ARTEMIS-4437: move plugin into its profile, avoid pre-build snapshot …

…resolve. The prior change from 90ac1e6 in #4629 causes the root pom build to resolve the module snapshots and can result in their download, even though they are in the same reactor to build. This typically happens daily on a developers machine, and on every build of CI jobs (depending on prior mvn install's and repo caching being done). Rather than the profile flipping a proeprty to stop the plugin skipping, the plugin should be in the profile so it is only active if the profile is.
apache · Oct 4, 2023 · 260f774 · 260f774
1 parent 7a55b1d
commit 260f774
Showing 1 changed file with 21 additions and 22 deletions.
diff --git a/pom.xml b/pom.xml
@@ -244,7 +244,6 @@
          -Dlog4j2.configurationFile="file:${activemq.basedir}/tests/config/${logging.config}"
       </activemq-surefire-argline>
       <activemq.basedir>${project.basedir}</activemq.basedir>
-      <skipOWASP>true</skipOWASP>
       <proton.trace.frames>false</proton.trace.frames>
 
       <directory-version>2.0.0.AM25</directory-version>
@@ -1219,9 +1218,27 @@
       </profile>
       <profile>
          <id>owasp</id>
-         <properties>
-            <skipOWASP>false</skipOWASP>
-         </properties>
+         <build>
+            <plugins>
+               <plugin>
+                  <groupId>org.owasp</groupId>
+                  <artifactId>dependency-check-maven</artifactId>
+                  <version>${owasp.version}</version>
+                  <configuration>
+                     <!-- <skipProvidedScope>true</skipProvidedScope>
+                      <skipRuntimeScope>true</skipRuntimeScope> -->
+                  </configuration>
+                  <executions>
+                     <execution>
+                        <goals>
+                           <!-- combine results for all modules into a single report -->
+                           <goal>aggregate</goal>
+                        </goals>
+                     </execution>
+                  </executions>
+               </plugin>
+            </plugins>
+         </build>
       </profile>
       <profile>
          <id>dev</id>
@@ -1906,24 +1923,6 @@
             <version>${maven.bundle.plugin.version}</version>
             <extensions>true</extensions>
          </plugin>
-         <plugin>
-            <groupId>org.owasp</groupId>
-            <artifactId>dependency-check-maven</artifactId>
-            <version>${owasp.version}</version>
-            <configuration>
-               <skip>${skipOWASP}</skip>
-               <!-- <skipProvidedScope>true</skipProvidedScope>
-                <skipRuntimeScope>true</skipRuntimeScope> -->
-            </configuration>
-            <executions>
-               <execution>
-                  <goals>
-                     <!-- combine results for all modules into a single report -->
-                     <goal>aggregate</goal>
-                  </goals>
-               </execution>
-            </executions>
-         </plugin>
 
          <!-- This is placing the .so in the root target/bin/ dir, so the testsuite can use it, by
               leveraging the surefire argLine. This avoids having to build a distribution to run tests.