This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/struts-site.git
The following commit(s) were added to refs/heads/main by this push:
new a9c78aed7 ci: skip OWASP dependency-check report in javadocs site
build (#312)
a9c78aed7 is described below
commit a9c78aed7a8546bd697840d3a69b8cf98d02ae4d
Author: Lukasz Lenart <[email protected]>
AuthorDate: Wed Jul 1 12:12:30 2026 +0200
ci: skip OWASP dependency-check report in javadocs site build (#312)
The site:site aggregate report ran dependency-check-maven, which downloads
the full NVD CVE database (~360k records) with no API key and blew the
90-minute timeout (build ABORTED at ~17%). The OWASP report is not needed
for the published Maven site, so skip it with -Ddependency-check.skip=true.
Co-authored-by: Claude Opus 4.8 <[email protected]>
---
Jenkinsfile.javadocs | 5 ++++-
docs/superpowers/plans/2026-07-01-jenkins-javadocs-pipeline.md | 4 +++-
.../superpowers/specs/2026-07-01-jenkins-javadocs-pipeline-design.md | 4 +++-
3 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/Jenkinsfile.javadocs b/Jenkinsfile.javadocs
index e79c6c263..061b36f1f 100644
--- a/Jenkinsfile.javadocs
+++ b/Jenkinsfile.javadocs
@@ -40,7 +40,10 @@ pipeline {
fi
mvn -B -V clean install -DskipTests
- mvn -B -V site:site site:stage
+ # Skip the OWASP dependency-check report: its aggregate goal
downloads the
+ # full NVD CVE database (~360k records) with no API key, blowing the
timeout.
+ # Not needed for the published Maven site.
+ mvn -B -V site:site site:stage -Ddependency-check.skip=true
'''
}
}
diff --git a/docs/superpowers/plans/2026-07-01-jenkins-javadocs-pipeline.md
b/docs/superpowers/plans/2026-07-01-jenkins-javadocs-pipeline.md
index 607608ba1..2cc3b814a 100644
--- a/docs/superpowers/plans/2026-07-01-jenkins-javadocs-pipeline.md
+++ b/docs/superpowers/plans/2026-07-01-jenkins-javadocs-pipeline.md
@@ -80,7 +80,9 @@ pipeline {
fi
mvn -B -V clean install -DskipTests
- mvn -B -V site:site site:stage
+ # Skip the OWASP dependency-check report: its aggregate goal
downloads the
+ # full NVD CVE database (~360k records) with no API key, blowing the
timeout.
+ mvn -B -V site:site site:stage -Ddependency-check.skip=true
'''
}
}
diff --git
a/docs/superpowers/specs/2026-07-01-jenkins-javadocs-pipeline-design.md
b/docs/superpowers/specs/2026-07-01-jenkins-javadocs-pipeline-design.md
index d00d834d9..f12079499 100644
--- a/docs/superpowers/specs/2026-07-01-jenkins-javadocs-pipeline-design.md
+++ b/docs/superpowers/specs/2026-07-01-jenkins-javadocs-pipeline-design.md
@@ -92,7 +92,9 @@ pollutes the site repo:
- clone `https://gitbox.apache.org/repos/asf/struts.git` into `target/struts`
- checkout: if `STRUTS_TAG == main` → `git checkout main`, else `git checkout
"tags/${STRUTS_TAG}"`
- `mvn -B -V clean install -DskipTests`
-- `mvn -B -V site:site site:stage`
+- `mvn -B -V site:site site:stage -Ddependency-check.skip=true` (the OWASP
+ dependency-check report is skipped: its aggregate goal downloads the full
NVD CVE
+ database with no API key and blows the build timeout; it is not needed for
the site)
**Stage 2 — Publish to source/maven**