First of all, let me start by saying mvn dependency:tree does not work in my scenario.
I'm working on an already existing codebase which is giving a build failure. The issue was that the maven repos (including nexus) does not have a POM for a transitive dependency (org.apache.ws.security:wss4j:pom:1.5.2) in this project.
I want to find where this dependency came from. It's probably a transitive dependency, because it isn't listed in the project's pom nor in parent poms. Invoking mvn dependency:tree does not work because it also fails with the same error I get when I use mvn install (Connection timeout). The error is given below.
So, how can I identify which dependency tries to download this pom? I'd like a general answer to find the dependency tree rather than focusing on wss4j pom stated above.
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building Sample/XKMS 4.5.0-SNAPSHOT
[INFO] ------------------------------------------------------------------------
Downloading: http://ws.zones.apache.org/repository2/org/apache/ws/security/wss4j/1.5.2/wss4j-1.5.2.pom
[WARNING] The POM for bouncycastle:bcprov-jdk13:jar:132 is invalid, transitive dependencies (if any) will not be available, enable debug logging for more details
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 3:10.155s
[INFO] Finished at: Wed Mar 14 10:35:20 IST 2012
[INFO] Final Memory: 7M/490M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal on project wso2appserver-samples-xkms: Could not resolve dependencies
for project org.wso2.appserver:wso2appserver-samples-xkms:jar:4.5.0-SNAPSHOT: Failed to collect dependencies for [org.wso2.xkms:xkms:jar:2.2 (compile)]: Failed to read artifact descriptor for org.apache.ws.security:wss4j:jar:1.5.2:
Could not transfer artifact org.apache.ws.security:wss4j:pom:1.5.2 from/to ws-zones-repository (http://ws.zones.apache.org/repository2): Error transferring file: Connection timed out -> [Help 1]
mvn dependency:tree --debug
outputs the tree before failing in my case.
One way to find this out, is to install the m2eclipse Maven plugin for Eclipse. (If you have and are using Eclipse, that is.) The name is unrelated to the version; it works happily with at least Maven 2.2.1 and 3.
http://www.eclipse.org/m2e/
Then, open your root pom in Eclipse, and click on the Dependency Hierarchy tab. On the right-hand side will be all the dependencies the project will download, and on the left is what dependencies ask for what. If a dependency says (managed from X), it means another dependency wants a different version of this dependency This isn't flawless, however. I still had too look at some of the other poms to find the dependency I was looking for. But it should make life easier, and at least point you in the right direction.
Related
I have an environment and we skipped to download all the dependencies from Maven central. So we need to create a Jenkins job and it has a parameter with detail for which component jar it should download from central, and if we provide that details it should download and it needs to be put in a particular repository in Nexus.
I'm totally new to this environment, can someone provide inputs of any plugins to use or some scripts to be used ? Thanks in advance !
Unfortunately that is not so trivial as it might seem. At first glance there are two plugins which might help:
maven-dependency-plugin - may download artifact from repository
maven-deploy-plugin - may upload artifact to repository
however that won't work due to a "couple" of reasons:
artifacts have dependencies - that is not enough to transfer single artifact and tell developers something like "well, now you may use it" - you need to traverse all transitive dependencies and transfer them as well
artifacts have classifiers - most useful of them are javadoc and sources, and if artifact has those useful classifiers it is a good idea to transfer them as well
artifact descriptor (pom) may refer to another (parent) pom - there is a dedicated cauldron in the hell for developers who do not flatten poms when publishing artifacts, however we can do nothing with that - we need to transfer parent poms as well
dependencies may have snapshot or range versions - there is another dedicated cauldron in the hell for developers who use such dependencies
and the reasonings mentioned above lead us to the idea that we need a specialised software (read: basic shell scripting won't work) which is capable to transfer consistent copy of artifact from one repository to another. And all the time I did believe the guys, who are responsible for such decisions (create own trusted repository and manage it), do have idea how to do that properly, unfortunately it seems that they don't.
I have tried to implement some PoC using maven API which is capable to transfer consistent copies (transitive dependencies, pom and parent poms) of artifacts across repositories, hope that will help.
