maven-wrapper icon indicating copy to clipboard operation
maven-wrapper copied to clipboard
verified publisher icon apache

Support Maven 4 by setting maven.mainClass to MavenCling

Open hazendaz opened this issue 4 months ago • 9 comments

Maven 4 changed how it works, as a result maven wrapper has been broken for a while. You can see a working usage of this change here https://github.com/spotbugs/spotbugs-maven-plugin/actions/runs/17228298032. If unable to see, see the github job here that customized updating wrapper to run on maven 4 here https://github.com/spotbugs/spotbugs-maven-plugin/blob/master/.github/workflows/it-maven-4.0.0.yaml by skipping the update to maven 4 and adjusting the wrapper to simply run maven 4 which is addressed by the changes here.

hazendaz avatar Aug 26 '25 22:08 hazendaz

This is no longer necessary with the upcoming Maven 4 version: https://github.com/apache/maven/commit/f77fe3cbb84eba2fcfe77fd6cd1a8d42d7e38408

kwin avatar Aug 27 '25 06:08 kwin

And it is deprecated with only-script which is default should be works

slawekjaranowski avatar Aug 27 '25 07:08 slawekjaranowski

Hi @kwin, I'm glad to see maven core is fixed. However, is there harm in having this as it does nothing and even works still with maven 3? That at least allows the broken releases to proceed to working state. I have to keep using this patch for anything I'm testing with maven 4 currently as that fix is not released. At work I already scaled that out and protect on top so its not a concern for me there but could see people trying to use various beta / rc versions of maven to check for other issues and they will run into this problem. Maybe a comment added that its to fix specifically the few versions affected would be a compromise. I'm fine either way though as I'm not impacted at this point for my needs.

Affected versions are: beta-5 to rc-4

hazendaz avatar Aug 30 '25 19:08 hazendaz

@hazendaz why do you not use a script-only type of wrapper?

slawekjaranowski avatar Sep 01 '25 18:09 slawekjaranowski

@slawekjaranowski unsure why @hazendaz uses non script-only wrapper, but I know that on my work, I cannot use script-only due air-gapped (no direct inet access) env. Only way out is thru proxy.

cstamas avatar Sep 01 '25 18:09 cstamas

@slawekjaranowski unsure why @hazendaz uses non script-only wrapper, but I know that on my work, I cannot use script-only due air-gapped (no direct inet access) env. Only way out is thru proxy.

script-only also support user and password for downloading Maven distribution ... maybe this should be improved

slawekjaranowski avatar Sep 01 '25 19:09 slawekjaranowski

historically that didn't exist so I'm using the original but IMO it should work regardless of the type used.

hazendaz avatar Sep 01 '25 22:09 hazendaz

For me, there's another reason to use the bin distribution type: it's more portable, as a JRE is always needed anyway. I also faced some problems with SHA validation when using script-only in the past. If I recall correctly, it used to fail under Git Bash on Windows.

jafarre-bi avatar Sep 21 '25 12:09 jafarre-bi

For me, there's another reason to use the bin distribution type: it's more portable, as a JRE is always needed anyway. I also faced some problems with SHA validation when using script-only in the past. If I recall correctly, it used to fail under Git Bash on Windows.

I find we have same issues at work with sha validation in general. Another point is that maven didn't actually flag this deprecated. Saying its deprecated in pull requests or mailing lists doesn't make it so if the code doesn't say so.

hazendaz avatar Sep 21 '25 21:09 hazendaz