Note: I am not asking how to use Google Code's SVN repo as a Maven repo :-)
I'm looking for the simplest / most reliable way to automate uploading the built artifacts of a Maven project to a Google Code 'Downloads' tab.
I've found 4 different Google Code Maven plugins that claim to do this, but would appreciate any advice on evaluating them as fit-for-purpose, because they all seem to be in various states of inactivity.
maven-googlecode-plugin (Last commit: Sept 2009. Latest version: 0.0.1-SNAPSHOT)
gcupload-maven-plugin (Last commit: Jan 2009. Latest version: 0.9)
maven-gcu-plugin (Last commit: Oct 2010. Latest version: 1.1)
maven-googlecode (Last commit: Feb 2008. Latest version: 2.0, but labelled 'test')
In addition to these 'level of activity' clues, some of them offer their releases on the 'Downloads' tabs, which might be a good sign from an 'eat your own dogfood' viewpoint; but as these are supposed to be Maven plugins, having them available in Maven Central might inspire more confidence.
Anyone care to comment (perhaps even the owners / committers of these projects) ?
Thanks!
Update:
I have test-driven each one of these in turn and could not get any of them to work as advertised.
Two of them are still configured to upload to a Google Code URL ending in /files, whilst another claimed to work and reported success, but the artifacts did not appear in the 'Downloads' tab. With the last one there appeared to be no released code which could be referenced as a Maven plugin.
I have since emailed each of the project committers to see what can be done.
If you are not averse to looking beyond maven plugins, google code has a SciptedUploads documentation, which seems to provide a python script and an ant task for doing this.
You may want to start reading the comments bottoms-up to see challenges using them, if any.
I got to this page by clicking on the link to "Create a New Download" for my google code project and clicking on the "Tip".
I always wondered why google didn't offer a Maven repository for each project by default.
Digging further, I discovered the following deprecated project:
http://code.google.com/p/google-maven-repository/
It appears the recommendation is to publish releases to Maven Central. This makes a lot of sense, as it certainly simplifies the discovery and integration of your project with other open source.
This movement towards Maven Central is a welcome and increasing trend in Java projects. Large projects like Oracle, Spring and JBoss are now publishing their releases there.
Related
I have Magnolia 5.4.9 release and I want to upgrade it to 5.4.18 from maven pom file. The problem is that in nexus repository there are pom files til the release 5.4.10. If I try to reach 5.4.11 or later, then I get this error:
Is there any solution to upgrade 5.4.11 and later?
'Maintenance releases for previous major versions of Magnolia are available to Magnolia On-Premises customers only (i.e. customers that have an active subscription to Magnolia On-Premises).' https://www.magnolia-cms.com/support/maintenance-policy.html, Unfortunate enough that's the policy.
In this case I see two alternatives:
Sending an email to info#magnolia-cms.com
or you want to upgrade to later release anyway, just giving it a shot in test env. or similar.
Should you an enterprise user: please login to Magnolia Nexus and get the version you wish. If your maven settings are accurate, you should have no problem fetching those dependencies as well. https://wiki.magnolia-cms.com/display/DEV/Maven+setup
Cheers,
I want to check if my project dependencies have any updates.
I've used
versions:dependency-updates-report
But I have some performance problems with it which I was unable to solve. Now I'm trying to use
org.owasp.dependency-check-maven:check
But I could not reproduce their example:
I'm getting similar look but I can't get 4 last columns (Next Version, Next Incremental, Next Minor, Next Major) which is most important for me.
How to reproduce this example?
(full disclosure - I am the founder of meterian)
You may want to consider a commercial product like sourceclear, snyk or meterian.
The meterian client is very easy to use, you can quickly check any maven or gradle project with no changes to the code: get the client, cd into the project folder, run it, see the results.
It's free for open source projects, badges are available for GitHub, and at the moment commercial use is not charged.
Hope this helps.
You will not reproduce the given report with org.owasp.dependency-check-maven because the shown report is created with versions-maven-plugin.
This are two different plugins.
org.owasp.dependency-check-maven is to find vulnerabilities according to the NVD in dependencies whereas versions-maven-plugin is for checking for newer versions, independent of vulnerabilities.
I've haven't looked at SonarQube for some time. The latest version looks quite interesting.
The last time I checked out this product, they had a site where they had pushed various popular open source libraries (like Tomcat, ActiveMQ etc) through the SonarQube process. It was a great way of seeing how the product works.
Is this facility still available for the latest versions?
Have a look at http://sonarcloud.io (and click on "browse").
It is not a demo site - it is a globally available SonarQube server, managed by SonarSource (the company behind SonarQube). Many huge open source projects are managed there for free, but you can also host your own, private projects for closed source.
It gets updated every couple of weeks and for public releases.
Besides that, there is http://next.sonarqube.com , the publicly visible SonarQube server for SonarQube itself and related projects (yes: SonarQube for SonarQube).
This instance gets updated every couple of days. If you want to have a look at what features SonarQube's next version will look like: have a look there.
I've just installed the latest SonarQube 5.0.1 locally to try it out. The project I'm working with at the moment is hosted in Bazaar (bzr) source control. I looked at the SonarQube list of SCM plugins here:
http://docs.sonarqube.org/display/SONAR/Plugin+Library
Bazaar is not listed. Are there any workarounds or independent projects that I could use to get the scm history information from Bazaar into SonarQube? At this point I am just trying to get a sense of the value of the information to our project, rather than worry about a scalable production-ready solution.
There is currently (2015-04-09) no SCM plugin for Bazaar. If you wish to contribute one, feel free to take inspiration from e.g the SonarQube SCM integration plugin for Git.
Maven provides a way to generate a project documentation site. Does Gradle provide a similar plugin?
The only site plugin that I am aware of is this one. I personally I haven't tried it so I can't tell you about its feature set or quality.
I had to move on to something else soon after commenting, then forgot about checking out the plugin Benjamin mentioned. I had a little time this evening so I looked at it. The plugin hasn't been updated in 3 years, so it appears abandoned/dead. I couldn't find a place to download the artifact, so I cloned the Git repo and built it.
I spent a little time trying to get it to work, but gave up. I looked around a little to see what else is out there. A couple of options that look promising are Gradle's TestReport task:
http://www.gradle.org/docs/current/dsl/org.gradle.api.tasks.testing.TestReport.html
and the Gradle Site Plugin:
https://bitbucket.org/davidmc24/gradle-site-plugin
but I only played around with them for an hour and haven't used them in a real project.