Check for Updated Version of Maven [duplicate] - java

Is there a Maven plugin that allows you to check if there are newer versions of dependencies available in the repository?
Say, you are using dependency X with version 1.2. Now a new version of X is released with version 1.3. I'd like to know, based on the dependencies used in my project, which dependencies have newer versions available.

The Maven Versions plugin and it's display-dependency-updates mojo are what you're looking for:
mvn versions:display-dependency-updates
Here is what the output looks like:
[INFO] ------------------------------------------------------------------------
[INFO] Building Build Helper Maven Plugin
[INFO] task-segment: [versions:display-dependency-updates]
[INFO] ------------------------------------------------------------------------
[INFO] [versions:display-dependency-updates]
[INFO]
[INFO] The following dependency updates are available:
[INFO] org.apache.maven:maven-artifact ........................ 2.0 -> 2.0.9
[INFO] org.apache.maven:maven-plugin-api ...................... 2.0 -> 2.0.9
[INFO] org.apache.maven:maven-project ....................... 2.0.2 -> 2.0.9
[INFO] org.codehaus.plexus:plexus-utils ....................... 1.1 -> 1.5.6
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESSFUL
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 17 seconds
[INFO] Finished at: Fri Aug 15 10:46:03 IST 2008
[INFO] Final Memory: 10M/167M
[INFO] ------------------------------------------------------------------------

If you want to receive email notifications when newer artifacts versions are available on Maven Central you can create an account on artifact-listener and choose which artifact you want to follow.
You can either search manually for artifacts or directly upload your pom.xml.
You will periodically received notifications like this one (available in english and french for now) :

In projects with a large number of dependancies, you sometimes keep your versions in a properties section.
<properties>
<assertj.version>3.15.0</assertj.version>
<aws-sdk.version>1.11.763</aws-sdk.version>
<cxf.version>3.3.6</cxf.version>
In the case where you are only interested in updates to those versions, you can use the following command
mvn versions:display-property-updates
This gives a more condensed view and only returns the versions you need to update in the properties section.

The VersionEye Maven Plugin is doing the same: versioneye_maven_plugin.
VersionEye can notify you about new versions on Maven Repositories, too. It is a language agnostic tool and beside Java it supports 7 other languages. Beside the simple follow/notify feature it can also directly monitor GitHub and BitBucket repositories and notify your about out-dated dependencies in your projects.
There is also a REST JSON API, for tool integrations.
By the way, I'm the dude who started this project. Let me know if you have questions.

The ideal way to do it is to set dependency versions as properties in pom.xml and then running the below command to get the updated versions for your specific/custom dependencies.
<properties>
<java.version>1.8</java.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<skip.tests>true</skip.tests>
<spring-cloud-gcp.version>1.2.3.RELEASE</spring-cloud-gcp.version>
<spring-cloud.version>Hoxton.SR6</spring-cloud.version>
<spring-cloud-stream-schema.version>2.2.1.RELEASE</spring-cloud-stream-schema.version>
<confluent.version>5.5.1</confluent.version>
<avro.version>1.10.0</avro.version>
<janino.version>3.1.2</janino.version>
<swagger.version>2.9.2</swagger.version>
<google-cloud-logging-logback.version>0.118.1-alpha</google-cloud-logging-logback.version>
<spring-cloud-stream-binder-kafka.version>3.0.6.RELEASE</spring-cloud-stream-binder-kafka.version>
</properties>
mvn versions:display-property-updates
[INFO] The following version properties are referencing the newest available version:
[INFO] ${avro.version} .............................................. 1.10.0
[INFO] ${spring-cloud-stream-schema.version} ................. 2.2.1.RELEASE
[INFO] ${janino.version} ............................................. 3.1.2
[INFO] The following version property updates are available:
[INFO] ${spring-cloud-gcp.version} .......... 1.2.3.RELEASE -> 1.2.5.RELEASE
[INFO] ${google-cloud-logging-logback.version} 0.118.1-alpha -> 0.118.2-alpha
[INFO] ${spring-cloud-stream-binder-kafka.version} 3.0.6.RELEASE -> 3.0.8.RELEASE
[INFO] ${confluent.version} ................................. 5.5.1 -> 6.0.0
[INFO] ${swagger.version} ................................... 2.9.2 -> 3.0.0
[INFO] ${spring-cloud.version} .................... Hoxton.SR6 -> Hoxton.SR8
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 3.572 s
[INFO] Finished at: 2020-10-06T09:35:08-07:00
[INFO] ------------------------------------------------------------------------
Another way to achieve this is by executing the command mvn versions:display-dependency-updates but the problem I face with this approach is that it also shows me updates for the nested dependencies which are not too useful for me.

