This is the 4th post about using Java in Gitpod.
It assumes you have already read the first, second, and third posts.
Let’s now use the POM editor to update the version of JUnit (the Maven archetype is based on an old version of JUnit). When we open the “pom.xml” in the editor, we get a pop-up suggesting installing another extension for analyzing dependencies.
Let’s accept that, as done before, without synching. After the extension is installed, we can visit the corresponding entry in the extensions tab, and, as done before, we use the gear icon to add the extension to our “.gitpod.yml”.
We can then click on the bottom status bar’s button corresponding to the extension (see the one in the left corner in the screenshot) to have an analysis report:
Once it’s finished, we can look at the report. For this simple example, we don’t have any vulnerabilities in our dependencies:
Let’s go back to editing the “pom.xml”; by using the code completion, we can select the newer version of JUnit 4:
Let’s select the latest version (at the time of writing, it is 4.13.2) and let the Java LSP rebuild the project. When we update a dependency in the POM, the analyzer seen above automatically performs another analysis (you can see the feedback in the bottom status bar).
Let’s now explore the “Maven” outline:
We can run lifecycle phases (“compile” in the screenshot above) or single plug-in goals (something I don’t find in the Eclipse Maven support). We can also see the dependencies and their transitive dependencies (“hamcrest” is a transitive dependency of JUnit).
The “Dependencies” entry provides a “+” icon to add a dependency by using the UI. A pop-up will appear where you type a part of the dependency, press ENTER, and see some completions. For example, for log4j:
Upon selection, the POM will be updated. We intentionally selected an old version of LOG4J with a known vulnerability issue to show that the Dependency Analyzer we previously installed detects that:
We can undo the modification we made only for demonstration or use a recent version of log4j (version 2).
We can also create new “Favorites” commands (by pressing the “+” it appears when hovering on “Favorites”). This will open a pop-up for letting us insert a Maven command we want to run often.
For example, let’s insert “package -DskipTests=true”. The favorite will be saved into the Git repository in the file “.vscode/settings.json”. We can also manually tweak it, giving it an alias, e.g., “Create JAR without running tests” (note that we can use content assist in the JSON file):
Now, we have the favorite with the given alias that we can run by using the corresponding triangle:
Speaking of language support for the “settings.json” file, I prefer to disable “autosave”, especially with LSP running in the background, which will continuously ask to synchronize the Java project each time you start modifying the POM. Using the content assist, it is easy to find the corresponding entry and disable autosave:
Stay tuned for the fifth part!