fix(manifest): copy sbt-generated poms out of target/ (REA-437)#1311
Open
Jeppe Fredsgaard Blaabjerg (jfblaa) wants to merge 3 commits into
Open
Conversation
`socket manifest scala` runs `sbt makePom`, which writes poms into each subproject's `target/scala-X.Y/` dir. That path is gitignored in standard SBT projects, so downstream SBOM/scan steps that respect `.gitignore` never see the generated manifests. After sbt finishes, walk up from each reported `Wrote <path>.pom` to its `target/` ancestor and copy the pom to `<projectRoot>/socket.pom.xml` (or `<basename(--out)>`). Single-pom case with an explicit path `--out` still honors the exact path; stdout mode unchanged. Mirrors what `init.gradle` already does on the gradle path, just from Node since sbt has no direct analogue of `gradle --init-script`. Also tightens the success output to one list of destinations to match the gradle command's verbosity.
Jeppe Fredsgaard Blaabjerg (jfblaa)
requested review from
John-David Dalton (jdalton) and
Martin Torp (mtorp)
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is ON. A cloud agent has been kicked off to fix the reported issue.
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit acd6d30. Configure here.
Jeppe Fredsgaard Blaabjerg (jfblaa)
requested a review
from Benjamin Barslev Nielsen (barslev)
Replaces the ad-hoc `(e as Error).message` cast in the pom-copy catch block with `getErrorCause(e)` from `utils/errors.mts`, matching the project's existing convention. Addresses cursor bugbot review on #1311.
Martin Torp (mtorp)
approved these changes
May 12, 2026
Contributor
Martin Torp (mtorp)
left a comment
Martin Torp (mtorp)
left a comment
There was a problem hiding this comment.
Requesting an update to the changelog. Otherwise, looks good ✅
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
socket manifest scalaransbt makePombut left every generated pom inside each subproject'starget/scala-X.Y/dir, which is gitignored in standard SBT projects — so downstream SBOM/scan steps that respect.gitignoreskipped all of them.<projectRoot>/socket.pom.xml(or<basename(--out)>) by walking up to the nearesttarget/ancestor. Mirrors whatinit.gradlealready does on the gradle path, just from Node.Linear: REA-437
Test plan
socket manifest scala .on a multi-module sbt project (e.g. circe); confirm asocket.pom.xmllands next to each subproject'starget/and that none of the destinations sit inside atarget/dir.--out=./custom.pom.xmlwrites to that exact path.--stdout/socket manifest scala --stdout .behavior unchanged.socket scan createafter the manifest step now picks up the generated scala manifests.Note
Medium Risk
Moderate risk: changes filesystem output locations for
socket manifest scalaby copying generated POMs out oftarget/, which could affect downstream tooling and user expectations around--outin multi-module projects.Overview
socket manifest scalanow copies sbt-generated.pomfiles out of each module’s gitignoredtarget/directory into the project root (using the--outbasename, or honoring the full--outpath when only one POM is produced), and reports the copied destinations.Adds a
target/-ancestor search helper and switches from “generated” logging to listing the exported copy locations; package version is bumped to1.1.94.Reviewed by Cursor Bugbot for commit acd6d30. Configure here.