You can use the Versions Maven Plugin[1] to generate reports in your Maven site to get a list of possible updates. With regard to Spring's irregularity, it appears to use the Mercury versioning system[2]. When configuring the Versions plugin, you can add a special rule for Spring stuff:
http://mojo.codehaus.org/versions-maven-plugin/
http://docs.codehaus.org/display/MAVEN/Mercury+Version+Ranges

I might be a bit late to join the party but a more clear way to get more readable html file or a xml file as report which can be taken for further automation using:
mvn versions:dependency-updates-report
This report plugin not just shows more comprehensive details on updates but also has options to update to latest versions. You can find the documentation for it to use various parameters.

You can use Maven Check, a command line tool, which is standalone unlike the Versions Maven Plugin. It also works with Gradle projects.
Output example:
2 build file(s) found, checking for artifact updates
my-gradle-project\build.gradle
[COMPILE ONLY] com.google.guava:guava 31.0-android -> 31.1-android
1 artifact update(s) available
my-maven-project\pom.xml
[DEPENDENCY] org.apache.commons:commons-lang3 3.10 -> 3.12.0
[BUILD PLUGIN] org.apache.maven.plugins:maven-compiler-plugin 3.10.0 -> 3.10.1
2 artifact update(s) available
2/2 build file(s) checked, 3 artifact update(s) available
Disclaimer: I am the author of Maven Check.

Related

Scala jar in Maven project: Failure to find org.mongodb:casbah_2.12:jar:3.1.1

Scala and sbt newbie here. I created a Scala sbt project that uses casbah
libraryDependencies += "org.mongodb" %% "casbah" % "3.1.1"
to query a mongodb and return results as a map. I want to use this code in my Java maven project to manipulate the results that I get from querying the database.
I added this to my build.sbt file:
publishMavenStyle := true
publishTo := Some(Resolver.file("file", new File(Path.userHome.absolutePath + "/.m2/repository")))
to install a jar file in my .m2 local repo. Here is the output when I do sbt publish:
> publish
[info] Packaging /Users/miguelvelez/Documents/Programming/Scala/Projects/mongo/target/scala-2.12/mongo_2.12-0.1.0-SNAPSHOT-sources.jar ...
[info] Done packaging.
[info] Main Scala API documentation to /Users/miguelvelez/Documents/Programming/Scala/Projects/mongo/target/scala-2.12/api...
[info] Packaging /Users/miguelvelez/Documents/Programming/Scala/Projects/mongo/target/scala-2.12/mongo_2.12-0.1.0-SNAPSHOT.jar ...
[info] Done packaging.
[info] Wrote /Users/miguelvelez/Documents/Programming/Scala/Projects/mongo/target/scala-2.12/mongo_2.12-0.1.0-SNAPSHOT.pom
[info] :: delivering :: edu.cmu.cs.mvelezce#mongo_2.12;0.1.0-SNAPSHOT :: 0.1.0-SNAPSHOT :: integration :: Sun Apr 09 13:58:46 EDT 2017
[info] delivering ivy file to /Users/miguelvelez/Documents/Programming/Scala/Projects/mongo/target/scala-2.12/ivy-0.1.0-SNAPSHOT.xml
model contains 9 documentable templates
[info] Main Scala API documentation successful.
[info] Packaging /Users/miguelvelez/Documents/Programming/Scala/Projects/mongo/target/scala-2.12/mongo_2.12-0.1.0-SNAPSHOT-javadoc.jar ...
[info] Done packaging.
[info] published mongo_2.12 to /Users/miguelvelez/.m2/repository/edu/cmu/cs/mvelezce/mongo_2.12/0.1.0-SNAPSHOT/mongo_2.12-0.1.0-SNAPSHOT.pom
[info] published mongo_2.12 to /Users/miguelvelez/.m2/repository/edu/cmu/cs/mvelezce/mongo_2.12/0.1.0-SNAPSHOT/mongo_2.12-0.1.0-SNAPSHOT.jar
[info] published mongo_2.12 to /Users/miguelvelez/.m2/repository/edu/cmu/cs/mvelezce/mongo_2.12/0.1.0-SNAPSHOT/mongo_2.12-0.1.0-SNAPSHOT-sources.jar
[info] published mongo_2.12 to /Users/miguelvelez/.m2/repository/edu/cmu/cs/mvelezce/mongo_2.12/0.1.0-SNAPSHOT/mongo_2.12-0.1.0-SNAPSHOT-javadoc.jar
[success] Total time: 3 s, completed Apr 9, 2017 1:58:49 PM
I then imported this dependency in my pom file:
<dependency>
<groupId>edu.cmu.cs.mvelezce</groupId>
<artifactId>mongo_2.12</artifactId>
<version>0.1.0-SNAPSHOT</version>
</dependency>
When I run mvn compile, I get the following error:
[ERROR] Failed to execute goal on project performance-mapper: Could not resolve dependencies for project edu.cmu.cs.mvelezce:performance-mapper:jar:0.1.0-SNAPSHOT: Failure to find org.mongodb:casbah_2.12:jar:3.1.1 in https://repo.maven.apache.org/maven2 was cached in the local repository, resolution will not be reattempted until the update interval of central has elapsed or updates are forced -> [Help 1]
I know that casbah has several modules and I can import just a few instead of all of them. However, following the documentation in Casbah, I add the enterie library. I also looked at Maven Central and this version of casbah does not have a jar; only the independent modules. I added some of those modules in my pom, but I still got the same error as above. Maven is looking for that complete jar file.
Is there a way to fix this? I thought I could only add the Scala dependencies that I need in my build.sbt file, but I got compilation errors when I did that. Does anybody have sugguestions?
Thanks!
You need to ensure that the Casbah dependency is of type pom in your project. Eg in your pom.xml add the following:
<dependency>
<groupId>org.mongodb</groupId>
<artifactId>casbah_2.11</artifactId>
<version>3.1.1</version>
<type>pom</type>
</dependency>

