We have several projects where we use the OWASP dependency-check-maven plugin. The plugin is defined in the build/plugins section; either with goal "check" or "aggregate". Latter in the parent pom for multi module projects.
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>7.2.1</version>
<configuration>
<formats>HTML,JSON</formats>
<cveValidForHours>168</cveValidForHours>
<ossindexAnalyzerEnabled>false</ossindexAnalyzerEnabled>
</configuration>
<executions>
<execution>
<goals>
<goal>aggregate</goal>
</goals>
</execution>
</executions>
</plugin>
In all we first ran in the problem that we couldn't access OSSIndex of Sonatype (we have no account there). We got this error (check is performed by Jenkins):
[ERROR] AnalysisException: OSS Index access forbidden
[ERROR] caused by TransportException: Unexpected response; status: 403
After some research we added <ossindexAnalyzerEnabled>false</ossindexAnalyzerEnabled> to our poms.
This solved the problem for all projects but the two multi module projects. Jenkins still received the above mentioned error.
Locally all runs smoothly.
We start the check with mvn clean org.owasp:dependency-check-maven:aggregate (or with "check" as goal).
Why is the OSS Index still called by our multi module projects although it should not be called according to the configuration?
===
In a first approach we defined the dependency-check-maven plugin for the multi module projects in a separate profile in the section reporting/plugins (same plugin configuration as above).
We started the check with mvn site -Pcheck-dependencies -P!default.
More strangely than now, the check of one multi module project didn't try to connect to OSS Index but the check of the other multi module project did.
After moving the plugin definition to the build/plugins section we got rid of this problem. But now both still tries to connect to OSSIndex.
Related
I'm calling mvn site site:stage goal on multi-module project. One of the modules fails because in the chain of dependencies, which I can't influence, is reference to the http:// plugin repository.
This module is already excluded from site generation:
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-site-plugin</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
The problem is, that the site plugin on the aggregator wants to include that project nevertheless and fails on maven-project-info-reports-plugin:3.4.1:dependency-convergence report. I don't need this module in site because it's no-java-source module (it calls plugin that verifies deployment to the application server).
How to configure reporting in the aggregator to exclude one module from generating aggregated report?
I am trying to deploy an Eclipse product to Nexus repository. I am somewhat successful, but still get some errors that I am not sure how to handle.
I am using maven-deploy-plugin in the feature (F) that builds product:
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<version>2.6</version>
<executions>
<execution>
<phase>deploy</phase>
<goals>
<goal>deploy-file</goal>
</goals>
<configuration>
<repositoryId>snapshots</repositoryId>
<packaging>zip</packaging>
<generatePom>true</generatePom>
<url>http://repo:8081/nexus/content/repositories/snapshots</url>
<groupId>my.group</groupId>
<artifactId>my.artifact</artifactId>
<version>1.0.0-SNAPSHOT</version>
<file>
target/products/product.zip
</file>
</configuration>
</execution>
</executions>
</plugin>
I execute 'mvn clean install' to build the product and then 'mvn deploy' on F. If I do that then I get error
Exception while publishing product /home/akravets/dev/workspaces/trunk/my.repository.feature/myProduct.product: publishing result: [Included element my.product.feature.feature.group 8.0.1.R20180301-1431 is missing. Cannot determine filter for requirement to this element.] -> [Help 1]
I've read discussions about this issue, but nothing seems relevant to my issue because I don't have any defined deploy phases besides the one in maven-deploy-plugin.
If I change phase of maven-deploy-plugin to 'install' I get almost satisfactory results. The zip file and generated pom get deployed to repository, but the build fails with error
product.qualifier-p2artifacts.xml. Return code is: 400, ReasonPhrase: Bad Request.
Why does this file even gets considered to be deployed to repository when it's not in file element of maven-deploy-plugin and it's not in the directory structure where zip file is: target/ vs target/product/product.zip? Is this because maven-deploy-plugin is executed during the install phase and it picks up all generated resources as candidates for deployment?
I simply recommend you to use Maven-Tycho to deploy Eclipse RCP product.Tycho determines the dependencies of a plug-in via the MANIFEST.MF file of the plug-in and fetches the required plugins-bundles through the online repositories.
You can check this git repository as an example; rcp - tycho
Using WSO2 Developer Studio (version 3.7.0), I have created a WSO2 ESB proxy service with a sequence in a "ESB Config Project", this proxy service using a wsdl file located in a "Registry Resources Project". I also created a "Composite Application Project" to generate my .car file (including proxy service, sequence and resources), and deployed this file in my WSO2 ESB installation with success.
Now I am trying to generate (then deploy) the .car file using maven command.
I first tried this solution : https://docs.wso2.com/display/DVS370/Deploying+a+CAR+File+with+the+Maven+Plug-In.
When executing command "mvn clean install" on my ESB Config Project, I get this error :
[ERROR] The goal you specified requires a project to execute but there is no POM in this directory ([ESB Config Project Path]\target\capp).
Please verify you invoked Maven from the correct directory. -> [Help 1]
Indeed, the install goal is configured to be executed in "target/capp" directory :
<directory>target/capp</directory>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<version>1.2</version>
<extensions>true</extensions>
<executions>
<execution>
<id>install</id>
<phase>install</phase>
<goals>
<goal>exec</goal>
</goals>
<configuration>
<executable>mvn</executable>
<workingDirectory>${project.build.directory}</workingDirectory>
<arguments>
<argument>clean</argument>
<argument>install</argument>
<argument>-Dmaven.test.skip=${maven.test.skip}</argument>
</arguments>
</configuration>
</execution>
...
