fix outdated maven version

v3.8.8 is too old, at least 3.9.6 is required by maven-hpi-plugin
jenkinsci · Nov 27, 2024 · 27618ea · 27618ea
1 parent f8e2281
commit 27618ea
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 13 deletions.
diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml
@@ -25,6 +25,10 @@ jobs:
         uses: actions/setup-node@v4
         with:
           node-version: 'lts/*'
+      - name: Set up Maven
+        uses: stCarolas/setup-maven@v5
+        with:
+          maven-version: 3.9.9
       - name: check Sonar pre-conditions
         id: check_sonar
         continue-on-error: true
@@ -35,15 +39,15 @@ jobs:
         shell: bash
       - name: Build with Sonar
         id: build_sonar
-        if: matrix.java == '17' && steps.check_sonar.outcome == 'success' && !startsWith(github.head_ref, 'dependabot/')
+        if: matrix.java == 17 && steps.check_sonar.outcome == 'success' && !startsWith(github.head_ref, 'dependabot/')
         env:
           SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }}
           SONAR_ORGANIZATION: ${{ secrets.SONARCLOUD_ORGANIZATION }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: mvn -B -e -X clean test verify package sonar:sonar -Dsonar.host.url=https://sonarcloud.io -Dsonar.projectKey=org.jenkins-ci.plugins:dependency-track -Dsonar.organization=$SONAR_ORGANIZATION -Dsonar.token=$SONAR_TOKEN
+        run: mvn -B -T 1C package sonar:sonar -Dsonar.host.url=https://sonarcloud.io -Dsonar.projectKey=org.jenkins-ci.plugins:dependency-track -Dsonar.organization=$SONAR_ORGANIZATION -Dsonar.token=$SONAR_TOKEN
       - name: Build without Sonar
         if: steps.build_sonar.conclusion == 'skipped'
-        run: mvn -B -e -X clean test verify package
+        run: mvn -B -T 1C package
       - name: Sonar Quality Gate check
         id: sonarqube-quality-gate-check
         uses: sonarsource/sonarqube-quality-gate-action@master
@@ -54,7 +58,7 @@ jobs:
           SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }}
           SONAR_ORGANIZATION: ${{ secrets.SONARCLOUD_ORGANIZATION }}
       - uses: actions/upload-artifact@v4
-        if: matrix.java == '17' && success()
+        if: matrix.java == 17 && success()
         with:
           path: target/dependency-track.hpi
           name: dependency-track.hpi
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -32,7 +32,7 @@ jobs:
         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
         # Learn more:
         # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
-        java: [11]
+        java: [17]
 
     steps:
     - name: Checkout repository
@@ -43,15 +43,19 @@ jobs:
       if: matrix.language == 'java'
       with:
         java-version: ${{ matrix.java }}
-        distribution: 'temurin'
+        distribution: 'zulu'
+        cache: 'maven'
 
-    - name: Cache Maven packages
-      uses: actions/cache@v4
+    - name: Set up Maven
+      uses: stCarolas/setup-maven@v5
       if: matrix.language == 'java'
       with:
-        path: ~/.m2
-        key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
-        restore-keys: ${{ runner.os }}-m2
+        maven-version: 3.9.9
+
+    - name: Set up Node.js
+      uses: actions/setup-node@v4
+      with:
+        node-version: 'lts/*'
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

diff --git a/pom.xml b/pom.xml
@@ -368,6 +368,19 @@
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-enforcer-plugin</artifactId>
                 <executions>
+                    <execution>
+                        <id>enforce-maven</id>
+                        <goals>
+                            <goal>enforce</goal>
+                        </goals>
+                        <configuration>
+                            <rules>
+                                <requireMavenVersion>
+                                    <version>[3.9.6,)</version>
+                                </requireMavenVersion>
+                            </rules>    
+                        </configuration>
+                    </execution>
                     <execution>
                         <id>enforce npm-managed files exists</id>
                         <goals>
@@ -558,14 +571,14 @@
     <repositories>
         <repository>
             <id>repo.jenkins-ci.org</id>
-            <url>https://repo.jenkins-ci.org/public/</url>
+            <url>https://repo.jenkins-ci.org/releases/</url>
         </repository>
     </repositories>
 
     <pluginRepositories>
         <pluginRepository>
             <id>repo.jenkins-ci.org</id>
-            <url>https://repo.jenkins-ci.org/public/</url>
+            <url>https://repo.jenkins-ci.org/releases/</url>
         </pluginRepository>
     </pluginRepositories>