Git Commit Id Maven Plugin Versions Save

Maven plugin which includes build-time git repository information into an POJO / *.properties). Make your apps tell you which version exactly they were built from! Priceless in large distributed deployments... :-)

v4.0.4

3 years ago

Version 4.0.4 is finally there and includes various bug-fixes and improvements :-)

New Features / Bug-Fixes:

The main key-aspects that have been improved or being worked on are the following:

  • #531 / #532: fix a NullPointerException when session.getProjectDependencyGraph() might be null when running the plugin from eclipse
  • #523 / #534: Avoid illegal reflective access warning in JDK11
  • #539: Support Bitbucket Pipelines CI for build number and branch
  • #544: add support for author and commiter times (properties will be exposed as git.commit.author.time, git.commit.committer.time)
  • #529: update dependencies

Getting the latest release

The plugin is available from Maven Central (see here), so you don't have to configure any additional repositories to use this plugin. All you need to do is to configure it inside your project as dependency:

<dependency>
    <groupId>pl.project13.maven</groupId>
    <artifactId>git-commit-id-plugin</artifactId>
    <version>4.0.4</version>
</dependency>

Getting the latest snapshot (build automatically)

If you can't wait for the next release, you can also get the latest snapshot version from sonatype, that is being deployed automatically by travis:

<pluginRepositories>
    <pluginRepository>
        <id>sonatype-snapshots</id>
        <name>Sonatype Snapshots</name>
        <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
    </pluginRepository>
</pluginRepositories>

Even though travis will only deploy a new snapshot once all tests have finished, it is recommended to rely on the released and more stable version.

Known Issues / Limitations:

Reporting Problems

If you find any problem with this plugin, feel free to report it here

v4.0.3

3 years ago

Version 4.0.3 is finally there and includes various bug-fixes and improvements :-)

New Features / Bug-Fixes:

The main key-aspects that have been improved or being worked on are the following:

  • #525 / #524: Update JGit dependency to 5.9.0.202009080501 (which fixes java.util.concurrent.RejectedExecutionException when using JGit concurrently in the same application -- see here for further details)
  • #519 / #520: made the plugin slightly smarter in terms of stripping the password from remote git urls that contain special characters. Note that this problem still can resurface when the url does not follow rfc2396. If processing fails the plugin will continue to print an error, but will avoid exposing the url in any generated properties (similar behaviour as before)
  • #501 / #517: replace jackson-databind with lightweight javax.json to fix broken JSON format
  • #527: fix javadoc generation for java 12/13

Getting the latest release

The plugin is available from Maven Central (see here), so you don't have to configure any additional repositories to use this plugin. All you need to do is to configure it inside your project as dependency:

<dependency>
    <groupId>pl.project13.maven</groupId>
    <artifactId>git-commit-id-plugin</artifactId>
    <version>4.0.3</version>
</dependency>

Getting the latest snapshot (build automatically)

If you can't wait for the next release, you can also get the latest snapshot version from sonatype, that is being deployed automatically by travis:

<pluginRepositories>
    <pluginRepository>
        <id>sonatype-snapshots</id>
        <name>Sonatype Snapshots</name>
        <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
    </pluginRepository>
</pluginRepositories>

Even though travis will only deploy a new snapshot once all tests have finished, it is recommended to rely on the released and more stable version.

Known Issues / Limitations:

Reporting Problems

If you find any problem with this plugin, feel free to report it here

v4.0.2

3 years ago

Version 4.0.2 is finally there and includes various bug-fixes and improvements :-)

New Features / Bug-Fixes:

The main key-aspects that have been improved or being worked on are the following:

  • #469 / #511 / #512: Fix a condition where the plugin is not thread save when using injectAllReactorProjects
  • #509 / #513: Allow initial git.build.time from project.build.outputTimestamp to support reproducible builds
  • #514: Update dependencies jgit 5.8.1.202007141445-r, jackson-databind 2.11.2, joda-time 2.10.6

Getting the latest release

The plugin is available from Maven Central (see here), so you don't have to configure any additional repositories to use this plugin. All you need to do is to configure it inside your project as dependency:

<dependency>
    <groupId>pl.project13.maven</groupId>
    <artifactId>git-commit-id-plugin</artifactId>
    <version>4.0.2</version>
</dependency>

Getting the latest snapshot (build automatically)

If you can't wait for the next release, you can also get the latest snapshot version from sonatype, that is being deployed automatically by travis:

<pluginRepositories>
    <pluginRepository>
        <id>sonatype-snapshots</id>
        <name>Sonatype Snapshots</name>
        <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
    </pluginRepository>
</pluginRepositories>

Even though travis will only deploy a new snapshot once all tests have finished, it is recommended to rely on the released and more stable version.

