search

CircleCI-Public / maven-orb

Simplify common tasks for building and testing Java projects using Maven on CircleCI.
https://circleci.com/orbs/registry/orb/circleci/maven
MIT License
6 stars 11 forks source link

Cannot use maven/test job with dependencies outside of maven central. #25

Closed andrewfister closed 1 year ago

andrewfister commented 2 years ago

Orb Version 1.3.0

Describe the bug In the with_cache command in this orb, the maven-dependency-plugin version has been hard-coded to a version where the go-offline goal does not work when you have dependencies that do not exist in maven central. This happens at least with a multi-module project.

Here is the issue with the plugin: https://issues.apache.org/jira/browse/MDEP-680

To Reproduce 1) In a multi-module maven project pom.xml, add a dependency like:

<dependency>
  <groupId>org.geotools</groupId>
  <artifactId>gt-main</artifactId>
  <version>26.2</version>
</dependency>

2) Add the necessary repository to the same pom.xml, like:

<repositories>
  <repository>
      <id>central</id>
      <name>Maven Repository Switchboard</name>
      <layout>default</layout>
      <url>https://repo1.maven.org/maven2</url>
      <snapshots>
          <enabled>false</enabled>
      </snapshots>
  </repository>
  <repository>
      <id>osgeo</id>
      <name>OSGeo Release Repository</name>
      <url>https://repo.osgeo.org/repository/release/</url>
      <snapshots>
          <enabled>false</enabled>
      </snapshots>
  </repository>
</repositories>

3) Try to use the standard maven/test job and watch maven try and fail to download this dependency from maven central instead of the osgeo repository.

Expected behavior

maven-dependency-plugin:go-offline should download dependencies from repositories provided in the pom.xml.

Additional context

This appears to be fixed in maven-dependency-plugin version 3.2.0, which has been released. I have tested running a build with this version and it worked. At the very least the hard-coded version in this orb needs to be updated to 3.2.0

gcatanese commented 2 years ago

A temporary workaround is to downgrade to circleci/maven@1.2.0.

Agree with @andrewfister the maven-dependency plugin needs a bump up, I can create a PR, just wondering what is the process for testing an update? Should I duplicate it and create my own orb for testing?

pdumontel commented 2 years ago

Not sure about dependency plugin 3.2 vs. 3.1, as 1.1.1 uses 3.1.2 and it downloads fine.

Might the problem be that the "$@" is set in a separate step, and doesn't persist to the next one? In 1.1.1, the set $@ was in the same step as mvn dependency:go-offline; In 1.2 and 3, it's in the previous step.

p0d3x commented 2 years ago

We're facing the same issue. It does not work with settings being applied in a different step, but downgrading to 1.1.1 works. We have access credentials/configuration in the settings.xml which are not available otherwise.

Jaryt commented 1 year ago

Hello! I've implemented the changes noted here. The version of dependency:go-offline has been parameterized as dependency_plugin_version for the with_cache command, and the test and parallel_test jobs. The default is 3.1.2 to ensure there are no breaking changes, so if you require it to be upgraded please update it through that parameter.

We will be sure to update the default in the next major update.

Please let me know if this has not been resolved as expected and if this issue must be reopened!