.m2 is not getting updated with latest xmlbeans jar files - jenkins

I do have a jenkins job that builds XML beans jar files from the internal gitlab project and puts it on the artifactory. While having a build, this XML beans jar files are downloaded to the .m2 maven local repository. However, if this jar file exists in the .m2 repository then maven does not bother to download it from the artifactory. With being said, if there is a gitlab change, it does build it and put it on the artifactory. As there is already a jar file exist in .m2 repository, an old jar file is not being replaced with the new one. We ended up a wrong dependency to the customer with a release.
The question is , What am I doing wrong here?

mvn clean install -U
-U means maven will force update snapshot dependencies. Release dependencies can't not be updated this way.

Related

How to update log4j-1.2.12.jar file in jenkins

I have this log4j-1.2.12.jar file in my jenkins server
Path to it: /data/jenkins/.m2/repository/log4j/log4j/1.2.12/log4j-1.2.12.jar I got this Apache Log4j Unsupported Version Detection message from security team, how to resolve this I tried downloading the latest version but it is something like this log4j-api-2.19.0.jar
No, it's not "in Jenkins", more accurately, log4j is not a part of Jenkins. Jenkins consumes its jars from the exploded war in ${JENKINS_HOME}/war/WEB-INF/lib. It is not located there.
If a plugin consumes log4j, that would be found within the exploded plugin directory at ${JENKINS_HOME}/plugins/<plugin_name>/WEB-INF/lib. The status of log4j as it related to most plugins was tracked under JENKINS-67353.
What you are referencing is the maven local repository, .m2/repository. This structure is created when running a maven build on the controller; the dependency jars specified in (one of) your build's pom.xml.
The guidance in the comments is correct; find the appropriate pom.xml and update it, then rebuild.
You can verify these claims by deleting the entire .m2 directory (or moving / zip;delete if you are paranoid) and restarting Jenkins. You'll discover Jenkins is running fine and the directory remains empty. Run your maven jobs and it will repopulate, including log4j-1.2.12.jar, assuming it's still specified in your pom.xml. Fix your maven pom.xml, delete the directory, rerun your jobs and it should not reappear.
Perhaps you have already updated your pom.xml but never cleared out your local maven repository, then it will not repopulate (you could check the timestamp of the directory to know when it was first/last downloaded).
You can also delete referenced portions of the repository by specifying mvn dependency:purge-local-repository and adding -DreResolve=false to avoid re-resolving. Of course, if you've already updated the pom.xml, it would remain since it's not referenced in the pom.xml` (yes, it would be nice if there was an option to purge all or most of a repository or all version of a given jar, but ...).

Isolate maven jar dependencies that are unavailable from maven central

I am attempting to refactor a maven build process, and I am trying to populate a local maven repository to help with this refactor.
My build depends on obsolete versions of jar files that exist only in a maven repo on my network (not in maven central). Example: org.foo:example:1.7:jar
I have been attempting to run my maven build in a docker image image with the hope that I could identify all of the obsolete components being pulled from my maven repository.
My goal is to explicitly pull down dependencies from my maven repo and then build the application using only maven central as an external repository.
I have a docker file to run the build
FROM maven:3-jdk-8 as build
WORKDIR /build
# This pom.xml file only references maven central.
COPY pom.xml .
# Explicitly download artifacts into /root/.m2/...
RUN mvn dependency:get -Dartifact=org.foo:example:1.7.jar \
-DrepoUrl=https://my.maven.repo
# Run the build making use of the dependencies loaded into the local repo
RUN mvn install
Unfortunately, I see an error: could not resolve dependencies for project ... The following artifacts could not be resolved: org.foo:example:jar:1.7.
I presume there might be some metadata in my local org.foo:example:1.7:pom that has an awareness of its origin repository. I had hoped I could satisfy this dependency by pulling it into my local repository.
I also attempted to add the following flag
RUN mvn install --no-snapshot-updates
After further investigation, I discovered that the downloads in my .m2/repository contained files named _remote.repositories.
Solution: set -Dmaven.legacyLocalRepo=true when running dependency:get
With this flag, the _remote.repositories files are not created.
RUN mvn dependency:get -Dmaven.legacyLocalRepo=true \
-Dartifact=org.foo:example:1.7.jar \
-DrepoUrl=https://my.maven.repo
This question helped to provide a solution: _remote.repositories prevents maven from resolving remote parent

POM not released using Jenkins and Artifactory Release

We're trying to use the Artifactory release process in Jenkins to publish a jar file created by a Gradle build into a Maven repo in our Artifactory server.
It nearly all works, the only issue is that the pom file isn't being copied into the Artifactory repo.
The Gradle build includes the Gradle Maven plugin and running gradlew install locally results in both the jar and the pom inserted into the local Maven repo.
I've added a task in the Gradle build that generates the pom file in the same directory as the jar file and changed the Jenkins build to run that task too.
When the build has completed I can see both the jar and the pom file in the workspace.
Any ideas on what I need to do to get the pom file published along with the jar?
We're using:
Jenkins 2.10
Artifactory plugin 2.4.4
Gradle 2.14
The Gradle build file does not inlcude the Gradle Artifactory plugin.
Cheers, Andy
The Jenkins project is configured to use the Gradle-Artifactory integration (rather than the Generic-Artifactory integration).
As suggested by Dakota Brown I'm answering my own question, the solution to my problem was to un-tick the maven3 integration option. With that option unslected, everything works as expected.

Maven - How to force maven to consider my updated jar from local maven repository

I have a question related to maven - generating a war. Please see below.
- In one of my project (war), I am using a 3rd party jar (-SNAPSHOT version) whose entry I have made into my project pom.xml. So far it gets bundled correctly into the project war.
- But we encountered one issue in one of the java file inside this jar. For which my developer took the source code for the jar and modified-compiled and updated the jar file into local maven_repo directory.
- But whenever I build the project using maven clean:install command, my updated jar gets deleted from my local maven-repo dir and a fresh copy is downloaded from remote maven repo (where the actual 3rd party jar resides).
Can someone please help on this how can I manage so that maven use my modified jar and does not replace it with old jar during build process.
I am using maven-3.2.5.
you can run maven offline by running with the "-o" argument.
Example:
mvn clean install -o
Keep in mind that this will affect all your other dependencies and your need to have all the dependencies in your local .m2 repository.
Here is another thread taking up the issue of running maven offline:
How do I configure Maven for offline development?

Building a Maven Project with Files in a Local Repo

I've installed two libraries to my local repository (JGraph and JGraphtT). I used this command:
mvn install:install-file -DgroupId=org.jgrapht -DartifactId=jgrapht -Dversion=0.8.3 -Dpackaging=jar -Dfile=./jgrapht.jar
and similar for JGraph. I can see that the two Jar files are in my local repository.
When I try to create Eclipse classpath and build files from the directory of my project's POM file (using mvn eclipse:eclipse), I get this error:
[WARNING] Missing POM for org.jrapht:jgrapht:jar:0.8.3
and similar for JGraph.
Any ideas on what I'm doing wrong? My settings.xml file has the local repository enabled.
Thanks,
Keith

Resources