I'm in a situation now where we've moved many projects to a Docker-in-Docker build and use multi-stage Dockerfiles, starting from a custom base image with Maven to build our projects then copy the artifacts to a deployable image. We've written our Dockerfiles using an initial dependency:go-offline step after copying POMs only, in order to cache the layer with the dependencies to try to keep build times down as much as possible when starting from empty images.
The problem is we've just tripped on https://issues.apache.org/jira/browse/MDEP-204 which is a pretty old bug that has since been solved in more recent versions of the maven-dependency-plugin. However, Maven seems to default to a pretty old one.
FIRST, I thought for a moment that I could use a plugin-registry.xml file in our base image to force Maven to default to a newer version, but it seems the feature has been deprecated and I'm not having any luck finding if it was replaced by anything else.
THEN, I thought about trying to be really weird and sneaky and seeing if I could modify the Super-POM somehow to change the default version of the plugin, but that doesn't work. The version in the Super-POM is different than what Maven is defaulting to, and what's more is different projects are defaulting to different versions of the plugin and none of them are specifying that in their POMs. Is there some way like help:effective-pom or a plugin-aware version of dependency:tree that could tell me why some projects are picking certain versions?
I need Maven to reliably use the right version of the plugin when executing go-offline but I'm not sure where I can control it other than directly in the command, but I'd like to avoid having to modify each individual Dockerfile.
Is there still a global mechanism I can build into the Builder image to upgrade the plugin for every project at once, and how do I use it? Or am I just out of luck?