% mvn tel.panfilov.maven:reposync-maven-plugin:0.1.0:single \
-Dartifact=org.springframework:spring-tx:5.3.22 \
-DsourceRepositories=central::default::https://repo.maven.apache.org/maven2 \
-DtargetRepository=local::::http://localhost:8081/repository/maven-releases \
-Dtransitive=true \
-DdryRun=true \
-DsyncSources=true \
-DsyncJavadoc=true
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------< org.apache.maven:standalone-pom >-------------------
[INFO] Building Maven Stub Project (No POM) 1
[INFO] --------------------------------[ pom ]---------------------------------
[INFO]
[INFO] --- reposync-maven-plugin:0.1.0:single (default-cli) # standalone-pom ---
[INFO] Processing Dependency {groupId=org.springframework, artifactId=spring-tx, version=5.3.22, type=jar}
[INFO] Source repositories: [central (https://repo.maven.apache.org/maven2, default, releases+snapshots)]
[INFO] Target repository: local (http://localhost:8081/repository/maven-releases/, default, releases+snapshots)
[INFO] Discovered 16 artifacts
[INFO] org.springframework:spring-beans:jar:5.3.22
...
[INFO] org.springframework:spring-tx:pom:5.3.22
[INFO] Found 16 missing artifacts
[INFO] org.springframework:spring-beans:jar:5.3.22
...
[INFO] org.springframework:spring-tx:pom:5.3.22
[INFO] Dry run, exiting
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
I have been trying to follow the tutorial here: https://wiki.jenkins-ci.org/display/JENKINS/Plugin+tutorial
I have spent about 7 hours on this now and finally decided to just ask and hope for a response.
I haven't edited the pom file at all from the create command. I am pretty sure I have my settings file correct. When I try to run or package the project though I get this:
[WARNING] The POM for org.apache.maven.surefire:surefire-booter:jar:2.9 is missing, no dependency information available
[WARNING] The POM for org.apache.maven.surefire:maven-surefire-common:jar:2.9 is missing, no dependency information available
[WARNING] The POM for org.apache.maven:maven-toolchain:jar:2.0.9 is missing, no dependency information available
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 8.260s
[INFO] Finished at: Tue Jan 29 16:07:56 EST 2013
[INFO] Final Memory: 41M/387M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-surefire-plugin:2.9:test (default-test) on project helloworld: Execution default-test of goal org.apache.maven.plugins:maven-surefire-plugin:2.9:test failed: Plugin org.apache.maven.plugins:maven-surefire-plugin:2.9 or one of its dependencies could not be resolved: The following artifacts could not be resolved: org.apache.maven.surefire:surefire-booter:jar:2.9, org.apache.maven.surefire:maven-surefire-common:jar:2.9, org.codehaus.plexus:plexus-utils:jar:2.1: Failure to find org.apache.maven.surefire:surefire-booter:jar:2.9 in http://repo.jenkins-ci.org/public/ was cached in the local repository, resolution will not be reattempted until the update interval of repo.jenkins-ci.org has elapsed or updates are forced ->
So I am assuming that it is supposed to be downloading these 3 jar files from the repositories I set up in the settings file... but it isn't. Is there any reason this would happen? Anything I can do to make it download these files? Or is it downloading them I am just not referencing them correctly somewhere? I'm pretty new to this so i could be completely off.
If it helps I have maven 3.0.4 and jdk 1.7.0_02. Everything else I have pretty much copy and pasted from the tutorial I think. Any help would be greatly appreciated!
Something went probably wrong when you attempted to get the artefacts the first time, and now you are stuck because of a nasty maven bug. Maven might have created an empty folder in your local repository (.m2) and now thinks you already have the dependency. So you should check if this is what happened and, if so, deleted the folder.
See my answer here :
Compiler error "archive for required library could not be read" - Spring Tool Suite
And you can also check why there was a problem in the first place. Do you access the following url with your browser ?
http://repo.jenkins-ci.org/public/org/apache/maven/surefire/surefire-booter/2.9/
I'm trying to purge the local repository of a project dependency before launching releasing it in order to make sure every dependency required is on the central repository and is downloaded from it.
