Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Plugin does not use repositories specified in the project's pom #436

Open
elahrvivaz opened this issue Nov 28, 2023 · 9 comments
Open

Plugin does not use repositories specified in the project's pom #436

elahrvivaz opened this issue Nov 28, 2023 · 9 comments

Comments

@elahrvivaz
Copy link

The plugin fails to load jars from 3rd party repositories, even if they are defined in the pom. It prints out warnings such as:

[WARNING] Unable to create Maven project for org.geotools:gt-referencing:jar:28.2 from repository.

This particular jar comes from https://repo.osgeo.org/repository/release.

As a work-around, the plugin is able to resolve repositories if they are defined in a profile in ~/.m2/settings.xml, but this makes the project non-portable. The project can also be built with a bundled settings.xml (e.g. mvn -s cyclonedx-settings.xml), but then any user configuration in the default ~/.m2/settings.xml is not picked up.

As an example, see https://github.com/elahrvivaz/geomesa/tree/2058f9222c964c38ca96a9de4d77cda8eb3ea11f

@garydgregory
Copy link

garydgregory commented Apr 19, 2024

I am running into the same problem! Arg. I'd like to upvote this issue please. I have a few repos defined in my POM's repositories section and they are being ignored which causes warnings, and an incomplete SBOM.

@LeeBreisacher
Copy link

I would like to see this fixed too.

@tomaswolf
Copy link

So do I. I'm running into this in one of several projects. Unfortunately, it's private repos that I cannot share, and I don't see what's so special about the one project where it occurs. It works fine in other projects.

The work-around mentioned (define a profile with the repos in ~/.m2/settings.xml and activate that profile) works for me. Defining the same profile in pom.xml or defining the repos directly in pom.xml doesn't.

The warning is preceded by some info messages:

[INFO] Artifact xxx:yyy:pom:0.42.0 is present in the local repository, but cached from a remote repository ID that is unavailable in current build context, verifying that is downloadable from [...]
[INFO] Artifact xxx:yyy:pom:0.42.0 is present in the local repository, but cached from a remote repository ID that is unavailable in current build context, verifying that is downloadable from [...]
[WARNING] Unable to create Maven project for xxx:yyy:jar:0.42.0 from repository.

(Yes, the same info message twice.) The problem occurs in different environments (CI builds or local developer machine, Linux or Windows).

I suppose it would be useful if one could put together a simple public reproducer. Not sure the GeoMesa example counts as "simple"...

@garydgregory
Copy link

This is happening for me with a private Artifactory repository which cannot be shared.

@norrisjeremy
Copy link

Are there any plans to address this issue?

@ppkarwasz
Copy link
Contributor

The ignore transitive repositories flag backported to Maven 3.x, might provide a workaround for this issue.

@elahrvivaz
Copy link
Author

The ignore transitive repositories flag backported to Maven 3.x, might provide a workaround for this issue.

Could you elaborate on the work-around? In this case, we are declaring repositories in the pom.xml <repositories> tag, but they are not being used. From a quick look, it seems like ignoring transitive repositories would fix the opposite problem (repositories being used that aren't declared in the pom).

Thanks,

@ppkarwasz
Copy link
Contributor

Could you elaborate on the work-around? In this case, we are declaring repositories in the pom.xml <repositories> tag, but they are not being used. From a quick look, it seems like ignoring transitive repositories would fix the opposite problem (repositories being used that aren't declared in the pom).

Sorry, I didn't read the original problem. Sure, this should fix the opposite problem of what you are having.

@garydgregory
Copy link

Hi all,
Where are we on this one?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

6 participants