running maven sonar:sonar on multiple branches of the same source project - maven

We currently have multiple feature releases in perforce. Each of these branches has POM files that contain a version tag and name tag that is tied to that branch.
When we run sonar:sonar each branch scan overwrites another branch scan and you only see one at a time in the sonar gui.
Can a sonar project be tied to maven GroupId>ArtifactId>Version or even instead of just being Tied to the GroupId.
FYI, GroupId and ArtifactId do not change when we branch the POM.

I found your question while searching for a similar topic, and I noticed you had not received an answer. If you pass the -Dsonar.branch, each branch will be treated as a different project. As documented here:
http://sonarqube.15.x6.nabble.com/Sonar-Analysis-for-Feature-Branches-td5004642.html#a5004647
Hope this helps.

Related

Maven: commit the change made to pom.xml, during CI/CD build phase, to remote

I am using maven-versions-plugin in my pom and utilizing its "update-parent" goal and "commit" goal.
What it does during the regular build (auto-build or auto-scan which happens every week) is to lookout for any latest version available in the artifactory for the parent pom it refers to, but it does not commit the changes to the remote.
In the build logs, I can see that it tries to lookup the latest version updates it and even shows accepting changes to pom.xml
Wanted to seek help from community to understand what next steps (plugins, extensions) I should use in order to persist this update to the parent pom version in the pom file, to the remote repository as well?

How to ensure that maven doesn't accidentally deploy to release repoisitory?

So I'm working for a customer that uses mvn deploy statements in his build scripts and I'm trying to figure out a way to prevent maven to accidentally overwrite artifacts in the release repo of Artifactory, for instance if a developer forgets to mark his POM version with -SNAPSHOT on his feature branch.
I'm no maven expert, but I've seen some suggestions, like using certain maven plugins, but these plugins' usage must be configured in the POM and then I'm back where I started, what if this is forgotten on a feature branch? There must be an established method to ensure that no artifacts from feature branches are deployed into the release repo and that no artifacts from release branches are deployed into the snapshot repo by accident.
One way I can think of and that also has been suggested is, to simply disallow redeployment on the release repo in Artifactory, but what if I have a validation build that fires after a PR is created and then another CI build fires and tries to redeploy?
Is there another good way to achieve this?
One solution is to ensure specific users/groups do not have the Delete permission.
See more here: https://www.jfrog.com/confluence/display/JFROG/Permissions#Permissions-RepositoryPermissions.
NOTE: I haven't used Artifactory in a while, but this makes sense according to the docs.

How to change POM version in CI build?

I'm probably approaching the problem all wrong, but here goes...
We want to implement a development -> releases/x.y.z -> master workflow using Gitlab and Nexus. The artifacts should be labelled x.y.z-SNAPSHOT, x.y.z-rc and x.y.z respectively.
In the ci-build.yml, I have tried to modify the POM depending on the current branch so as to create the correctly labelled artifacts. The problem is obviously that the change will be one commit ahead of the current build commit and the POM used in the build has the original version.
e.g.
a release branch is created from development
the POM has 2.3.4-SNAPSHOT and, during the ci-build, is modified to 2.3.4-rc and is committed and pushed to git
the subsequent build and deploy actions are executed but this deploys a 2.3.4-SNAPSHOT package to Nexus and not 2.3.4-rc as wanted
My question here is the following:
Can I modify the POM and use the updated POM in all following stages of the ci-build?
(I don't feel that this is the correct procedure, but it is what my team-leader has requested so I'm trying to implement it...)
My solution was to avoid commits altogether and use the strategy described in https://maven.apache.org/maven-ci-friendly.html.
This defines a new property, revision, which can be set using a maven parameter, -Drevision=x.y.z-SUFFIX. The POM version is set from this variable.
The build-ci reads project/properties/revision to extract the POM version and alters the version as appropriate depending on the current branch.
Using this approach I can achieve the required results without adding any extra commits as Maven can execute its goals using the version provided externally.