In the project folder (containing the pom.xml), I launch the following command:
mvn clean dependency:purge-local-repository -DreResolve=false -Dverbose=true
The project's POM is very simple and just have a declared dependency to junit:junit:3.8.1
The command's output give me:
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building corelib-api 0.1.2-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] --- maven-clean-plugin:2.4.1:clean (default-clean) # corelib-api ---
[INFO] Deleting d:\Users\fpaillard\git-repositories\TEST_CORELIB\corelib-api\target
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building corelib-api 0.1.2-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] --- maven-dependency-plugin:2.1:purge-local-repository (default-cli) # corelib-api ---
[WARNING] Missing POM for junit:junit:jar:3.8.1
[INFO] Skipping: corelib-api. It cannot be resolved.
[INFO] Nothing to do for project: test:corelib-api:jar:0.1.2-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 0.953s
[INFO] Finished at: Mon May 14 11:34:40 CEST 2012
[INFO] Final Memory: 6M/15M
[INFO] ------------------------------------------------------------------------
When I look in the local repository (path checked with mvn help:effetive-settings), junit JARs nor POMs are still in .m2/repository/junit/junit/3.8.1 folder.
Isn't dependency:purge-local-repository supposed to delete it?
I don't understand the WARNING of the output above. Why is junit:junit:jar:3.8.1 POM missing? It is still present at .m2/repository/junit/junit/3.8.1/junit-3.8.1.pom
Is the problem related to the INFO line Skipping: corelib-api. It cannot be resolved.? corelib-api is the artifact name of the project I ran mvn dependency:purge-local-repository against.
I know this is old, but I had the same issue, and adding -DactTransitively=false to the command line fixed this issue. I'm unable to tell why it helped, but it did...
I hope this helps.
Looking at the documentation, disabling the actTransitively option causes the purge goal to only purge the dependencies that are named directly by your pom.xml. When it is time for the build, Maven automatically pulls not only your direct dependencies, but all of the TRANSITIVE dependencies down into your local repo as well.
When the purge goal is looking for what to delete, if it finds other dependencies in the dependencies' poms, it transverses those dependencies to figure out the entire tree in your local repository that can be purged. To do this, it at least needs the transitive project's pom.xml. If it cannot find it in the local repo, or if it thinks there might be a more recent version to analyze, it will go to the external repositories to find it.
I don't think it actually tries to download full project content before it starts purging. But since it at least pulls down the projects' pom.xml files, it will complain if it can't find one just like it would if it were resolving dependencies for an actual build.
Besides just preventing Maven from accessing external repositories while purging, another practical reason would be if you have two projects that have the same transitive dependency, and you don't want the purge from one to affect the performance of the other (since the latter will have to download any missing dependencies again).
On the other hand, something to carefully consider is that if you do NOT allow the purge to consider all of the transitive dependencies possible, you stand to leave a set of downstream dependencies sitting in your local repository that you would otherwise have wanted to remove.
I could make a case for saying that the output you are getting is either unnecessary or preventable with another flag like "reportInaccessibleDependencies=false". But unless it is killing your build, I wouldn't say it is anything to worry about.
I am trying to download a specific artifact (and all of its dependencies) to a machine's local repository.
It would seem that using the dependency:get goal would be the best option for this, but despite the documentation it does not seem to actually get the transitive dependencies.
Here is an example where I have tried to use dependency:get to download the spring-core jar and all of its many dependencies. You'll notice that the spring-core jar is the only thing downloaded despite the fact that this was done after cleaning the local repository.
$ mvn org.apache.maven.plugins:maven-dependency-plugin:2.2:get -DrepoUrl=http://repo1.maven.org/maven2/ -Dartifact=org.springframework:spring-core:3.0.5.RELEASE -Dtransitive=true
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building Maven Stub Project (No POM) 1
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] --- maven-dependency-plugin:2.2:get (default-cli) # standalone-pom ---
Downloading: http://repo1.maven.org/maven2/org/springframework/spring-core/3.0.5.RELEASE/spring-core-3.0.5.RELEASE.jar
Downloaded: http://repo1.maven.org/maven2/org/springframework/spring-core/3.0.5.RELEASE/spring-core-3.0.5.RELEASE.jar (374 KB at 548.4 KB/sec)
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 4.401s
[INFO] Finished at: Wed May 25 00:29:47 CDT 2011
[INFO] Final Memory: 7M/107M
[INFO] ------------------------------------------------------------------------
My questions are:
Is this a bug with the dependency:get goal?
