check does not fail if called as defaultGoal of profile

[fiveOO]

I tried to setup an explicit QA call like mvn -P spotbugs putting the plugin into a maven profile using a default goal.

...
<profile>
    <id>spotbugs</id>
    <build>
        <defaultGoal>com.github.spotbugs:spotbugs-maven-plugin:spotbugs@check-spotbugs</defaultGoal>
        <plugins>
            <plugin>
                <groupId>com.github.spotbugs</groupId>
                <artifactId>spotbugs-maven-plugin</artifactId>
                <executions>
                    <execution>
                        <id>check-spotbugs</id>
                        <goals>
                            <goal>check</goal>
                        </goals>
                        <configuration>
                            <effort>Max</effort>
                            <threshold>Low</threshold>
                            <xmlOutput>true</xmlOutput>
                        </configuration>
                    </execution>
                </executions>
            </plugin>
        </plugins>
    </build>
</profile>
...

Analysis is running but the build does not fail.

Moving the same config from the profile to the default lifecycle and binding e.g. to phase generate-sources a call to mvn generate-sources will fail as expected.

I would expect the plugin to fail the build called in a profile, too.

[hazendaz]

Delete your usage of defaultGoal as it is not remotely correct.

Spotbugs runs off compiled class files. Generate sources would be far too soon.

See here for how default goal is used https://maven.apache.org/pom.html (search on it).

See here for how default lifecycle works https://maven.apache.org/guides/introduction/introduction-to-the-lifecycle.html

Specifically you are running far too soon if trying to use generate sources to run spotbugs. Either you already compiled before hand or it didn't run on anything. Check is bind to 'verify' as the code must be compiled.

As far as your profile, all you told this was to run a non existent default goal. Its not correct so how could that do anything. If that simply did nothing, report to maven as their issue but they will likely tell you the same. Assuming you have spotbugs version defined elsewhere, your default goal should have been (assuming newer maven), 'spotbugs:check' and your execution could have been entirely deleted as that was the point of default goal. Instead you asked maven to run something that does not exist by simply stating 'mvn' and the activation of the profile (at no point did you actually tell it to run that execution in that case).

[fiveOO]

defaultGoal could also be used as part of a profile (see https://maven.apache.org/guides/introduction/introduction-to-profiles.html) and for us it would be handy to be able to run spotbugs for a short check locally based on already compiled classes. Additionally using the default build pipeline to implement a QA pipeline by just adding another step based on already compiled classes would make life easier.

By the example of binding to phase generate-source I just wanted to show the difference in behaviour of using defaultGoal vs. default lifecycle (even without compiling in that run).

[hazendaz]

but this <defaultGoal>com.github.spotbugs:spotbugs-maven-plugin:spotbugs@check-spotbugs</defaultGoal> is invalid. That isn't anything with our plugin. <defaultGoal>compile com.github.spotbugs:spotbugs-maven-plugin:4.8.3.0:check</defaultGoal> would be. If you would show more about what you believe is an issue here it would help. I'm only guessing on fact there is bad setup.

[fiveOO]

For my understanding: what do you think is the invalid part of the given defaultGoal? Based on the Maven spec it's the same as not defining the defaultGoal but calling mvn -P spotbugs com.github.spotbugs:spotbugs-maven-plugin:check@check-spotbugs which is a valid call defined by <coords of plugin>:<goal of plugin>@<id of execution>. For sure an <execution> of that <goal> using that <id> has to be defined in the pom.

OMG! Writing the above I've found the error I made: in the initial profile definition I called the goal spotbugs (instead of check) but referenced an execution defined for goal check. That was my fault.

The working version of the profile would be:

<profile>
    <id>spotbugs</id>
    <build>
        <defaultGoal>com.github.spotbugs:spotbugs-maven-plugin:check@check-spotbugs</defaultGoal>
        <plugins>
            <plugin>
                <groupId>com.github.spotbugs</groupId>
                <artifactId>spotbugs-maven-plugin</artifactId>
                <configuration>
                    <omitVisitors>FindReturnRef</omitVisitors>
                    <effort>Max</effort>
                    <threshold>Low</threshold>
                    <xmlOutput>true</xmlOutput>
                    <includeFilterFile>spotbugs-qa-include.xml</includeFilterFile>
                </configuration>
                <executions>
                    <execution>
                        <id>check-spotbugs</id>
                        <goals>
                            <goal>check</goal>
                        </goals>
                    </execution>
                </executions>
            </plugin>
        </plugins>
    </build>
</profile>

Prerequisite for running the check by calling mvn -P spotbugs is that classes are already compiled. Useful is such a profile for

• a developer that has already compiled classes and just wants to run spotbugs on them without recompiling, testing, ... but using the project-defined spotbugs rules e.g. to check if a change fixes a spotbugs issue. That may save a lot of time on large projects.
• creating a build pipeline by reusing a just-compile-and-test pipeline and adding the check (based on the already compiled classes) at the end of the new pipeline
• ...