Install a specific version of Maven

jenkins-infra / jenkins-security-scan

GitHub Workflow and Action for the Jenkins Security Scan

MIT License

1 stars 6 forks source link

Install a specific version of Maven #32

Closed jonesbusy closed 2 weeks ago

jonesbusy commented 1 month ago

This fixes occurrence of

[ERROR] The build could not read 1 project -> [Help 1]
org.apache.maven.project.ProjectBuildingException: Some problems were encountered while processing the POMs:
[ERROR] Unknown packaging: hpi @ io.jenkins.plugins:flyway-api:${revision}-${changelist}, /home/runner/work/flyway-api-plugin/flyway-api-plugin/pom.xml, line 13, column 14
at org.apache.maven.project.DefaultProjectBuilder.build (DefaultProjectBuilder.java:397)
at org.apache.maven.graph.DefaultGraphBuilder.collectProjects (DefaultGraphBuilder.java:414)

Seen in https://github.com/jenkinsci/flyway-api-plugin/pull/78/checks for example

Confirmed this work by running this adapted workflow on https://github.com/jenkinsci/flyway-api-plugin/pull/99/checks

Except the maven version upgrade, the rest remain outouched

Possible caused by recent changes https://github.com/jenkinsci/maven-hpi-plugin ?

I can easily reproduce locally with Maven 3.8.8.

daniel-beck commented 3 weeks ago

https://github.com/jenkinsci/maven-hpi-plugin/pull/668 is another reason to ensure a recent Maven.

basil commented 3 weeks ago

See https://github.com/actions/setup-java/issues/685 (a different fix for the same issue) for comparison. I am not implying that one solution is better or worse than another, but rather I am mentioning the alternative for completeness.

jonesbusy commented 3 weeks ago

See actions/setup-java#685 (a different fix for the same issue) for comparison. I am not implying that one solution is better or worse than another, but rather I am mentioning the alternative for completeness.

Thanks I saw also this page. To be honest I don't have a strong opinion about the approach. As long is consistent across Jenkins reusable workflows

I just choose this action s4u/setup-maven-action because it looks well maintained, and less code to maintains on the workflow

Let me know and I can adapt the PR with the choose approach

jonesbusy commented 2 weeks ago

Once decided I will update this PR with the choose approach

jonesbusy commented 2 weeks ago

Sure I will update tomorrow by doing the maven download instead of composite action

jonesbusy commented 2 weeks ago

I've applied the same change here.

Ensured the maven version is correct by running test workflow here https://github.com/jenkinsci/flyway-api-plugin/pull/109/checks

timja commented 2 weeks ago

Released as https://github.com/jenkins-infra/jenkins-security-scan/releases/tag/v2

basil commented 2 weeks ago

Thank you very much!