sonar-findbugs
sonar-findbugs copied to clipboard
spotbugs
Missing version in release artifact filename
In previous releases version information was always included in the artifact filename. This is standard for sonar plugins (also other than findbugs):
https://github.com/spotbugs/sonar-findbugs/releases/download/4.4.2/sonar-findbugs-plugin-4.4.2.jar https://github.com/spotbugs/sonar-findbugs/releases/download/4.4.1/sonar-findbugs-plugin-4.4.1.jar https://github.com/spotbugs/sonar-findbugs/releases/download/4.4.0/sonar-findbugs-plugin-4.4.0.jar https://github.com/spotbugs/sonar-findbugs/releases/download/v4.3.0/sonar-findbugs-plugin-4.3.0.jar https://github.com/spotbugs/sonar-findbugs/releases/download/4.2.10/sonar-findbugs-plugin-4.2.10.jar [...]
Since 4.5.0 (and most recent 4.5.1) the version information is missing:
https://github.com/spotbugs/sonar-findbugs/releases/download/4.5.1/sonar-findbugs-plugin.jar https://github.com/spotbugs/sonar-findbugs/releases/download/4.5.0/sonar-findbugs-plugin.jar
Please include it again for consistency.
Hello, thanks for reporting the issue. There was a problem with the build running on Github actions and I built the plugin on my computer.
Hello @hazendaz, is there something I can help with to resolve the issue with the GPG key?
I don't know if gpg is an issue here, but failure was due to the sonatype backend. At end of the month, the old sonatype endpoint for central goes away. I migrated spotbugs to the new central month or so ago. I can take care of updating this project over the weekend. It's not overly complicated to switch over. Ossrh becomes central, the distro config changes, and there is a new central publishing plugin. So that means changes to the pom and the action.
The gpg issue I think is just completely corrupted and needs replaced. It's not mine and only place I thought that was used was on the core which additionally has a file for gpg in the repo that I think is bad practice. I've only briefly looked at it but if similar issue here, it's probably easier to fix this project given its maven. Feel free to try to address gpg key. Although I'm not sure of the benefit of having the action do everything. I release all my Maven projects off my machine. Seems that would be just as easy here. At the very least we should have this project back online by end of the weekend. I'm not so certain the same can be said of spotbugs core. My gradle skills are very limited.
Sent from my Verizon, Samsung Galaxy smartphone Get Outlook for Androidhttps://aka.ms/AAb9ysg
From: Guillaume Toison @.> Sent: Wednesday, June 4, 2025 12:26:23 PM To: spotbugs/sonar-findbugs @.> Cc: Jeremy Landis @.>; Mention @.> Subject: Re: [spotbugs/sonar-findbugs] Missing version in release artifact filename (Issue #1277)
[https://avatars.githubusercontent.com/u/86775455?s=20&v=4]gtoison left a comment (spotbugs/sonar-findbugs#1277)https://github.com/spotbugs/sonar-findbugs/issues/1277#issuecomment-2940655120
Hello, thanks for reporting the issue. There was a problem with the build running on Github actions and I built the plugin on my computer.
Hello @hazendazhttps://github.com/hazendaz, is there something I can help with to resolve the issue with the GPG key?
— Reply to this email directly, view it on GitHubhttps://github.com/spotbugs/sonar-findbugs/issues/1277#issuecomment-2940655120, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAHODI2GYLWQWS2UJI6LSY33B4M27AVCNFSM6AAAAAB6SQTOOCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDSNBQGY2TKMJSGA. You are receiving this because you were mentioned.Message ID: @.***>
You're right, I've made #1278 to migrate off ossrh I couldn't test it since I do not have the sonatype rights though, could you please assist when you have some time?
I'll get you added this weekend so you have those rights. I put one comment on your pull request as the repository mention only uses snapshots. So no endpoint there for release other than that central plugin. Do double check the spotbugs maven plugin to see that. I've released dozens of items to new central since moving over.
Sent from my Verizon, Samsung Galaxy smartphone Get Outlook for Androidhttps://aka.ms/AAb9ysg
From: Guillaume Toison @.> Sent: Thursday, June 5, 2025 2:04:18 AM To: spotbugs/sonar-findbugs @.> Cc: Jeremy Landis @.>; Mention @.> Subject: Re: [spotbugs/sonar-findbugs] Missing version in release artifact filename (Issue #1277)
[https://avatars.githubusercontent.com/u/86775455?s=20&v=4]gtoison left a comment (spotbugs/sonar-findbugs#1277)https://github.com/spotbugs/sonar-findbugs/issues/1277#issuecomment-2942884556
You're right, I've made #1278https://github.com/spotbugs/sonar-findbugs/pull/1278 to migrate off ossrh I couldn't test it since I do not have the sonatype rights though, could you please assist when you have some time?
— Reply to this email directly, view it on GitHubhttps://github.com/spotbugs/sonar-findbugs/issues/1277#issuecomment-2942884556, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAHODI457EGNMFPCJ34CFGD3B7MWFAVCNFSM6AAAAAB6SQTOOCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDSNBSHA4DINJVGY. You are receiving this because you were mentioned.Message ID: @.***>