Distinguishing maven releases/snapshots from trunk than the ones from branches when getting latest dependencies

I am working on project to automate maven releases for large set of inter-dependent modules. First the task involves getting the latest versions for internal dependencies. Than order the builds in a way every project is built before it’s needed. Hopefully that combination will get me to my goal of one click bulk release.
However my biggest problem is:
We branch projects from time to time and we do releases/snapshots to Nexus repo manager from that branch. Obviously because the groupId and ArtifactId are the same as the trunk- Snapshots/Releases from trunk and one from branches end up in the same place in nexus.
In a scenario where we have projectA with a trunk version 1.1.x
And projectB → projectA version 1.1.x
So if I use the version-plugin to get the latest dependencies for B, I will get the latest. (perfect)
However if I later branch ProjectA with a version 1.2.0 and add changes that I don’t want projectB to pick up or could potentially break it.
Now next time I run projectB and I use the version plugin to get the latest , The plugin will get the branch version (1.2.0) for ProjectA, as it’s numerically the latest. And there you go, projectB build fails.
I have so far tried adding a classifier to the artifact to distinguish between the two but I later realised the plugin does not act upon the classifier.
This give me so much frustration and will appreciate any hints or advice
Simple use proper/diffrent artifact names for branches. You can automatically create proper artifact names Maven Release plugin
mvn --batch-mode release:branch -DbranchName=my-branch-1.2 -Dproject.rel.org.myCompany:projectA=1.2 -Dproject.dev.org.myCompany:projectA=2.0-SNAPSHOT
The typical approach to solve this problem is to use branch names as version classifiers and that approach works for all scenarios I have seen so far. What problem did you have with this?

Maven release setup with svn tags per module

Goal
Multimodule maven release with tags per module
Situation
Assume the following project structure for a Maven-based Java project:
xx-parent
xx-moduleA
xx-moduleB
xx-moduleC/submodule1
xx-moduleC/submodule2
xx-moduleC/submodule3
The project structure in Subversion is as follows:
xx-parent/trunk
xx-moduleA/trunk
xx-moduleB/trunk
xx-moduleC/trunk/submodule1
xx-moduleC/trunk/submodule2
xx-moduleC/trunk/submodule3
My goal is to create tags per module when performing a release:
xx-parent/tags/xx-parent-1.0
xx-moduleA/tags/xx-moduleA-1.0
xx-moduleB/tags/xx-moduleB-1.0
xx-moduleC/tags/xx-moduleC-1.0
In the past, each module was built and released separately. As the project grew larger (30 modules), the time to build a release increased. I would like to change the project to a multi-module set up to perform a reactor build and release. Building doesn't seem to be a problem, but creating tags per module is.
The maven-release-plugin seems to insist on making only a single tag for the whole project/release. I'm looking for a way to create multiple tags, e.g. a tag per module.
What I have tried so far
Creating a xx-all Subversion alias, which checks out all sub-modules, so I can reference them with <module>../xx-moduleB</module>
Enabling commitByProject, which did commit per module, but not tag per module. See
Each module has its own <scm> elements in the pom.xml, but they are not used when performing a reactor release.
mvn --batch-mode -DcommitPerProject=true -DautoVersionSubmodules=true -Drelease.version=1.0.6 release:prepare release:perform
Problems
maven-release-plugin does not create a svn tag per module
maven-release-plugin overwrites the <scm> tag with invalid URLs, e.g. nested "trunk"-tags under the xx-parent tag
Question
How can I set up this project with a Maven release process, a multi-module layout and still get separate tags per module?
References
http://jira.codehaus.org/browse/MRELEASE-261 (Closed) and MRELEASE-561 (Open)
According to Arnaud Héritier (an Apache Maven PMC member),
Maven can't handle composite applications like module-A v0.1, module-B v0.3.
Maven consider a project and all his sub-modules as a unique set.
see: http://blog.aheritier.net/maven-release-plugin-2-0/ (9 June 2010)
Maybe the situation changed since with Maven 3 ?

Resources