search

advanced-security / maven-dependency-submission-action

GitHub Action for submitting Maven dependencies
MIT License
48 stars 25 forks source link

maven_args ignored? #44

Closed rionda closed 1 year ago

rionda commented 1 year ago

I have 

      uses: advanced-security/maven-dependency-submission-action@v3
      with:
        maven-args: ' -B -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn'

in a github action file. The value of maven-args is to avoid printing the hundreds of Downloading ... messages from mvn, but it seems to be ignored by the action.

I'm not sure whether it is a misconfiguration on my side, or a bug.

Partial log from a github CI run below:

Run advanced-security/maven-dependency-submission-action@v3
  with:
    maven-args:  -B -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn
    directory: code/fastswaps
    ignore-maven-wrapper: false
    snapshot-include-file-name: true
    token: ***
  env:
    JAVA_HOME: /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk/17.0.8-7/x64
    JAVA_HOME_17_X64: /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk/17.0.8-7/x64
depgraph-maven-plugin:reactor
  /usr/bin/mvn -B com.github.ferstl:depgraph-maven-plugin:4.0.2:reactor -DgraphFormat=json -DoutputFileName=reactor.json
  [INFO] Scanning for projects...
  [INFO] Downloading from central: https://repo.maven.apache.org/maven2/com/github/ferstl/depgraph-maven-plugin/4.0.2/depgraph-maven-plugin-4.0.2.pom
  [INFO] Downloaded from central: https://repo.maven.apache.org/maven2/com/github/ferstl/depgraph-maven-plugin/4.0.2/depgraph-maven-plugin-4.0.2.pom (17 kB at 58 kB/s)
  [INFO] Downloading from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.7.0/junit-bom-5.7.0.pom
  [INFO] Downloaded from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.7.0/junit-bom-5.7.0.pom (5.1 kB at 154 kB/s)
  [INFO] Downloading from central: https://repo.maven.apache.org/maven2/com/github/ferstl/depgraph-maven-plugin/4.0.2/depgraph-maven-plugin-4.0.2.jar
  [INFO] Downloaded from central: https://repo.maven.apache.org/maven2/com/github/ferstl/depgraph-maven-plugin/4.0.2/depgraph-maven-plugin-4.0.2.jar (148 kB at 2.6 MB/s)
  [INFO] ...
...
depgraph-maven-plugin:aggregate
  /usr/bin/mvn -B com.github.ferstl:depgraph-maven-plugin:4.0.2:aggregate -DgraphFormat=json -DoutputFileName=aggregate-depgraph.json
  [INFO] Scanning for projects...
  [INFO] 
  [INFO] ------------------< io.github.acdmammoths:fastswaps >-------------------
  [INFO] Building fastswaps 1.0-SNAPSHOT
  [INFO]   from pom.xml
  [INFO] --------------------------------[ jar ]---------------------------------
  [INFO] 
  [INFO] --- depgraph-maven-plugin:4.0.2:aggregate (default-cli) @ fastswaps ---
  [INFO] ------------------------------------------------------------------------
  [INFO] BUILD SUCCESS
  [INFO] ------------------------------------------------------------------------
...
peter-murray commented 1 year ago

There was a failure to update the v3 tag to point at the 3.0.2 version which included the correct rebuild of this fix that was introduced in version 3.0.1. I have tested this in isolation and it works with the v3 tag now, so it should work for you.

Incidentally, the -B flag is already enabled for the action, so you should not need to pass that one in.

rionda commented 1 year ago

I confirm that it seems to work now. Thank you!