Maven Jenkins job skips all modules if one fails to build

In Jenkins, I have a Maven project with the following structure:
x proftaakmaven
- AutosimulatieSysteem
- LandenMonitoringSysteem
- PolitieSysteem
x Verplaatsingssysteem
- VerplaatsingREST
- VerplaatsingSOAP
- VerplaatsingCommon
- VerplaatsingenRabbitMQ
- RabbitMQ-Proof-of-Concept
- VerplaatsingenRabbitMQTestClient
The Maven reactor constructs this building order:
[INFO] Reactor Build Order:
[INFO]
[INFO] AutoSimulatie
[INFO] LandenMonitorSysteem
[INFO] PolitieSysteem
[INFO] VerplaatsingenSysteem
[INFO] VerplaatsingenCommon
[INFO] VerplaatsingenREST
[INFO] VerplaatsingenSOAP
[INFO] RabbitMQ-Proof-of-Concept
[INFO] VerplaatsingenRabbitMQ
[INFO] VerplaatsingenRabbitMQTestClient
[INFO] proftaakmaven
However, due to a current failure in 'LandenMonitorSysteem' source code, Maven fails on building the other modules as well. This makes the Jenkins job fail.
I have tried running Maven with --fail-never and --fail-at-end. But neither seem to have any effect.
How would I be able to continue building all the modules, even if one fails?
Thanks.
--fail-at-end should be the thing to use.
If that doesn't work you could use -pl to specify the list of working projects.
If you use the -am flag as well you can specify the target you are interested in building and Maven will calculate the dependency tree for you.
I.E. mvn clean install -pl VerplaatsingenRabbitMQTestClient -am
I have found the solution. The problem was the way that I provided the argument. In Jenkins 2.0, the job should be configured like this :
The settings inside the job

