Why can <dependencies> for a <plugin> only be defined within the <build> section, and not the <reporting> section of the pom?
pom.xml syntax disallow <dependencies> in <reporting>?
<reporting> and set the dependency version too?<build> dependency information get used by the plugin in the <reporting> section?The documentation I have found, I explain below why it didn't answer the question (the confusion from the docs is actually why I'm asking this question here!).
From what I've read, observed, and tried, here is my current understanding:
Plugins in the
<build>section of the script can override default dependency information, and that will affect the dependencies of the plugin in the<reporting>section. Therefore, plugin dependency information does not need to be in the<reporting>section, only the<build>section.
Is this correct? Is there a spot in the docs which clarifies this? What details am I missing in order to correctly understand the relationship between <build> and <reporting> plugin configuration for <dependencies>?
It says on the Maven documentation Using the Reporting vs the Build Tag:
Using the
<reporting>Tag VS<build>Tag
Configuring a reporting plugin in the<reporting>or<build>elements in the pom does NOT have the same behavior!
mvn site
It uses only the parameters defined in the<configuration>element of each reporting Plugin specified in the<reporting>element, i.e. site always ignores the parameters defined in the<configuration>element of each plugin specified in<build>.
The documentation explicitly says <configuration> is not shared between <build> and <reporting>, but
my question is about <dependencies> and how/why they only get declared in <build> and never <reporting>.
It seems as if dependencies specified in <build> do carry over to <reporting> plugins. But this is a point I'd like confirmation/explanation for.
I encountered this question upgrading the dependencies for the CheckStyle plugin at runtime for use with mvn site, so this minimal example POM is demonstrating the issue with the Checkstyle plugin as the example.
<?xml version="1.0" encoding="UTF-8"?>
<project>
<modelVersion>4.0.0</modelVersion>
<groupId>com.example</groupId>
<artifactId>mylib</artifactId>
<version>1.0</version>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
<version>3.0.0</version>
<dependencies>
<dependency>
<groupId>com.puppycrawl.tools</groupId>
<artifactId>checkstyle</artifactId>
<version>8.15</version> <!-- Update from default 6.18 to 8.15 -->
</dependency>
</dependencies>
</plugin>
</plugins>
</build>
<reporting>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
<version>3.0.0</version>
<!-- Uncommenting will cause syntax error, Dependencies can't be declared in reporting -->
<!-- <dependencies>
<dependency>
<groupId>com.puppycrawl.tools</groupId>
<artifactId>checkstyle</artifactId>
<version>8.15</version>
</dependency>
</dependencies> -->
</plugin>
</plugins>
</reporting>
</project>
I would say the situation is not so simple here - because <dependencies> are possible in the <reporting> section!
I think the point is the plugin itself (so it might be different for each plugin).
But at first whats the difference between <build> and <reporting>:
<build> is used during compiling, testing - i.e. during generating/analyzing/running code - like with mvn clean install
<reporting> is used during generating documentation with mvn site
So the question is does the checkstyle plugin require your dependency during the documentation generation - I guess not - so checkstyle refuses all dependencies in <reporting>.
So to prove that dependencies within reporting are possible please have a look at spotbugs (another famous analyzer):
<build>
<plugins>
<plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<version>3.1.12.1</version>
<configuration>
<xmlOutput>true</xmlOutput>
<spotbugsXmlWithMessages>true</spotbugsXmlWithMessages>
<spotbugsXmlOutputDirectory>target/site</spotbugsXmlOutputDirectory>
<failOnError>false</failOnError>
<includeTests>true</includeTests>
<dependencies>
<dependency>
<groupId>com.mebigfatguy.fb-contrib</groupId>
<artifactId>fb-contrib</artifactId>
<version>7.4.3.sb</version>
</dependency>
<plugin>
<groupId>com.h3xstream.findsecbugs</groupId>
<artifactId>findsecbugs-plugin</artifactId>
<version>LATEST</version>
</plugin>
</dependencies>
</configuration>
</plugin>
</plugins>
</build>
<reporting>
<plugins>
<plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<version>3.1.12.1</version>
<configuration>
<xmlOutput>true</xmlOutput>
<spotbugsXmlWithMessages>true</spotbugsXmlWithMessages>
<spotbugsXmlOutputDirectory>target/site</spotbugsXmlOutputDirectory>
<failOnError>false</failOnError>
<includeTests>true</includeTests>
<dependencies>
<dependency>
<groupId>com.mebigfatguy.fb-contrib</groupId>
<artifactId>fb-contrib</artifactId>
<version>7.4.3.sb</version>
</dependency>
<plugin>
<groupId>com.h3xstream.findsecbugs</groupId>
<artifactId>findsecbugs-plugin</artifactId>
<version>LATEST</version>
</plugin>
</dependencies>
</configuration>
</plugin>
</plugins>
</reporting>
Please have an eye on this example - because here the <dependencies> are part of the <configuration>. So it is always wise to read the documentation of each plugin carefully.
For a complete maven pom.xml please have a look at my small OpenSource TemplateEngine which includes a lot of best practices not only for maven.