Known Issues / Limitations:

Reporting Problems

If you find any problem with this plugin, feel free to report it here

v4.0.1

3 years ago

Version 4.0.1 is finally there and includes various bug-fixes and improvements :-)

New Features / Bug-Fixes:

The main key-aspects that have been improved or being worked on are the following:

Getting the latest release

The plugin is available from Maven Central (see here), so you don't have to configure any additional repositories to use this plugin. All you need to do is to configure it inside your project as dependency:

<dependency>
    <groupId>pl.project13.maven</groupId>
    <artifactId>git-commit-id-plugin</artifactId>
    <version>4.0.1</version>
</dependency>

Getting the latest snapshot (build automatically)

If you can't wait for the next release, you can also get the latest snapshot version from sonatype, that is being deployed automatically by travis:

<pluginRepositories>
    <pluginRepository>
        <id>sonatype-snapshots</id>
        <name>Sonatype Snapshots</name>
        <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
    </pluginRepository>
</pluginRepositories>

Even though travis will only deploy a new snapshot once all tests have finished, it is recommended to rely on the released and more stable version.

Known Issues / Limitations:

Reporting Problems

If you find any problem with this plugin, feel free to report it here

v4.0.0

4 years ago

Version 4.0.0 is finally there and includes various bug-fixes, improvements and some changes that can be considered as potential breaking changes :-)

The main key-aspects that have been improved or being worked on are the following:

Potential breaking changes:

New Features / Bug-Fixes:

<replacementProperties>
   <replacementProperty>
      <property>sonar.projectVersion</property>
      <token>^.*$</token>
      <value>${project.version}-${git.branch}</value>
      <regex>false</regex>
   </replacementProperty>
</replacementProperties>

See https://github.com/git-commit-id/maven-git-commit-id-plugin/pull/444 for further details.

Getting the latest release

The plugin is available from Maven Central (see here), so you don't have to configure any additional repositories to use this plugin. All you need to do is to configure it inside your project as dependency:

<dependency>
    <groupId>pl.project13.maven</groupId>
    <artifactId>git-commit-id-plugin</artifactId>
    <version>4.0.0</version>
</dependency>

Getting the latest snapshot (build automatically)

If you can't wait for the next release, you can also get the latest snapshot version from sonatype, that is being deployed automatically by travis:

<pluginRepositories>
    <pluginRepository>
        <id>sonatype-snapshots</id>
        <name>Sonatype Snapshots</name>
        <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
    </pluginRepository>
</pluginRepositories>

Even though travis will only deploy a new snapshot once all tests have finished, it is recommended to rely on the released and more stable version.

Known Issues / Limitations:

Reporting Problems

If you find any problem with this plugin, feel free to report it here

v3.0.1

4 years ago

Version 3.0.1 is finally there and includes various bug-fixes and improvements :-)

New Features / Bug-Fixes:

The main key-aspects that have been improved or being worked on are the following:

Getting the latest release

The plugin is available from Maven Central (see here), so you don't have to configure any additional repositories to use this plugin. All you need to do is to configure it inside your project as dependency:

<dependency>
    <groupId>pl.project13.maven</groupId>
    <artifactId>git-commit-id-plugin</artifactId>
    <version>3.0.1</version>
</dependency>

Getting the latest snapshot (build automatically)

If you can't wait for the next release, you can also get the latest snapshot version from sonatype, that is being deployed automatically by travis:

<pluginRepositories>
    <pluginRepository>
        <id>sonatype-snapshots</id>
        <name>Sonatype Snapshots</name>
        <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
    </pluginRepository>
</pluginRepositories>

Even though travis will only deploy a new snapshot once all tests have finished, it is recommended to rely on the released and more stable version.

Known Issues / Limitations:

Reporting Problems

If you find any problem with this plugin, feel free to report it here

v3.0.0

5 years ago

Version 3.0.0 is finally there and includes various bug-fixes and improvements :-)

New Features / Bug-Fixes:

The main key-aspects that have been improved or being worked on are the following:

