Fix how ossindex plugin is called

Related to dadoonet#572
catchsiva · Jul 28, 2018 · 7702ff1 · 7702ff1
1 parent b9b9783
commit 7702ff1
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 21 deletions.
diff --git a/docs/source/dev/build.rst b/docs/source/dev/build.rst
@@ -23,13 +23,13 @@ Run tests with an external cluster
 
 To run the test suite against an elasticsearch instance running locally, just run::
 
-    mvn check
+    mvn verify
 
 .. tip::
 
     If you don't want to rebuild everything (ie. you just touch test classes), run::
 
-        mvn -pl fr.pilato.elasticsearch.crawler:fscrawler-it check
+        mvn -pl fr.pilato.elasticsearch.crawler:fscrawler-it verify
 
 If elasticsearch is not running yet on ``http://localhost:9200``, FSCrawler project will run a Docker instance before
 the tests start.
@@ -38,7 +38,7 @@ the tests start.
 
     If you are using a secured instance, use ``tests.cluster.user``, ``tests.cluster.pass`` and ``tests.cluster.scheme``::
 
-        mvn check \
+        mvn verify \
             -Dtests.cluster.user=elastic \
             -Dtests.cluster.pass=changeme \
             -Dtests.cluster.scheme=HTTPS \
@@ -50,7 +50,7 @@ the tests start.
     you can also use ``tests.cluster.host`` and ``tests.cluster.port`` to set where elasticsearch
     is running::
 
-        mvn check \
+        mvn verify \
             -Dtests.cluster.user=elastic \
             -Dtests.cluster.pass=changeme \
             -Dtests.cluster.scheme=HTTPS \
@@ -61,15 +61,15 @@ Check for vulnerabilities (CVE)
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 The project is using `OSS Sonatype service <https://ossindex.sonatype.org/>`_ to check for known
-vulnerabilities. This is ran during the `check` phase.
+vulnerabilities. This is ran during the ``verify`` phase.
 
 Sonatype provides this service but with a anonymous account, you might be limited
 by the number of tests you can run during a given period.
 
 If you have an existing account, you can use it to bypass this limit for anonymous users by
 setting ``sonatype.username`` and ``sonatype.password``::
 
-        mvn check -DskipTests \
+        mvn verify -DskipTests \
             [email protected] \
             -Dsonatype.password=yourverysecuredpassword
 
diff --git a/pom.xml b/pom.xml
@@ -314,14 +314,6 @@
                             </goals>
                         </execution>
                     </executions>
-                    <configuration>
-                        <clientConfiguration>
-                            <authConfiguration>
-                                <username>${env.SONATYPE_USER}</username>
-                                <password>${env.SONATYPE_PASS}</password>
-                            </authConfiguration>
-                        </clientConfiguration>
-                    </configuration>
                 </plugin>
                 <plugin>
                     <groupId>org.sonatype.plugins</groupId>
@@ -362,13 +354,6 @@
                 </plugin>
             </plugins>
         </pluginManagement>
-        <plugins>
-            <!-- For each module, we automatically check for vulnerabilities -->
-            <plugin>
-                <groupId>org.sonatype.ossindex.maven</groupId>
-                <artifactId>ossindex-maven-plugin</artifactId>
-            </plugin>
-        </plugins>
     </build>
 
     <dependencyManagement>
@@ -732,6 +717,48 @@
                 <integ.elasticsearch.version>5.6.5</integ.elasticsearch.version>
             </properties>
         </profile>
+        <profile>
+            <id>check_cve_anonymous</id>
+            <activation>
+                <property>
+                    <name>!sonatype.username</name>
+                </property>
+            </activation>
+            <build>
+                <plugins>
+                    <!-- For each module, we automatically check for vulnerabilities -->
+                    <plugin>
+                        <groupId>org.sonatype.ossindex.maven</groupId>
+                        <artifactId>ossindex-maven-plugin</artifactId>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+        <profile>
+            <id>check_cve_auth</id>
+            <activation>
+                <property>
+                    <name>sonatype.username</name>
+                </property>
+            </activation>
+            <build>
+                <plugins>
+                    <!-- For each module, we automatically check for vulnerabilities -->
+                    <plugin>
+                        <groupId>org.sonatype.ossindex.maven</groupId>
+                        <artifactId>ossindex-maven-plugin</artifactId>
+                        <configuration>
+                            <clientConfiguration>
+                                <authConfiguration>
+                                    <username>${sonatype.username}</username>
+                                    <password>${sonatype.password}</password>
+                                </authConfiguration>
+                            </clientConfiguration>
+                        </configuration>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
         <profile>
             <id>release</id>
             <build>