Does Spotbugs actually run as part of the verify goal?

[davecpayne]

The documentation for spotbugs:check claims that it:

Binds by default to the lifecycle phase: verify.

but from experimentation, that seems not to be the case.

I've created a very small project, with a POM that looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>org.example</groupId>
    <artifactId>spotbugs-test</artifactId>
    <version>1.0-SNAPSHOT</version>

    <properties>
        <maven.compiler.source>9</maven.compiler.source>
        <maven.compiler.target>9</maven.compiler.target>
    </properties>

    <build>
        <plugins>
            <plugin>
                <groupId>com.github.spotbugs</groupId>
                <artifactId>spotbugs-maven-plugin</artifactId>
                <version>4.2.3</version>
            </plugin>
        </plugins>
    </build>
</project>

and a single class which contains a deliberate SpotBugs violation. When I execute either mvn clean install or mvn clean verify, I get successful builds, with no output referencing SpotBugs. When I run mvn spotbugs:check, I get a failure caused by my deliberate violation.

So, is the documentation wrong, or is there something more I need to do to get the plugin to work as part of the verify goal?

[hazendaz]

@davecpayne It requires execution goal to be added to run in mvn clean install as its designed for reporting. When you run spotbugs:check, you are deliberity telling it to run execution on check.

[davecpayne]

@davecpayne It requires execution goal to be added to run in mvn clean install as its designed for reporting. When you run spotbugs:check, you are deliberity telling it to run execution on check.

Are you able to link me to any documentation that says that? I can't see any mention of execution goal anywhere in the the docs, am I missing something? Also, in what sense, if I have to do something to make it happen, does it therefore bind to the verify phase "by default"?

[hazendaz]

@davecpayne The plugin is designed to be run with 'mvn site'. It doesn't run just be being listed in your pom. If you look into the source you can find all the integration tests which has many examples of usage. The site shows this here

[hazendaz]

There is no default execution on this plugin without calling the plugin or the site run. Closing issue as usage issue, if documentation needs to clarify, please open a PR to do so. Otherwise this is working as intended. Thanks.

[depinski]

The documentation indicates the plugin should run by default in verify, not site. The docs you linked to make this explicit.

https://spotbugs.github.io/spotbugs-maven-plugin/check-mojo.html

[hazendaz]

To clarify, reported user ran maven build cycles not the plugin goal. When running plugin goal they get the expected result. They want it to run during normal maven cycle based on the pom, therefore they need to add the check goal to the pom to make that happen. It binds when the goal is run to verify. This plugin is reporting site based so verify in that context is during site unless otherwise told to run a goal (goal won't default happen outside of site).

To put another way, mvn clean install or mvn clean verify does not run goals of spotbugs. To run spotbugs, exactly as shown user had to add spotbugs:check to the maven command. That is externally provisioning the goal. If user wants that to happen during mvn clean install or mvn clean verify, then one must define the execution goal for spotbugs check in the pom. Then as shown it will run in verify as now the goal is told to run.