[mojo-user] Convincing the Ounce plugin to put files in 'target'

Wed, 09 Jul 2008 12:41:09 -0700 

I need some help with the Ounce plugin.

The docs for the ounce:scan goal [1] mention:
applicationFile         String          The location of the application file 
(.paf)
to scan. Default value is ${basedir}/${project.artifactId}.paf.

I have configured:
   
<applicationFile>${project.build.directory}/${project.artifactId}</applicationFile>
then
   <applicationFile>target/${project.artifactId}.paf</applicationFile>
and finally
   <applicationFile>stuff.paf</applicationFile>.

I always get ounce-scan.paf in ${basedir} which matches the default
${basedir}]/${project.artifactId}.paf.

Similarly, it ignores my configuration for the location of the
assessment output xml file and always puts that in ${basedir}, as well
as storing a .ppf file there for which I don't see any configuration
options.

This breaks the release process because those files are not under
version control and are considered 'local changes'.

(Since the files are generated during the build, I think it should
default to them being in the target directory, but I'd settle for
being able to configure it.)

Does anyone see what's wrong, or have any other suggestions?  This
configuration came from another group internally and I'm not familiar
with the Ounce Labs tool.

The goal is to have the plugin configuration in an organization level
parent pom, probably in a profile, so that it is inherited by all
projects and scanning can be automated on the CI server.

In the parent pom:
  <build>
    <plugins>
      <plugin>
        <groupId>org.codehaus.mojo</groupId>
        <artifactId>ounce-maven-plugin</artifactId>
        <configuration>
          <installDir>/usr/local/share/Ounce_Labs</installDir>
          
<applicationFile>${project.build.directory}/${artifactId}.paf</applicationFile>
          <includeTestSources>false</includeTestSources>
          
<assessmentOutput>${project.build.directory}/${artifactId}-assessment.xml</assessmentOutput>
          <publish>false</publish>
          <waitForScan>true</waitForScan>
        </configuration>
        <executions>
          <execution>
            <id>create-ounce-project</id>
            <goals>
              <goal>project-only</goal>
              <goal>application</goal>
            </goals>
          </execution>
        </executions>
      </plugin>
...

This is used with "mvn clean install ounce:scan" on the CI server.

We're using ounce-maven-plugin version 1.0, the version is set in
pluginManagement in a parent pom.

[1] http://mojo.codehaus.org/ounce-maven-plugin/scan-mojo.html

Thanks,
-- 
Wendy

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email

Reply via email to