Skip to content

Handle central-publishing-maven-plugin for skipNotDeployed detection#604

Open
apupier wants to merge 1 commit intoCycloneDX:masterfrom
apupier:597-handleCentralMavenPublishingPlugin
Open

Handle central-publishing-maven-plugin for skipNotDeployed detection#604
apupier wants to merge 1 commit intoCycloneDX:masterfrom
apupier:597-handleCentralMavenPublishingPlugin

Conversation

@apupier
Copy link
Copy Markdown

@apupier apupier commented May 12, 2025
edited by hboutemy
Loading

this is the plugin replacing nexus-maven-plugin.
The goal used by this plugin is publish and not deploy as other ones

we can notice on the output that it is publish, for instance from https://central.sonatype.org/publish/publish-portal-maven/#publishing

[INFO] --- central-publishing-maven-plugin:0.7.0:publish (injected-central-publishing) @ example ---

fix #597

Edit: this is about skipNotDeployed detection #416 / #435
central-publishing-maven-plugin configures all POMs as "maven-deploy-plugin skip" to replace the deployment mechanism: cyclonedx-maven-plugin needs to detect the use of central-publishing-maven-plugin to adapt its "skip" detection approach

@apupier
Copy link
Copy Markdown
Author

apupier commented May 12, 2025
edited
Loading

I think it will be worthy to add a test. (not understood well how to write a good integration test here yet).
EDIT: one test added for the main test case

i'm also wondering if we should increase the plugin number to 2.30.0 as this is a new feature.

@apupier apupier force-pushed the 597-handleCentralMavenPublishingPlugin branch from 90cb8a6 to 6d467ae Compare May 12, 2025 14:56
@apupier apupier marked this pull request as ready for review May 12, 2025 15:18
ppkarwasz
ppkarwasz suggested changes May 13, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@ppkarwasz ppkarwasz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! 💯

Could you also add two tests to src/it/makeAggregateBom/skipped?

@apupier
Handle central-publishing-maven-plugin out of the box
755491c 
this is the plugin replacing nexus-maven-plugin.
The goal used by this plugin is `publish` and not `deploy` as other ones

Added tests covering the case of automatic bom generation when using
this new Maven plugin and also when skipping it explicitly

fix CycloneDX#597

Signed-off-by: Aurélien Pupier <apupier@redhat.com>
@apupier apupier force-pushed the 597-handleCentralMavenPublishingPlugin branch from 6d467ae to 755491c Compare May 13, 2025 13:36
@apupier apupier requested a review from ppkarwasz May 13, 2025 13:37
@apupier
Copy link
Copy Markdown
Author

apupier commented May 13, 2025

Could you also add two tests to src/it/makeAggregateBom/skipped?

I added the two tests when skipping

ppkarwasz
ppkarwasz approved these changes May 13, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@ppkarwasz ppkarwasz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@ppkarwasz
Copy link
Copy Markdown
Contributor

ppkarwasz commented May 13, 2025

@hboutemy,

This PR will solve the immediate problem of projects that use the central-publishing-maven-plugin, where by default the generation of the CycloneDX SBOM is skipped. Could you take a look at this?

Since deployment plugins start appearing like mushrooms after a rain, in the long term we need a different strategy to deal with this.

@apupier
Copy link
Copy Markdown
Author

apupier commented Jun 23, 2025

Any chances to have it reviewed?

The service and so old plugin will be decommissioned in a week https://central.sonatype.org/news/20250326_ossrh_sunset/ , I suspect that potentially a lot of users will hit this issue

@stevespringett
Copy link
Copy Markdown
Member

stevespringett commented Jun 24, 2025

org.cyclonedx has been migrated to the Central Portal.

@apupier
Copy link
Copy Markdown
Author

apupier commented Jun 25, 2025

org.cyclonedx has been migrated to the Central Portal.

@stevespringett Can you clarify the exact link with the reported issue please?

@hboutemy
Copy link
Copy Markdown
Contributor

hboutemy commented Jul 4, 2025
edited
Loading

I'll have to rephrase the title of this PR, as it is confusing: Steve reads it as "cyclonedx-maven-plugin already uses central-publishing-maven-plugin to publish to Maven Central"
but the intent of this PR is "support central-publishing-maven-plugin for skipNotDeployed" like what happens to other plugins doing skip detection apache/maven-artifact-plugin#173 (in that case, the parameter is called detectSkip but same logic)

I should have more time in future weeks to work on cyclonedx-maven-plugin: thanks for the work and patience

@hboutemy hboutemy changed the title Handle central-publishing-maven-plugin out of the box Handle central-publishing-maven-plugin for skipNotDeployed detection Jul 4, 2025
@hboutemy hboutemy self-assigned this Jul 4, 2025
@hboutemy hboutemy added this to the 2.9.2 milestone Jul 4, 2025
@hboutemy hboutemy added the major-rfe Major Enhancement label Jul 4, 2025
@hboutemy hboutemy mentioned this pull request Jul 4, 2025
Closed
@hboutemy hboutemy mentioned this pull request Sep 8, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@ppkarwasz ppkarwasz ppkarwasz approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@hboutemy hboutemy

Labels

enhancement major-rfe Major Enhancement

Projects

None yet

Milestone

2.10.0

Development

Successfully merging this pull request may close these issues.

Feature: Teach plugin to handle central-publishing-maven-plugin extension as deployment type

4 participants

@apupier @ppkarwasz @stevespringett @hboutemy