gnodet opened a new issue, #12045: URL: https://github.com/apache/maven/issues/12045
## Summary `mvnup apply --plugins` fails to upgrade incompatible plugins inherited from remote parent POMs. The effective model analysis silently fails, and the error is logged at `debug` level, making it invisible to users. ## Reproduction Run `mvnup apply` on [apache/accumulo-wikisearch](https://github.com/apache/accumulo-wikisearch), which inherits `maven-enforcer-plugin:1.4.1` from `org.apache:apache:23`: ``` mvnup apply ``` ### Expected `mvnup` detects that `maven-enforcer-plugin:1.4.1` (inherited from the Apache parent POM) is incompatible with Maven 4 and adds a `<pluginManagement>` entry to override it to `3.0.0`. ### Actual `mvnup` reports `"✓ No plugin upgrades needed"` for all 4 POMs. The subsequent Maven 4 build fails with: ``` org.apache.maven.plugin.PluginContainerException: An API incompatibility was encountered while executing org.apache.maven.plugins:maven-enforcer-plugin:1.4.1:enforce: java.lang.NoSuchMethodError: 'void org.apache.maven.plugin.PluginParameterExpressionEvaluator.<init>(...)' ``` Full CI output from maven4-testing: https://github.com/gnodet/maven4-testing/issues/9514 ### mvnup output ``` → Executing strategy: Upgrading Maven plugins to recommended versions Upgrading Maven plugins to recommended versions .../project/query/pom.xml (checking for plugin upgrades) ✓ No plugin upgrades needed .../project/pom.xml (checking for plugin upgrades) ✓ No plugin upgrades needed .../project/query-war/pom.xml (checking for plugin upgrades) ✓ No plugin upgrades needed .../project/ingest/pom.xml (checking for plugin upgrades) ✓ No plugin upgrades needed ``` ## Root Cause Analysis `PluginUpgradeStrategy.doApply()` has two phases: ### Phase 2: Effective model analysis (lines ~535-573) Builds effective models via a standalone `ApiRunner` session to detect plugins inherited from remote parents. Each POM's analysis is wrapped in a try-catch that **swallows exceptions at `debug` level**: ```java // PluginUpgradeStrategy.java, line 567-568 } catch (Exception e) { context.debug("Failed to analyze effective model for " + originalPomPath + ": " + e.getMessage()); } ``` If the effective model resolution fails (e.g., can't resolve `org.apache:apache:23` from Maven Central in the standalone session), the error is silently swallowed and `pluginsNeedingManagement` comes back empty. ### Phase 3: Direct XML inspection (lines ~133-171) Only checks plugins **explicitly declared** in the POM XML documents. Since `accumulo-wikisearch` inherits `maven-enforcer-plugin:1.4.1` from its parent POM (not declared locally), this phase finds nothing. ### Standalone session issues `PluginUpgradeStrategy.createMaven4Session()` (line 438-465) creates a **separate standalone session** via `ApiRunner.createSession()`, independent from the main `mvnup` session: ```java Session session = ApiRunner.createSession(injector -> { injector.bindInstance(Dispatcher.class, new LegacyDispatcher()); injector.bindInstance(TransporterProvider.class, new DefaultTransporterProvider(Map.of( "https", new JdkTransporterFactory( new DefaultChecksumExtractor(Map.of()), new DefaultPathProcessor()), "file", new FileTransporterFactory()))); }); // TODO: we should read settings <-- line 453 RemoteRepository central = session.createRemoteRepository(...); ``` This standalone session: - Uses `DefaultChecksumExtractor(Map.of())` — no checksum extractors configured - Has a `TODO` for reading settings (line 453) - May not have proper HTTP transport configuration for all environments (CI, proxies, etc.) - Creates its own repository configuration, separate from the main mvnup session ## Impact Any project that inherits incompatible plugin versions from a **remote parent POM** (rather than declaring them locally) will not be fixed by `mvnup`. This is a very common pattern — many Apache projects inherit `maven-enforcer-plugin` from `org.apache:apache` parent POMs. Affected parent POMs include at least: - `org.apache:apache:23` — defines `maven-enforcer-plugin:1.4.1` - Other older Apache parent POM versions with similar plugin definitions ## Suggested Fixes 1. **Change `context.debug()` to `context.warning()`** at line 568, so users are aware when effective model analysis fails 2. **Use the main mvnup session** instead of creating a standalone `ApiRunner` session, or fix the standalone session's transport/resolver configuration 3. **Add tests** for the inherited-from-remote-parent case — the existing `PluginUpgradeStrategyTest` only tests locally-declared plugins ## Environment - Maven: 4.0.0-rc-5 - Java: 17.0.18 (Eclipse Adoptium) - OS: Ubuntu (GitHub Actions runner) _Claude Code on behalf of Guillaume Nodet_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
