In our build scripts, we explicitly specify the version of the Maven plugins that we use. This is required in order to create reproducible builds. In the absence of the version, Maven gives a warning such as the following:
[WARNING] Some problems were encountered while building the effective model for com.packt.cookbook:project-with-exec:jar:1.0-SNAPSHOT [WARNING] 'build.plugins.plugin.version' for org.codehaus.mojo:exec-maven-plugin is missing. @ line 42, column 17 [WARNING] [WARNING] It is highly recommended to fix these problems because they threaten the stability of your build. [WARNING] [WARNING] For this reason, future Maven versions might no longer support building such malformed projects.
Over a period of time, there could be updates to these plugins. It would be good to know if there are any so that we can suitably update the plugin versions. Let us see how we can do this.
- Take a project for which you want to check the plugin update (
project-with-exec). - Change the version of the plugin to an older one:
<artifactId>exec-maven-plugin</artifactId> <version>1.2</version>>
- Run the following command:
mvn versions:display-plugin-updates - Observe the output:
[INFO] --- versions-maven-plugin:2.0:display-plugin-updates (default-cli) @ proj ect-with-exec --- [INFO] [INFO] All plugins with a version specified are using the latest versions. ... [WARNING] The following plugins do not have their version specified: [WARNING] maven-clean-plugin .......................... (from super-pom) 2.5 [WARNING] maven-compiler-plugin ....................... (from super-pom) 3.1 ... [WARNING] Project does not define minimum Maven version, default is: 2.0 [INFO] Plugins require minimum Maven version of: 2.2.1 ... [ERROR] Project does not define required minimum version of Maven. [ERROR] Update the pom.xml to contain [ERROR] <prerequisites> [ERROR] <maven>2.2.1</maven> [ERROR] </prerequisites> ... [INFO] Require Maven 2.2.1 to use the following plugin updates: [INFO] maven-jar-plugin ................................................ 2.5 [INFO] maven-site-plugin ............................................... 3.2 [INFO] org.codehaus.mojo:exec-maven-plugin ........................... 1.3.2
The display-plugin-updates goal of the Maven Versions plugin downloads the metadata for all the plugins specified in the pom file and then produces a report. The report reveals a number of things that are of interest.
- A
prerequisitestag is absent. Theprerequisitestag in the pom file specifies the minimum version of Maven that is required to build the project. In the absence of this, Maven takes the minimum version as2.0. There is a risk of nonreproducible builds if different developers use different versions of Maven. Hence, it is a good practice to specify a minimum version by using this tag. - There is a warning about plugin versions not being defined. As we have seen, plugins in the pom file don't need to be specified explicitly unless they need to be configured. Now, Maven still uses various plugins for execution (such as clean, resources, compile, test, and so on) and it needs to determine the version to be used. It uses the version specified by the super pom, which is fine in most cases. However, the Versions plugin alerts us that this is the case, so we can take action as appropriate.
- There is a difference in plugin versions based on the Maven version. The report specifies different versions of various plugins based on the Maven version used. This is all the more reason why it is important to specify a prerequisite.
As the output indicates, if we specify that we need at least the 2.2.1 version of Maven, then we can see that there is a newer version of the Maven Exec plugin, which is 1.3.2.
Let us now specify the prerequisites element in the pom file and see how it affects the output of the goal:
- Add the following to the pom file:
<prerequisites> <maven>3.2.5</maven> </prerequisites> - Run the following command:
mvn versions:display-plugin-updates - Observe the output:
[INFO] --- versions-maven-plugin:2.0:display-plugin-updates (default-cli) @ project-with-exec --- ... [INFO] [INFO] The following plugin updates are available: [INFO] org.codehaus.mojo:exec-maven-plugin .................... 1.2 -> 1.3.2 [INFO]
We now see that the plugin reports a plugin update based on the prerequisite that we specified.
It is difficult to determine if there are updates to plugins that we do not explicitly define in the pom file. For instance, as per the output from the preceding command, which is as follows:
[WARNING] The following plugins do not have their version specified: [WARNING] maven-clean-plugin .......................... (from super-pom) 2.5 [WARNING] maven-compiler-plugin ....................... (from super-pom) 3.1 [WARNING] maven-deploy-plugin ......................... (from super-pom) 2.7 [WARNING] maven-install-plugin ........................ (from super-pom) 2.4
However, as of writing this book, the latest version of the Maven Clean plugin is 2.6.1, that of the Maven Compiler plugin is 3.2, and so on. The version that the super pom has is the version that must have been the latest when it was created. The versions of these dependencies become important when bugs or newer features are present in the newer versions. In this case, we do want to get the newer version of these plugins. It is easy to get these by explicitly specifying the version of the plugins in the pom file.
Add the following to the pom file:
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-clean-plugin</artifactId>
<version>2.5</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.1</version>
</plugin>Now, re-run the previous command and note the output:
[INFO] The following plugin updates are available: [INFO] maven-clean-plugin ..................................... 2.5 -> 2.6.1 [INFO] maven-compiler-plugin .................................... 3.1 -> 3.2 [INFO] org.codehaus.mojo:exec-maven-plugin .................... 1.2 -> 1.3.2