Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: remove test-compile for mavenAggregateProject with Dverbose or sbom #5679

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: remove test-compile for mavenAggregateProject with Dverbose or sbom #5679

wants to merge 1 commit into from
+11 −8

Conversation

orsagie
Copy link
Contributor

@orsagie orsagie commented Jan 22, 2025

Pull Request Submission Checklist

  • Follows CONTRIBUTING guidelines
  • Includes detailed description of changes
  • Contains risk assessment (Low | Medium | High)
  • Highlights breaking API changes (if applicable)
  • Links to automated tests covering new functionality
  • Includes manual testing instructions (if necessary)
  • Updates relevant GitBook documentation (PR link: ___)

What does this PR do?

Fixes an issue where users trying to run snyk sbom (or test with -- -Dverbose) on a maven project with --maven-aggregate-project fails on the test-compile phase we invoke in case a user is using an older versions of the maven-depepndency-plugin. Since sbom forces a newer version of the plugin, there is no need to invoke that phase.

Where should the reviewer start?

How should this be manually tested?

Run current version and this Pr's snyk on the following pom.xml:

snyk test --maven-aggregate-project -- -Dverbose

<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <groupId>com.example</groupId>
    <artifactId>test-compile-failure</artifactId>
    <version>1.0-SNAPSHOT</version>
    <packaging>jar</packaging>

    <properties>
        <maven.compiler.source>1.8</maven.compiler.source>
        <maven.compiler.target>1.8</maven.compiler.target>
    </properties>

    <dependencies>
        <!-- Regular dependency for main code -->
        <dependency>
            <groupId>org.apache.commons</groupId>
            <artifactId>commons-lang3</artifactId>
            <version>3.12.0</version>
        </dependency>

    </dependencies>

    <build>
        <plugins>

            <!-- Maven Antrun Plugin to Force Failure -->
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-antrun-plugin</artifactId>
                <version>3.0.0</version>
                <executions>
                    <execution>
                        <phase>test-compile</phase>
                        <goals>
                            <goal>run</goal>
                        </goals>
                        <configuration>
                            <tasks>
                                <fail message="Deliberate failure during test-compile phase!" />
                            </tasks>
                        </configuration>
                    </execution>
                </executions>
            </plugin>
        </plugins>
    </build>
</project>

@orsagie orsagie requested a review from a team as a code owner January 22, 2025 11:40
@orsagie orsagie force-pushed the fix/verbose-aggregate-mvn-plugin branch from a6536eb to a454577 Compare January 22, 2025 11:47
@orsagie orsagie force-pushed the fix/verbose-aggregate-mvn-plugin branch from a454577 to f9b7cf9 Compare January 26, 2025 11:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@j-luong j-luong j-luong approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@orsagie @j-luong