  • Java 1.7 is no longer supported with this version and at least Java 8 is required - #346
  • Introduced a more reliable way to deal with incremental builds for eclipse IDE - #385 / #366 / #269
  • Added a new property for setting if branch name should be taken from build environment or not (e.g. set <useBranchNameFromBuildEnvironment>false</useBranchNameFromBuildEnvironment>). This behaviour might be useful in combination with the JGitflow maven plugin #393.
  • Moved the project to a new git-commit-id organization account #384
  • Fixed a problem where the plugin hangs on windows under certain conditions and when there are too many changes in the git-repo #396 / #336
  • Allow the value of an replacementProperty to be empty #400 / #389
  • Introduced the new properties git.local.branch.ahead and git.local.branch.behind that provide some information if the local branch is either ahead or behind the remote. Note that using this property will perform a git fetch operation and may have a performance impact on the overall execution of the plugin. #395
  • Instead of determine all properties and then exclude properties, this plugin will now only ask for properties that are essential (proposal from #185). For a detailed performance comparison refer to the latest benchmark. Note: For users who want to avoid the the git fetch operation performed when gathering the properties git.local.branch.ahead and git.local.branch.behind simply exclude those to avoid that step:
<excludeProperties>
  <excludeProperty>^git.local.branch.*$</excludeProperty>
</excludeProperties>
  • Cleanup readme & Introduce coveralls #380 / #401 / #405
  • The plugin tried to extract the Bamboo build variables with the wrong case #410
  • Setting evaluateOnCommit to anything besides the default HEAD resulted only in the commit-id. in case users want to evaluateOnCommit on any commit or branch that is not the default HEAD, please be advised that this plugin will run git branch --points-at that may or may not result in a git.branch property that has multiple branches that are comma separated. If evaluateOnCommit is kept as the default HEAD the git.branch property still may fallback to the commit-id. #403
  • Have travis finally automatically deploy the snapshot version of the plugin #344 (see below how to get it)
  • Setting injectAllReactorProjects to true for multi-modules project now stores the computed properties in the project context. If the properties are present in the project context this plugin will essentially reuse those properties from a previously computed version (kudus to https://github.com/git-commit-id/maven-git-commit-id-plugin/pull/411, implemented in https://github.com/git-commit-id/maven-git-commit-id-plugin/pull/414)

Getting the latest release

The plugin is available from Maven Central (see here), so you don't have to configure any additional repositories to use this plugin. All you need to do is to configure it inside your project as dependency:

<dependency>
    <groupId>pl.project13.maven</groupId>
    <artifactId>git-commit-id-plugin</artifactId>
    <version>3.0.0</version>
</dependency>

Getting the latest snapshot (build automatically)

If you can't wait for the next release, you can also get the latest snapshot version from sonatype, that is being deployed automatically by travis:

<pluginRepositories>
    <pluginRepository>
        <id>sonatype-snapshots</id>
        <name>Sonatype Snapshots</name>
        <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
    </pluginRepository>
</pluginRepositories>

Even though travis will only deploy a new snapshot once all tests have finished, it is recommended to rely on the released and more stable version.

Known Issues / Limitations:

Reporting Problems

If you find any problem with this plugin, feel free to report it here

v2.2.6

5 years ago

Version 2.2.6 is a security update for a potential issue within the jackson-databind dependency. As usual you can checkout the detailed list of bug-fixes :-)

New Features / Bug-Fixes:

The main key-aspects is a security update for a potential issue within the jackson-databind dependency. This specific dependency was updated to v2.9.8 in response to https://github.com/FasterXML/jackson-databind/issues/2186 (CVE-2018-19360, CVE-2018-19361, CVE-2018-19362). Even though by default an user of this plugin does not seem to be affected by this potential issue, it is highly recommended to adopt the latest version at your earliest convenience. Similar to version 2.2.5 this version provides full support for Java 7, Java 8, Java 9, Java 10 and Java 11 (and is potentially also working for any higher version).

Am I affected? (technical details)

The specific issues that have been fixed with the update of jackson-databind dependency are:

  • CVE-2018-19360: FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
  • CVE-2018-19361: FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
  • CVE-2018-19362: FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.

This plugin uses the jackson-databind dependency for dumping the git information (serialization) to the generated properties file and determining if the generated json properties are up-to-date (deserialization). As of now it appears that only user who generate json properties via <format>json</format> may be affected by those issues. This specific configuration is set to <format>properties</format> by default and hence by default it appears that those issues are out of scope. Only when this configuration is altered a user may need to consider the linked CVE's as potential security problem. In general I would be unsure if this ever even could be considered a true attack vector of this plugin, since the generated json file would need to contain data that would trigger this specific bug in the dependency. If an adversary has access to the content to the location where the generated file is residing, I would assume he can also modify the any local file (including project files) and hence would not need to go through the pain and exploit this problem....

