112-java-maven-plugins
npx machina-cli add skill jabrena/cursor-rules-java/112-java-maven-plugins --openclawMaven Plugins: pom.xml Configuration Best Practices
Configure Maven plugins and profiles in pom.xml using a structured, question-driven process that preserves existing configuration.
Core areas: Existing configuration analysis and preservation, Maven Wrapper verification, project assessment questions (project nature, Java version, build and quality aspects), properties configuration, Maven Enforcer, Surefire, Failsafe, HTML test reports, JaCoCo coverage, PiTest mutation testing, OWASP security scanning, SpotBugs/PMD static analysis, SonarQube/SonarCloud, Spotless code formatting, Versions plugin, Git Commit ID, Flatten plugin, JMH benchmarking, Maven Compiler, and cyclomatic complexity analysis.
Prerequisites: Run ./mvnw validate or mvn validate before applying any plugin recommendations. If validation fails, stop and ask the user to fix issues — do not proceed until resolved.
Multi-step scope: Begin with Step 1 (existing configuration analysis) before any changes. Ask project assessment questions one-by-one in Step 3, then execute only the plugin steps relevant to user selections. Never remove or replace existing plugins; only add new ones that do not conflict.
Before applying changes: Read the reference for detailed plugin configurations, XML templates, and constraints for each step.
Reference
For detailed guidance, examples, and constraints, see references/112-java-maven-plugins.md.
Source
git clone https://github.com/jabrena/cursor-rules-java/blob/main/skills/112-java-maven-plugins/SKILL.mdView on GitHub Overview
This skill guides you to add and configure Maven plugins in pom.xml in a structured, non-destructive way. It covers quality tools (Enforcer, Surefire, Failsafe, JaCoCo, Pitest, SpotBugs, PMD), security scanning, formatting, version management, build information tracking, and benchmarking (JMH) using a consultative, step-by-step approach that only adds what you actually need.
How This Skill Works
It begins by validating the existing pom.xml with mvn validate, then analyzes the current configuration to identify gaps. Through a series of project assessment questions, it determines exactly which plugins are required and adds only non-conflicting configurations, preserving existing setup and avoiding removals.
When to Use It
- You want to introduce quality tools (Enforcer, Surefire, Failsafe, JaCoCo, Pitest, SpotBugs, PMD) without disrupting current configuration.
- You need security scanning (OWASP) integrated into the Maven workflow.
- You want automatic code formatting (Spotless) and stable version management via the Versions plugin.
- You require build information tracking or Git commit ID integration for releases.
- You plan to add benchmarking (JMH) or cyclomatic complexity analysis without breaking existing plugins.
Quick Start
- Step 1: Run mvn validate to assess current pom.xml and catch issues early.
- Step 2: Review your project goals and answer the Step 3 questions to identify needed plugin areas.
- Step 3: Add only the required plugins that do not conflict with existing configuration and test thoroughly.
Best Practices
- Start with the Step 1 existing configuration analysis before making any changes.
- Run mvn validate (or ./mvnw validate) and stop if validation fails.
- Never remove or replace existing plugins; only add new ones that do not conflict.
- Consult the reference guidelines and templates for each plugin configuration.
- After additions, run a full build and review reports to verify integration.
Example Use Cases
- A Java project gradually adds JaCoCo, Surefire, and SpotBugs to strengthen test coverage and static analysis.
- A project integrates OWASP dependency-check for security scanning alongside existing plugins.
- Spotless is introduced to enforce consistent code formatting while preserving current plugin setup.
- Versions plugin and Git Commit ID are added to enable reliable version management and release tracing.
- JMH benchmarking is added to measure performance without altering core builds.