If not, what am I doing wrong?
Are there any alternatives methods I could use to accomplish my initially stated goal?
If this is a one time or irregular occurrence for you, The simplest thing to do would be to define the dependency in a POM and run mvn package or similar to retrieve the dependency artifacts. You could also try mvn dependency:sources if you'd like to have the source jars too.
If this is something you want to do more regularly or as part of a process, you could look at using Aether directly to retrieve the dependencies for you.
Another approach if this is something you need to do regularly to manage groups of artifacts into your internal development ecosystem is to use Nexus' procurement suite to retrieve the dependencies and manage them into your repository.
You might can go with this solution
1) Download the artifact as you described (I tested with version 2.5.2)
c:\test>mvn -DrepoUrl=http://repo1.maven.org/maven2/ -Dartifact=org.springframework:spring-core:2.5.2 -Dtransitive=true
2) Download the pom (-Dpackaging=pom) of this artifact
c:\test>mvn -DrepoUrl=http://repo1.maven.org/maven2/ -Dartifact=org.springframework:spring-core:2.5.2 -Dtransitive=true -Dpackaging=pom org.apache.maven.plugins:maven-dependency-plugin:2.2:get
3) Use the downloaded pom to copy all dependencies via the dependency:copy-dependency gaol
c:\test>mvn -DoutputDirectory=C:/test/dependency -f C:/<path-to-repository>/org/springframework/spring-core/2.5.2/spring-core-2.5.2.pom dependency:copy-dependencies
You will find the dependencies (including test and optional scope!) in the created c:\test\dependency folder. To exclude test and optional scope use -DincludeScope=runtime.
You need to dynamically build some path information (e.g. path to the pom in your repository) to set up this solution and also need to bring the artifact itself together with its dependencies but it should work in a script without generating a special pom (which might be easier).
It would appear the answer to question #1 (Is this a bug with the dependency:get goal?) is yes. As of 5/25/2011 issue MDEP-308 is still unresolved.
I try to develop one jenkins (a.k.a hudson) plugin, and follow the Tutorial, and generated source code tree after mvn -cpu hpi:create command.
While when I do "mvn package", it reports error like
[INFO] Building Unnamed - com.example.jenkins:redmine2:hpi:1.0-SNAPSHOT
[INFO] task-segment: [clean]
[INFO] ------------------------------------------------------------------------
[INFO] ------------------------------------------------------------------------
[ERROR] BUILD ERROR
[INFO] ------------------------------------------------------------------------
[INFO] Error building POM (may not be this project's POM).
Project ID: org.apache.maven.plugins:maven-enforcer-plugin
Reason: Error getting POM for 'org.apache.maven.plugins:maven-enforcer-plugin' from the repository: Failed to resolve artifact, possibly due to a repository list that is not appropriately equipped for this artifact's metadata.
org.apache.maven.plugins:maven-enforcer-plugin:pom:1.1-SNAPSHOT
from the specified remote repositories:
nexus (http://maven.nexus.local:8888/nexus/content/groups/public)
for project org.apache.maven.plugins:maven-enforcer-plugin
From my nexus server, it has maven-enforcer-plugin:1.0 version only, but this dependence is generated from jenkins by default, anyone can help me to solve it ?
(How) Can I change to plugin-1.0 version.
what can I add in nexus server
I just have basic knowledge of maven.
I fixed it by myself by doing two things.
1. Added Apache snapshot from here into my nexus repo group besides those setting in Tutorial
2. It seems my local maven repo is messed up as well, so I can clean it up and reload from nexus.
And it still use maven-enforcer-plugin:pom:1.1-SNAPSHOT plugins.
Hope it helps you as well.