How are maven plugin aliases mapped

I am trying to understand what mvn clean:clean actually does.
mvn -B help:describe -Dcmd=clean
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building sample-one 1.0.0
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] --- maven-help-plugin:2.2:describe (default-cli) # sample-one ---
[INFO] 'clean' is a lifecycle with the following phases:
* pre-clean: Not defined
* clean: org.apache.maven.plugins:maven-clean-plugin:2.5:clean
* post-clean: Not defined
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 0.689 s
[INFO] Finished at: 2015-12-10T10:20:16-08:00
[INFO] Final Memory: 9M/245M
[INFO] ------------------------------------------------------------------------
It appears to me that mvn clean:clean is same as doing mvn org.apache.maven.plugins:maven-clean-plugin:2.5:clean. Therefore I am assuming the first clean in mvn clean:clean is just an alias for org.apache.maven.plugins:maven-clean-plugin:2.5. Similarly mvn maven-surefire-plugin:2.12.4:test is same as mvn surefire:test.
So somehow, maven-surefire-plugin:2.12.4 seems to refer to surefire and org.apache.maven.plugins:maven-clean-plugin:2.5 to clean.
When I look at the effective-pom, I see the following
maven-surefire-plugin
2.12.4
default-test
test
test
maven-clean-plugin
2.5
default-clean
clean
clean
As you can see, the pom doesnt seem to define alias. So following are my questions
Is my understanding about plugin aliases correct
If my understanding about aliases is correct - a) how and where are they defined? b) Is there a way to list all aliases.
From official Maven documentation about plugins development:
Shortening the Command Line
There are several ways to reduce the amount of required typing:
If you need to run the latest version of a plugin installed in your local repository, you can omit its version number. So just use mvn sample.plugin:hello-maven-plugin:sayhi to run your plugin.
You can assign a shortened prefix to your plugin, such as mvn hello:sayhi. This is done automatically if you follow the convention of using ${prefix}-maven-plugin (or maven-${prefix}-plugin if the plugin is part of the Apache Maven project). You may also assign one through additional configuration - for more information see Introduction to Plugin Prefix Mapping.
Finally, you can also add your plugin's groupId to the list of groupIds searched by default. To do this, you need to add the following to your ${user.home}/.m2/settings.xml file:
<pluginGroups>
<pluginGroup>sample.plugin</pluginGroup>
</pluginGroups>
At this point, you can run the mojo with mvn hello:sayhi.
So, alias are not defined in the pom file but part of built-in mechanism of maven. Further details are also provided in the official documentation about Plugin Prefix Resolution.

Sonar analysis causes 0 files indexed on a maven project through Jenkins

I am trying to integrate a standard maven project with SonarQube through Jenkins. SonarQube has been added a Post-Build Action to the project build.
I can see Sonar invoked correctly in the console output of the build, but it doesn't find any files to index. The Sonar analysis finishes successfully as far as I can tell but reports are empty.
The same command run locally from command line against a local SonarQube installation works correctly.
Jenkins: 1.605
Sonar: 5.1 (runs on the same machine as Jenkins, off a
MySQL DB)
Jenkins Maven Plugin: 2.8
Jenkins SonarQube Plugin: 2.2
I've added SonarQube section in Jenkins -> Configure Jenkins section with server URL and DB URL.
The only configuration parameter on SonarQube additional properties in projects post build actions is -Dsonar.scm.disabled=true, which I believe turns off the uncommitted files check.
[sonarcore] $ /usr/share/apache-maven/bin/mvn -f /var/lib/jenkins/workspace/sonarcore/myproject-core/pom.xml -e -B sonar:sonar -Dsonar.scm.disabled=true -Dsonar.jdbc.url=jdbc:mysql://localhost:3306/sonar?autoReconnect=true&useUnicode=true&characterEncoding=utf8 -Dsonar.host.url=http://localhost:9000/
[INFO] Error stacktraces are turned on.
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building myproject-core 0.0.1-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] --- sonar-maven-plugin:2.5:sonar (default-cli) # myproject-core ---
[INFO] SonarQube version: 5.1
INFO: Default locale: "en_US", source code encoding: "UTF-8"
INFO: Work directory: /var/lib/jenkins/workspace/sonarcore/myproject-core/target/sonar
INFO: SonarQube Server 5.1
[INFO] [10:23:00.144] Load global repositories
[INFO] [10:23:00.327] Load global repositories (done) | time=185ms
[INFO] [10:23:00.336] Server id: 20150413092802
[INFO] [10:23:00.338] User cache: /var/lib/jenkins/.sonar/cache
[INFO] [10:23:00.353] Install plugins
[INFO] [10:23:00.409] Install JDBC driver
[INFO] [10:23:00.422] Create JDBC datasource for jdbc:mysql://localhost:3306/sonar?autoReconnect=true&useUnicode=true&characterEncoding=utf8
[INFO] [10:23:01.722] Initializing Hibernate
[INFO] [10:23:03.174] Load project repositories
[INFO] [10:23:03.198] Load project repositories (done) | time=24ms
[INFO] [10:23:03.198] Load project settings
[INFO] [10:23:03.424] Load technical debt model
[INFO] [10:23:03.447] Apply project exclusions
[INFO] [10:23:03.647] ------------- Scan myproject-core
[INFO] [10:23:03.651] Load module settings
[INFO] [10:23:03.758] Load rules
[INFO] [10:23:03.826] Base dir: /var/lib/jenkins/workspace/sonarcore/myproject-core
[INFO] [10:23:03.826] Working dir: /var/lib/jenkins/workspace/sonarcore/myproject-core/target/sonar
[INFO] [10:23:03.827] Source paths: pom.xml, src/main/java
[INFO] [10:23:03.827] Test paths: src/test/java
[INFO] [10:23:03.827] Binary dirs: target/classes
[INFO] [10:23:03.828] Source encoding: UTF-8, default locale: en_US
[INFO] [10:23:03.828] Index files
[INFO] [10:23:03.853] 0 files indexed
[INFO] [10:23:03.894] Sensor Lines Sensor
[INFO] [10:23:03.895] Sensor Lines Sensor (done) | time=1ms
[INFO] [10:23:03.896] Sensor QProfileSensor
I found another similar thread on SO that said I need to install more plugins, but I haven't been able to find which plugins do I need.
Analysing with SonarQube causes 0 files indexed and no reports (Maven Project)
I havent added SonarQube Runner on Jenkins as I don't think it is needed. Please see here https://stackoverflow.com/a/13473275/4473028
In your server:
You need to have installed the Sonar runner on your server and you need to have the variable SONAR_RUNNER_HOME properly set.
In your jenkins configuration:
You need to set the configurations for the sonarQube Scanner like this:
Sonar configuration in Global Tool Configuration
Once you install the plugin, you will be able to configure it as a step of execution in the configuration of the job.
In your job configuration:
You need to indicate the path of the sonar-project.properties file and the instance of sonnar-runner that you already configured in the step before like this: sonar step configuration

