Support Maven 4 by setting maven.mainClass to MavenCling

[hazendaz]

Maven 4 changed how it works, as a result maven wrapper has been broken for a while. You can see a working usage of this change here https://github.com/spotbugs/spotbugs-maven-plugin/actions/runs/17228298032. If unable to see, see the github job here that customized updating wrapper to run on maven 4 here https://github.com/spotbugs/spotbugs-maven-plugin/blob/master/.github/workflows/it-maven-4.0.0.yaml by skipping the update to maven 4 and adjusting the wrapper to simply run maven 4 which is addressed by the changes here.

[kwin]

This is no longer necessary with the upcoming Maven 4 version: apache/maven@f77fe3c

[slawekjaranowski]

And it is deprecated with only-script which is default should be works

[hazendaz]

Hi @kwin, I'm glad to see maven core is fixed. However, is there harm in having this as it does nothing and even works still with maven 3? That at least allows the broken releases to proceed to working state. I have to keep using this patch for anything I'm testing with maven 4 currently as that fix is not released. At work I already scaled that out and protect on top so its not a concern for me there but could see people trying to use various beta / rc versions of maven to check for other issues and they will run into this problem. Maybe a comment added that its to fix specifically the few versions affected would be a compromise. I'm fine either way though as I'm not impacted at this point for my needs.

Affected versions are: beta-5 to rc-4

[slawekjaranowski]

@hazendaz why do you not use a script-only type of wrapper?

[cstamas]

@slawekjaranowski unsure why @hazendaz uses non script-only wrapper, but I know that on my work, I cannot use script-only due air-gapped (no direct inet access) env. Only way out is thru proxy.

[slawekjaranowski]

@slawekjaranowski unsure why @hazendaz uses non script-only wrapper, but I know that on my work, I cannot use script-only due air-gapped (no direct inet access) env. Only way out is thru proxy.

script-only also support user and password for downloading Maven distribution ... maybe this should be improved

[hazendaz]

historically that didn't exist so I'm using the original but IMO it should work regardless of the type used.

[jafarre-bi]

For me, there's another reason to use the bin distribution type: it's more portable, as a JRE is always needed anyway. I also faced some problems with SHA validation when using script-only in the past. If I recall correctly, it used to fail under Git Bash on Windows.

[hazendaz]

For me, there's another reason to use the bin distribution type: it's more portable, as a JRE is always needed anyway. I also faced some problems with SHA validation when using script-only in the past. If I recall correctly, it used to fail under Git Bash on Windows.

I find we have same issues at work with sha validation in general. Another point is that maven didn't actually flag this deprecated. Saying its deprecated in pull requests or mailing lists doesn't make it so if the code doesn't say so.