conveniences from version managers and direnv:
.sdkmanrc(SDKMAN!).tool-versions(asdf).envrc(direnv).mise.toml(mise)This adds them to the existing
apache-rat-plugin<excludes>list, rightnext to
.java-version, which is already excluded for exactly the samereason.
combine.children="append"keeps RAT's built-in defaults intact.Why excludes (and not SPDX headers)
An alternative would be to add an
SPDX-License-Identifier/ ASF header to eachfile. That doesn't fit here: these are third-party tool configuration formats,
not files we author, and carrying a per-file licence comment in every repo for
two lines of payload is exactly the boilerplate this change avoids. Excluding
them centrally in
maven-parentmirrors how.gitignore/.editorconfig(RAT built-in defaults) and
.java-versionare already handled.Verification
apache-rat-plugin
0.16.1(the version pinned byorg.apache:apache:38) on aminimal project containing the four dotfiles:
BUILD FAILURE, 4 unapproved files;BUILD SUCCESS.Also verified end-to-end against a real
apache/mavencheckout using a locallybuilt
maven-parentcarrying this change:rat:checkno longer flags thedotfiles. CI is unaffected (clean checkouts don't carry these files); this
purely lowers local-developer friction.
mvn verifyto make sure basic checks pass.