Update FindBugs annotation library and maven plugin

[KostyaSha]

I tried follow version 1.0.0 version and found that it replaced with other library. But it fails because of bytecode. Investigating it, will keep it open here.

[jglick]

Probably want to specify the version just once, in root pom.xml.

[KostyaSha]

Ok, will try

[KostyaSha]

parent is in https://github.com/jenkinsci/pom/blob/master/pom.xml#L623

[jglick]

But you could override that in this PR in (root) pom.xml.

[KostyaSha]

annotations-3.0.0.jar created with 1.7.0_51(Oracle Corporation) Can this class be excluded for enforcer check?

[jglick]

Can this class be excluded for enforcer check?

Yes, it could be excluded, since it is using provided scope. EnforceBytecodeVersion.ignoredScopes (MOJO-1988) lets you do that automatically, rather than hardcoding this artifact name. Update extra-enforcer-rules to 1.0-beta-3 to take advantage of that feature.

[KostyaSha]

There is "metrics" profile for findbugs in pom.xml and "findbugs" profile in core/pom.xml

[KostyaSha]

Will back when jenkins migrate on java7 :)

[KostyaSha]

Now with java7 it much easier to do update :)

[KostyaSha]

re-triggerring again, because https://jenkins.ci.cloudbees.com/job/core/job/jenkins-core/2700/testReport/junit/jenkins.security/FilePathSecureTest/tar/ failure unrelated i think.

[jglick]

This got clobbered by your update:

But you could override [findbugs-maven-plugin.version] in this PR in (root) pom.xml.

[jglick]

Other than the duplication, 👍

[KostyaSha]

@jglick maybe remove reporting at all? Or somebody using it?

[KostyaSha]

maven-site is not updated https://github.com/jenkinsci/maven-site

[KostyaSha]

@jglick set with variable, but can't test because

[ERROR] Failed to execute goal on project jenkins-core: Could not resolve dependencies for project org.jenkins-ci.main:jenkins-core:jar:1.618-SNAPSHOT: Could not find artifact org.jenkins-ci.main:cli:jar:1.618-SNAPSHOT in repo.jenkins-ci.org (http://repo.jenkins-ci.org/public/) -> [Help 1]

I think nobody uses mvn site and better add build execution for metrics/findbugs profiles.

[jglick]

I do not think mvn site is used.

[jglick]

Could probably be reverted.

[KostyaSha]

No, either mvn site will fail with absent classes.

[KostyaSha]

[ERROR] Failed to execute goal org.apache.maven.plugins:maven-site-plugin:3.1:site (default-site) on project pom: Execution default-site of goal org.apache.maven.plugins:maven-site-plugin:3.1:site failed: A required class was missing while executing org.apache.maven.plugins:maven-site-plugin:3.1:site: org/sonatype/aether/graph/DependencyFilter
[ERROR] -----------------------------------------------------

[jglick]

👍; is this still supposed to WiP?

[KostyaSha]

@jglick well i not sure that anybody using this reporting at all. I can suggest move findbugs execution from reporting to some build goal.

[KostyaSha]

As update for current versions this PR done.

[oleg-nenashev]

👍