New package manager: pde-target

# New package manager questionnaire

**Did you read our documentation on adding a package manager?**

- [x] I've read the [adding a package manager](adding-a-package-manager.md) documentation.

## Basics

### Name of package manager
pde-target

### What language does this support?
Java/OSGi

### How popular is this package manager?
Target files are the main source of dependencies (like a bom in maven) when developing Eclipse IDE (and Plugins) and its underlying RCP Platform: https://eclipseide.org/ but the content managed there is simply the same as one can manage in a maven `pom.xml`, so usually the users want to interact with the maven eco-system here.

### Does this language have other (competing?) package managers?

- [ ] Yes (give names)
- [x] No

---

## Package File Detection

### What type of package files and names does it use?
it uses one or more xml-files ending with `.target` extension


### What [fileMatch](../usage/configuration-options.md/#filematch) pattern(s) should be used?

`*.target`

### Is it likely that many users would need to extend this pattern for custom file names?

- [ ] Yes
- [x] No

### Is the fileMatch pattern likely to get many "false hits" for files that have nothing to do with package management?

I'm not aware of other file formats using that extension that are widely present.

## Parsing and Extraction

### Can package files have "local" links to each other that need to be resolved?

No

### Is there a reason why package files need to be parsed together (in serial) instead of independently?

No

### What format/syntax is the package file in?

- [ ] JSON
- [ ] TOML
- [ ] YAML
- [x] Custom (explain below)

target files using XML syntax similar to maven `pom.xml`

### How do you suggest parsing the file?

- [ ] Off the shelf parser
- [ ] Using regex
- [ ] Custom-parsed line by line
- [x] Other

XMLParser with XPath Expressions

### Does the package file structure distinguish between different "types" of dependencies? e.g. production dependencies, development dependencies, etc?

- [ ] Yes, production and development dependencies
- [x] No, all dependencies are treated the same

### List all the sources/syntaxes of dependencies that can be extracted

The only source is the target file that uses XML syntax, the root element is `<target>` that contains among others an element `<locations>` that has 0..n elements named `<location>`, each location has a `type` attribute, where only the type `Maven` is relevant here. Below the location element it uses the usual syntax for defining maven dependencies, a complex example can be found here:
https://github.com/eclipse-platform/eclipse.platform.releng.aggregator/blob/771fb288a06bbb7a07f1e745300aad43c6ed1ca7/eclipse.platform.releng.prereqs.sdk/eclipse-sdk-prereqs.target#L143-L148

### Describe which types of dependencies above are supported and which will be implemented in future

Only maven dependencies must be supported for now, therefore a XPath could be used to select the dependencies to update is:

`dependencies > dependency`

## Versioning

### What versioning scheme does the package file(s) use?

### Does this versioning scheme support range constraints, e.g. `^1.0.0` or `1.x`?

- [ ] Supports range constraints (e.g `^1.0.0` or `1.x`)
- [x] No

---

## Lookup

### Is a new datasource required? Provide details

- [ ] Yes, provide details.
- [x] No.

It could use the same datasource as already used for maven `pom.xml`

### Will users need the capability to specify a custom host/registry to look up? Can it be found within the package files, or within other files inside the repository, or would it require Renovate configuration?

Users can specify additional repositories in the target file, beside that this uses the default maven central repository.

### Do the package files have any "constraints" on the parent language (e.g. supports only v3.x of Python) or platform (Linux, Windows, etc.) that should be used in the lookup procedure?

No, same as maven

### Will users need the ability to configure language or other constraints using Renovate config?

No
---

## Artifacts

### Are lock files or checksum files used? Are they mandatory?

No

### If so, what tool and exact commands should be used if updating one or more package versions in a dependency file?

### If applicable, describe how the tool maintains a cache and if it can be controlled via CLI or environment variables? Do you recommend the cache be kept or disabled/ignored?

No cache is used beside the usual maven local repository rules but they are not persisted.

### If applicable, what command should be used to generate a lock file from scratch if you already have a package file? This will be used for "lock file maintenance"

## Other

### Is there anything else to know about this package manager?

It is not a completely new package manager but can reuse almost all existing code from updating `pom.xml` files

_Originally posted by @laeubi in https://github.com/renovatebot/renovate/discussions/22591#discussioncomment-6097706_

New package manager: pde-target #37539

Description

New package manager questionnaire

Basics

Name of package manager

What language does this support?

How popular is this package manager?

Does this language have other (competing?) package managers?

Package File Detection

What type of package files and names does it use?

What fileMatch pattern(s) should be used?

Is it likely that many users would need to extend this pattern for custom file names?

Is the fileMatch pattern likely to get many "false hits" for files that have nothing to do with package management?

Parsing and Extraction

Can package files have "local" links to each other that need to be resolved?

Is there a reason why package files need to be parsed together (in serial) instead of independently?

What format/syntax is the package file in?

How do you suggest parsing the file?

Does the package file structure distinguish between different "types" of dependencies? e.g. production dependencies, development dependencies, etc?

List all the sources/syntaxes of dependencies that can be extracted

Describe which types of dependencies above are supported and which will be implemented in future

Versioning

What versioning scheme does the package file(s) use?

Does this versioning scheme support range constraints, e.g. ^1.0.0 or 1.x?

Lookup

Is a new datasource required? Provide details

Will users need the capability to specify a custom host/registry to look up? Can it be found within the package files, or within other files inside the repository, or would it require Renovate configuration?

Do the package files have any "constraints" on the parent language (e.g. supports only v3.x of Python) or platform (Linux, Windows, etc.) that should be used in the lookup procedure?

Will users need the ability to configure language or other constraints using Renovate config?

No

Artifacts

Are lock files or checksum files used? Are they mandatory?

If so, what tool and exact commands should be used if updating one or more package versions in a dependency file?

If applicable, describe how the tool maintains a cache and if it can be controlled via CLI or environment variables? Do you recommend the cache be kept or disabled/ignored?

If applicable, what command should be used to generate a lock file from scratch if you already have a package file? This will be used for "lock file maintenance"

Other

Is there anything else to know about this package manager?

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

Does this versioning scheme support range constraints, e.g. `^1.0.0` or `1.x`?