Skip to content

If you cannot use GitHub Dependabot for whatever reason, here is a Maven profile which works like a Dependabot clone to help you accomplish the same goal: keep your pom.xml dependencies always up-to-date

License

Notifications You must be signed in to change notification settings

remisbaima/dependabot-clone-with-maven

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 

Repository files navigation

dependabot-clone-with-maven

If you cannot use GitHub Dependabot for whatever reason, here is a Maven profile which works like a Dependabot clone to help you accomplish the same goal: keep your pom.xml dependencies always up-to-date

Quick start guide

1. Add profile below to the <profiles> section of your pom.xml

    <profile>
      <id>update-pom</id>
      <build>
        <plugins>
          <plugin>
            <groupId>org.codehaus.mojo</groupId>
            <artifactId>exec-maven-plugin</artifactId>
            <version>3.0.0</version>
            <executions>
              <execution>
                <id>update-pom</id>
                <!-- bind to validate phase to update pom.xml asap -->
                <phase>validate</phase>
                <goals>
                  <goal>exec</goal>
                </goals>
                <configuration>
                  <executable>mvn</executable>
                  <!-- IMPORTANT: plugins can only be updated if their versions are managed using properties -->
                  <commandlineArgs>versions:update-parent versions:update-properties versions:use-latest-releases</commandlineArgs>
                </configuration>
              </execution>
              <execution>
                <id>commit-pom</id>
                <phase>validate</phase>
                <goals>
                  <goal>exec</goal>
                </goals>
                <configuration>
                  <executable>git</executable>
                  <!-- IMPORTANT: you can customize the commit message -->
                  <commandlineArgs>commit -am "bump pom.xml versions"</commandlineArgs>
                  <!-- avoids build break when there is no update -->
                  <successCodes>0,1</successCodes>
                </configuration>
              </execution>
              <execution>
                <id>push-pom</id>
                <phase>validate</phase>
                <goals>
                  <goal>exec</goal>
                </goals>
                <configuration>
                  <executable>git</executable>
                  <commandlineArgs>push</commandlineArgs>
                </configuration>
              </execution>
            </executions>
          </plugin>
        </plugins>
      </build>
    </profile>

2. Run Maven

mvn clean compile -Pupdate-pom

Tips

  • You can setup your CICD pipeline to build using this profile whenever e.g. a feature branch is created
  • You can also add "Optional Parameters" like -DallowMajorUpdates=false to the commandlineArgs in the pom.xml e.g.:
...
<commandlineArgs>versions:update-parent versions:update-properties versions:use-latest-releases -DallowMajorUpdates=false</commandlineArgs>
...

License

Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the LICENSE file for the full license.

To contribute

Just create a PR :-)

Useful resources:

About

If you cannot use GitHub Dependabot for whatever reason, here is a Maven profile which works like a Dependabot clone to help you accomplish the same goal: keep your pom.xml dependencies always up-to-date

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published