Fix excludes when creating src dist zip

The biggest part was the "vendor/**" stuff from ruby.
This is created during the build and should not be
part of the source distribution.

Also added a test to assert that some sensitive data
from .travis/ doesn't accidentally leak.

pmd-dist/src/main/resources/assemblies/pmd-src.xml

@@ -11,22 +11,36 @@
 
     <fileSets>
         <fileSet>
-            <useDefaultExcludes>true</useDefaultExcludes>
+            <useDefaultExcludes>false</useDefaultExcludes>
             <directory>${project.basedir}/..</directory>
             <outputDirectory>/</outputDirectory>
             <excludes>
+                <exclude>.git/**</exclude>
                 <exclude>**/target/**</exclude>
                 <exclude>**/bin/**</exclude>
-                <exclude>**/.settings</exclude>
+
+                <exclude>**/.settings/**</exclude>
                 <exclude>**/.project</exclude>
                 <exclude>**/.classpath</exclude>
                 <exclude>**/.checkstyle</exclude>
                 <exclude>**/.pmd</exclude>
+                <exclude>**/.pmdruleset.xml</exclude>
                 <exclude>**/.ruleset</exclude>
-                <exclude>**/.git</exclude>
-                <exclude>**/.travis/secrets.tar</exclude>
-                <exclude>**/.travis/id_rsa</exclude>
-                <exclude>**/.travis/*.gpg</exclude>
+                <exclude>**/.idea/**</exclude>
+                <exclude>**/*.iml</exclude>
+
+                <exclude>.travis/secrets.tar</exclude>
+                <exclude>.travis/id_rsa</exclude>
+                <exclude>.travis/*.gpg</exclude>
+
+                <exclude>.bundle/**</exclude>
+                <exclude>vendor/**</exclude>
+                <exclude>Gemfile.lock</exclude>
+                <exclude>docs/.bundle/**</exclude>
+                <exclude>docs/vendor/**</exclude>
+                <exclude>docs/_site/**</exclude>
+
+                <exclude>pmd-core/dependency-reduced-pom.xml</exclude>
             </excludes>
             <directoryMode>0755</directoryMode>
             <fileMode>0644</fileMode>

pmd-dist/src/test/java/net/sourceforge/pmd/it/SourceDistributionIT.java

@@ -7,18 +7,39 @@ package net.sourceforge.pmd.it;
 import static org.junit.Assert.assertTrue;
 
 import java.io.File;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+import java.util.regex.Pattern;
 
+import org.junit.Assert;
 import org.junit.Test;
 
 import net.sourceforge.pmd.PMDVersion;
 
 public class SourceDistributionIT {
+    private static final String BASE_PATH = "pmd-src-" + PMDVersion.VERSION;
+    private static final Pattern GPG_PATTERN = Pattern.compile(Pattern.quote(BASE_PATH + "/.travis/") + ".+\\.[gG][pP][gG]");
+
     private File getSourceDistribution() {
-        return new File(".", "target/pmd-src-" + PMDVersion.VERSION + ".zip");
+        return new File(".", "target/" + BASE_PATH + ".zip");
     }
 
     @Test
     public void testFileExistence() {
         assertTrue(getSourceDistribution().exists());
     }
+
+    @Test
+    public void verifyExclusions() throws Exception {
+        Set<String> exclusions = new HashSet<>();
+        exclusions.add(BASE_PATH + "/.travis/secrets.tar");
+        exclusions.add(BASE_PATH + "/.travis/id_rsa");
+        List<String> files = ZipFileExtractor.readZipFile(getSourceDistribution().toPath());
+
+        for (String file : files) {
+            Assert.assertFalse("File " + file + " must not be included", exclusions.contains(file)
+                    || GPG_PATTERN.matcher(file).matches());
+        }
+    }
 }

pmd-dist/src/test/java/net/sourceforge/pmd/it/ZipFileExtractor.java

@@ -11,7 +11,9 @@ import java.io.FileOutputStream;
 import java.io.InputStream;
 import java.io.OutputStream;
 import java.nio.file.Path;
+import java.util.ArrayList;
 import java.util.Enumeration;
+import java.util.List;
 
 import org.apache.commons.compress.archivers.zip.ZipArchiveEntry;
 import org.apache.commons.compress.archivers.zip.ZipFile;
@@ -59,4 +61,25 @@ public class ZipFileExtractor {
             zip.close();
         }
     }
+
+    /**
+     * Compiles a list of all the files/directories contained in the given zip file.
+     * @param zipPath the zip file to look into
+     * @return list of all entries
+     * @throws Exception if any error happens during read of the zip file
+     */
+    public static List<String> readZipFile(Path zipPath) throws Exception {
+        List<String> result = new ArrayList<>();
+        ZipFile zip = new ZipFile(zipPath.toFile());
+        try {
+            Enumeration<ZipArchiveEntry> entries = zip.getEntries();
+            while (entries.hasMoreElements()) {
+                ZipArchiveEntry entry = entries.nextElement();
+                result.add(entry.getName());
+            }
+        } finally {
+            zip.close();
+        }
+        return result;
+    }
 }