Maven error: "You don't have a SNAPSHOT project in the reactor projects list."

What on earth does this mean? Cant find any help via google.
> mvn release:prepare
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building Base 1.0.5
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] --- maven-release-plugin:2.3.2:prepare (default-cli) # base ---
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1.386s
[INFO] Finished at: Tue Oct 08 08:22:46 EST 2013
[INFO] Final Memory: 9M/81M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-release-plugin:2.3.2:prepare (default-cli) on project base: You don't have a SNAPSHOT project in the reactor projects list. -> [Help 1]
release:prepare command is supposed to prepare your snapshot project for the release. It sounds like you don't have such a snapshot project.
Here's the full details what it'll do: http://maven.apache.org/maven-release/maven-release-plugin/examples/prepare-release.html
If you're sure you should be releasing, you should be working on a maven module that has version ending with -SNAPSHOT.
Update: like noted by #khmarbaise in the comments, if your release has failed, you should do release:rollback to go back to previous state. Note though that it is not supported if you release through jenkins (jenkins issue), and it won't rollback the tags.
Don't needed manually edit pom.xml.
You can use "mvn versions:set" for batch update, something like this:
mvn versions:set -DnewVersion=1.0.3-SNAPSHOT
I've had the same error with Jenkins. In a previous release, Jenkins updated the version of the POM to a non-snapshot version, but the build failed before Jenkins could set the version to a -SNAPSHOT version again. Afterwards, making a release resulted in the error described above.
Fixing this is easy: just manually change the version of your app in pom.xml to a -SNAPSHOT version.
I know this is an old question but I had this issue recently and I found 2 solutions that others may find useful. I am using bamboo as my CI tool. The issue was that there was an error in the bamboo build leaving bamboo in an incorrect state. It had locally updated my project pom.xml with the new release version but had not checked this into SVN. The two solution that worked for me were:
Either
Delete the bamboo build-dir directory for the project and run the release again: rm -rf /opt/bamboo-home/xml-data/build-dir/PROJECT_NAME-RELEASE-JOB1
OR
Run the maven release from the command line using the following commands:
mvn release:prepare -DignoreSnapshots -Dresume=false
mvn release:perform
No need to update versions manually as that is time consuming, if version change is all you need, there is a different command that only updates the pom versions, just like updating them manually:
mvn versions:set -DgenerateBackupPoms=false -DnewVersion=1.0.XX-SNAPSHOT

Categories