New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

mvn site site:stage -- staging has empty dependency-check-report.html #325

Closed
awhitford opened this Issue Aug 27, 2015 · 11 comments

Comments

Projects
None yet
4 participants
@awhitford
Copy link
Contributor

awhitford commented Aug 27, 2015

I noticed that the aggregate goal does not work for a multi-module project with the site:stage goal.
The dependency-check-report.html file exists, but is 0 bytes.

Note that mvn site works -- the problem is unique to site:stage.

@jeremylong

This comment has been minimized.

Copy link
Owner

jeremylong commented Aug 28, 2015

Thank you for pointing this out. I have been able to replicate the issue on my side - now I just have to figure out why....

@jeremylong jeremylong added the bug label Aug 28, 2015

@jeremylong

This comment has been minimized.

Copy link
Owner

jeremylong commented Sep 5, 2015

The good news is I've figured out why this happens - the bad news, I haven't come up with a solution yet. I'm likely going to have to email the maven dev list. A basic description of the problem is that the dependencies must be resolved in order for dependency-check-maven to work. The order of execution for a generic multi-module pom would be:

  1. parent
  2. module1
  3. module2

Because parent runs before the child modules the dependencies of the child modules are not resolved at the time the parent is executing. As such, when dependency-check-maven:aggregate is executing against parent there is no (easy/obvious) way to know what the dependencies of the children are. The aggregate goal works for mvn site because it cheats - for each module it will execute and create a serialized data file containing the information on the dependencies; however, a blank HTML report is written. When maven gets to the last project in the build the aggregate goal will go back and re-write all of the HTML reports based off of this serialized data.

The problem is site:stage executes on each of the projects in order - so the blank html report gets copied instead of waiting until the last project and then copying the correct html report.

--Jeremy

@awhitford

This comment has been minimized.

Copy link
Contributor Author

awhitford commented Jan 16, 2016

Has there been any recent traction/research on this?
I'm a little puzzled by this problem; I'm trying to think about how other plugins solve this.

@jeremylong

This comment has been minimized.

Copy link
Owner

jeremylong commented Jan 17, 2016

The real issue comes down to dependency resolution. I haven't found another reporting plugin with an aggregation goal that requires dependency-resolution.

When the parent runs the aggregation goal the child modules have not undergone dependency resolution. I can't find an easy api to kick off dependency-resolution. Thus, the only thing I have come up with is to require a second run to actually make the aggregate goal work. I.e. the first run we produce the serialized data files and the second run an aggregate goal could read these files. So you would do something like this:

$ mvn verify
$ mvn site site:stage

This is of course assuming that the check goal is configured in the build and that the aggregate goal is configured in the reportingg section.

@erik-wramner

This comment has been minimized.

Copy link
Contributor

erik-wramner commented Feb 24, 2016

We are also quite interested in getting this fixed. I can see the problem, it seems more logical to run the parent goal last but that's not how it works.

@jeremylong

This comment has been minimized.

Copy link
Owner

jeremylong commented Feb 24, 2016

Right. The only solution I've been able to come up with would require
running maven twice.

If no one can suggest any other ideas I will likely implement this soon.

-jeremy
On Feb 24, 2016 10:50 AM, "Erik Wramner" notifications@github.com wrote:

We are also quite interested in getting this fixed. I can see the problem,
it seems more logical to run the parent goal last but that's not how it
works.


Reply to this email directly or view it on GitHub
#325 (comment)
.

@awhitford

This comment has been minimized.

Copy link
Contributor Author

awhitford commented Mar 12, 2016

I am wondering if a lifecycle extension would help.

@jeremylong

This comment has been minimized.

Copy link
Owner

jeremylong commented Mar 12, 2016

The issue is that all of the lifecycles run on the parent before going to
the next project. Thus, unless you run Maven twice we don't have all
dependencies on all child projects (first run we can create the serialized
dependency-check data, second run for reporting we can read it in and
create the report).

--Jeremy

On Sat, Mar 12, 2016 at 2:07 PM, Anthony Whitford notifications@github.com
wrote:

I am wondering if a lifecycle extension
http://maven.apache.org/examples/maven-3-lifecycle-extensions.html
would help.


Reply to this email directly or view it on GitHub
#325 (comment)
.

@colezlaw

This comment has been minimized.

Copy link
Contributor

colezlaw commented Mar 12, 2016

It's been a long, long time since I wrote a Maven plugin from scratch, but
IIRC, you can add an annotation for a mojo to get access to the reactor
order. If this project is the last one in the reactor, it could read the
serialized data from all the child projects, then write the report to the
root of the reactor. Yes - it's a kludge.

On Sat, Mar 12, 2016 at 2:56 PM, Jeremy Long notifications@github.com
wrote:

The issue is that all of the lifecycles run on the parent before going to
the next project. Thus, unless you run Maven twice we don't have all
dependencies on all child projects (first run we can create the serialized
dependency-check data, second run for reporting we can read it in and
create the report).

--Jeremy

On Sat, Mar 12, 2016 at 2:07 PM, Anthony Whitford <
notifications@github.com>
wrote:

I am wondering if a lifecycle extension
http://maven.apache.org/examples/maven-3-lifecycle-extensions.html
would help.


Reply to this email directly or view it on GitHub
<
#325 (comment)

.


Reply to this email directly or view it on GitHub
#325 (comment)
.

@jeremylong

This comment has been minimized.

Copy link
Owner

jeremylong commented Aug 20, 2016

The aggregation code has been completely re-written in 1.4.3-SNAPSHOT. The fix will be released with the next release.

@jeremylong jeremylong closed this Aug 20, 2016

@lock

This comment has been minimized.

Copy link

lock bot commented Sep 28, 2018

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@lock lock bot locked and limited conversation to collaborators Sep 28, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.