Then I tried to create a "Maven Multi Module Project", as suggested here : maven build for WSo2 artifacts, but I did not found any solution to make it work :
following the steps from this documentation (https://docs.wso2.com/display/DVS310/Using+Maven+with+Developer+Studio?src=search), I created a "Maven Multi Module Project", and selected my Config, Resources and Composite projects as children. Then I launched the "mvn clean install" command, but still getting the error on ESB Config Project (no POM in target/capp folder).
Actually, I just did not found any information about these errors, and do not understand why the WSO2 documented solution did not work for me.
Does anyone have a suggestion about that ? How does WSO2 Developer Studio generate the .car file ?
Thanks
I found another answer for this problem. The exec-maven-plugin version seems to be buggy. The WSO2 Developer Studio 3.7.0 add a buggy version (1.2) when creating the project. You just have to change the artifact from:
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<version>1.2</version>
to:
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<version>1.4.0</version>
See this as a complementary information:
exec-maven-plugin says cannot run specified program, even though it is on the PATH
I finally succeded in generating a .car file and creating a maven multi module project.
I was trying to create all my maven projects with WSO2 Developer Studio 3.7.0, although the sample said to use version 3.2.0. As the WSO2's maven plugins versions change, it now works fine for me, executing maven install with plugin v2.0.4.
And a maven multi module project is finally just a maven project with modules, so it is OK.
The instructions here seem very clear:
http://maven.apache.org/guides/plugin/guide-java-plugin-development.html
However, the first problem I run into is that the dependencies are wrong. I also needed to reference the maven-plugin-annotations dependency.
Then, when I attempt to run I get the "No plugin descriptor found at META-INF/maven/plugin.xml" error. I haven't figured out what to do about that.
I've found lots of pages referencing the maven-plugin-plugin, but I can't figure out how to add it to the pom so that it actually does anything which allows my own plugin to run.
Is there an updated version of the plugin development instructions which actually mentions the need to use maven-plugin-plugin?
If I can't get this to work I'm just going to go back to using exec-maven-plugin. It's uglier, but at least it works easily.
There are actually several terrific resources from Sonatype for learning how to write plugins:
Maven the Complete Reference: Writing Plugins
Maven Cookbook: Creating an Ant Maven Plugin
Maven Cookbook: Writing Plugins in Groovy
If I recall correctly, you need to configure the maven-plugin-plugin this way to avoid the "No plugin descriptor found..." issue.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-plugin-plugin</artifactId>
<version>3.2</version>
<configuration>
<!-- see http://jira.codehaus.org/browse/MNG-5346 -->
<skipErrorNoDescriptorsFound>true</skipErrorNoDescriptorsFound>
</configuration>
<executions>
<execution>
<id>mojo-descriptor</id>
<goals>
<goal>descriptor</goal>
</goals>
</execution>
</executions>
</plugin>
I forked a simple GitHub project called maven-wrapper (port of the Gradle wrapper) to make it a Maven plugin.
"It should be easy" for you to figure out pieces that you may eventually be missing:
Maven wrapper plugin(Mojo)
Maven Wrapper full POM
I created a GWT project with
mvn archetype:generate -DarchetypeGroupId=org.codehaus.mojo -DarchetypeArtifactId=gwt-maven-plugin -DarchetypeVersion=2.5.0
Imported the project in eclipse juno.
First error I get is this :
Plugin execution not covered by lifecycle configuration: org.codehaus.mojo:gwt-maven-
plugin:2.5.0:i18n (execution: default, phase: generate-sources)
In the pom file.
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>gwt-maven-plugin</artifactId>
<version>2.5.0</version>
<executions>
<execution>
<goals>
<goal>compile</goal>
<goal>test</goal>
<goal>i18n</goal>
<goal>generateAsync</goal>
</goals>
</execution>
</executions>
<!-- Plugin configuration. There are many available options, see
gwt-maven-plugin documentation at codehaus.org -->
<configuration>
<runTarget>dashboard.html</runTarget>
<hostedWebapp>${webappDirectory}</hostedWebapp>
<i18nMessagesBundle>com.farheap.jsi.dashboard.client.Messages</i18nMessagesBundle>
</configuration>
Also the code contains a GreetingServiceAsync that can not be found.
private final GreetingServiceAsync greetingService = GWT.create(GreetingService.class);
You have two options:
You can add special (non-trivial) org.eclipse.m2e:lifecycle-mapping plugin
configuration to your POM. See here: Why am I receiving a "Plugin execution not covered by lifecycle configuration with GWT" error?
Or mark this issue as to be ignored in Eclipse POM editor, and then call mvn gwt:i18n. You can create a handy short cut launcher for it. Eclipse remembers your decisions what to ignore, it stores it into .settings directory permanently for the project.
In course of typical development localization messages do not change often so the second option is usually more convenient and speeds up build.
This applies for most GWT plugin goals! Even GWT compilation is rarely necessary as DevMode works directly with Java code and not generated JavaScrips. So in practice, you have to call all the goals at least once on the beginning and then live weeks without them; basic Eclipse JDT compilation is sufficient.
If you later decide not to use GWT localization framework in your real app then you can remove goal i18n completely from POM. Calling goal i18n generates file {project}/target/generated-sources/gwt/my/code/client/Messages.java which is required by (vanilla) Sample.java.
Also the code contains a GreetingServiceAsync that can not be found.
Run the build mvn install from command line or Eclipse Run as -> Maven install menu.
In case of command line mvn gwt:generateAsync should be enough. This goal generates {project}\target\generated-sources\gwt\my\code\client\GreetingServiceAsync.java and that is what you missing. Eclipse did not do it for you automatically because it was blocked by previous issue of i18n not being covered by lifecycle configuration. So yes, issues you mention are correlated.