Getting the latest release

The plugin is available from Maven Central (see here), so you don't have to configure any additional repositories to use this plugin. All you need to do is to configure it inside your project as dependency:

<dependency>
    <groupId>pl.project13.maven</groupId>
    <artifactId>git-commit-id-plugin</artifactId>
    <version>2.2.6</version>
</dependency>

Known Issues / Limitations:

Reporting Problems

If you find any problem with this plugin, feel free to report it here

v2.2.5

5 years ago

Version 2.2.5 is finally there and includes various bug-fixes and improvements :-)

New Features / Bug-Fixes:

The main key-aspects that have been improved or being worked on are the following:

Getting the latest release

The plugin is available from Maven Central (see here), so you don't have to configure any additional repositories to use this plugin. All you need to do is to configure it inside your project as dependency:

<dependency>
    <groupId>pl.project13.maven</groupId>
    <artifactId>git-commit-id-plugin</artifactId>
    <version>2.2.5</version>
</dependency>

Known Issues / Limitations:

Reporting Problems

If you find any problem with this plugin, feel free to report it here

v2.2.4

6 years ago

Version 2.2.4 is finally there and includes various bug-fixes and improvements :-)

New Features / Bug-Fixes:

The main key-aspects that have been improved or being worked on are the following:

  • Fixing an issue where -Dmaven.gitcommitid.skip=true does not skip the plugin execution when the configuration in the POM includes a <skip>false</skip> - https://github.com/ktoso/maven-git-commit-id-plugin/issues/315
  • Support for all Maven 3.X versions - https://github.com/ktoso/maven-git-commit-id-plugin/issues/316
  • The runningOnBuildServer check for detecting the branch name on Jenkins / Hudson is now using 'HUDSON_HOME' and 'JENKINS_HOME' as well - https://github.com/ktoso/maven-git-commit-id-plugin/issues/326
  • The in-built replacement of properties (only for properties generated by the plugin) now can also change the casing of the properties that the user wants to replace (e.g. lower case VS upper case). This behaviour can be achieved by defining a list of transformationRules for the property where those rules should take effect. Each transformationRule consist of two required fields apply and action. The apply-tag controls when the rule should be applied and can be set to BEFORE to have the rule being applied before or it can be set to AFTER to have the rule being applied after the replacement. The action-tag determines the string conversion rule that should be applied. Currenlty supported is LOWER_CASE and UPPER_CASE. Potential candidates in the feature are CAPITALIZATION and INVERT_CASE (open a ticket if you need them...).
<replacementProperties>
  <!-- example: apply replacement only to the specific property git.branch and replace '/' with '-' -->
  <replacementProperty>
    <property>git.branch</property>
    <!-- will not overwrite the existing property and generate a new `git.branch.something` -->
    <propertyOutputSuffix>something</propertyOutputSuffix>
    <token>^([^\/]*)\/([^\/]*)$</token>
    <value>$1-$2</value>
    <regex>true</regex>
    <transformationRules>
      <transformationRule>
        <apply>BEFORE</apply>
        <action>UPPER_CASE</action>
      </transformationRule>
      <transformationRule>
        <apply>AFTER</apply>
        <action>LOWER_CASE</action>
      </transformationRule>
    </transformationRules>
  </replacementProperty>
</replacementProperties>

See https://github.com/ktoso/maven-git-commit-id-plugin/issues/317 for more details on a use-case.

<gitDescribe>
<tags>true</tags>
</gitDescribe>

will cause that lightweight tags are also included for the closest tags

Also the pattern used inside the gitDescribe might have an impact on the resulting git.closest.tag.name and git.closest.tag.count

  • this project now has an Issue Template that is being used for every new issue by default - https://github.com/ktoso/maven-git-commit-id-plugin/issues/337
  • Under certain conditions the JGit implementation yielded wrong results inside the exposed git.tags property (basically it wasn't reporting all tags of a given commit) - https://github.com/ktoso/maven-git-commit-id-plugin/issues/339
  • A new option to allow to tell the plugin what commit should be used as reference to generate the properties from (https://github.com/ktoso/maven-git-commit-id-plugin/issues/338). By default this property is simply set to HEAD which should reference to the latest commit in your repository. In general this property can be set to something generic like HEAD^1 or point to a branch or tag-name. To support any kind or use-case this configuration can also be set to an entire commit-hash or it's abbreviated version. Please note that for security purposes not all references might be allowed as configuration. The configuration can be used in the following:
<evaluateOnCommit>HEAD</evaluateOnCommit>

Getting the latest release

The plugin is available from Maven Central (see here), so you don't have to configure any additional repositories to use this plugin. All you need to do is to configure it inside your project as dependency:

<dependency>
    <groupId>pl.project13.maven</groupId>
    <artifactId>git-commit-id-plugin</artifactId>
    <version>2.2.4</version>
</dependency>

Known Issues / Limitations:

Reporting Problems

If you find any problem with this plugin, feel free to report it here