Maven multi-module support for Dependency Scanning is failing when there are internal dependencies between modules
Summary
Maven multi-module support for Dependency Scanning has been implemented with https://gitlab.com/gitlab-org/gitlab-ee/issues/6425 but it seems that it is still failing.
Steps to reproduce
- Create a multi-module Maven project with two modules.
- Add dependency between the two modules,
- Enable Dependency Scanning in
.gitlab-ci.yml
Example Project
https://gitlab.com/dansiviter/multi-module-failure
What is the current bug behavior?
if a sub-module has a dependency with another sub-module sibling it can't resolve it causing it to attempt to download from the Maven Central repo.
What is the expected correct behavior?
The sibling dependency should be available in the local Maven repo permitting the build to continue.
Relevant logs and/or screenshots
[WARNING] The POM for acme:module1:jar:0.0.1-SNAPSHOT is missing, no dependency information available
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1.723 s
[INFO] Finished at: 2018-06-13T21:13:31Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal on project module2: Could not resolve dependencies for project acme:module2:jar:0.0.1-SNAPSHOT: Could not find artifact acme:module1:jar:0.0.1-SNAPSHOT -> [Help 1]
See linked pipeline for example: https://gitlab.com/dansiviter/multi-module-failure/pipelines/24685295
Output of checks
This bug happens on GitLab.com
Possible fixes
Run mvn install
prior to running gemnasium-maven-plugin
to make sure all dependent modules are pre-built.
Edited by Olivier Gonzalez