[jira] [Comment Edited] (MGPG-85) Regression in maven-metadata for SNAPSHOTs between 1.6 and 3.0.1
[
https://issues.apache.org/jira/browse/MGPG-85?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17531064#comment-17531064
]
Christian DIetrich edited comment on MGPG-85 at 5/3/22 6:59 AM:
is this a nexus issue then? gradle says they dont have a spec and think they do
it correct
does MGPG use other plugins to do the actual deploy?
was (Author: JIRAUSER288910):
is this a nexus issue then? gradle says they dont have a spec and think they do
it correct
> Regression in maven-metadata for SNAPSHOTs between 1.6 and 3.0.1
>
>
> Key: MGPG-85
> URL: https://issues.apache.org/jira/browse/MGPG-85
> Project: Maven GPG Plugin
> Issue Type: Bug
>Affects Versions: 3.0.1
>Reporter: Jonah Graham
>Priority: Major
>
> Hello, on the Eclipse LSP4J project we use gpg:sign-and-deploy-file to upload
> files to Nexus snapshots. As we didn't specify version number when 3.0.1 was
> released last year we started using it automatically instead of 1.6 which we
> had been using previously.
> In 3.0.1 the buildNumber of multiple files uploaded together are different,
> e.g. you get a maven-metadata that looks like this:
>
> {code:java}
>
>
> org.eclipse.lsp4j
> org.eclipse.lsp4j
>
> 20220429053938
>
> 20220429.053938
> 94
>
>
>
> javadoc
> jar
> 0.13.0-20220429.053938-94
> 20220429053938
>
>
> sources
> jar
> 0.13.0-20220429.053938-93
> 20220429053938
>
>
> jar
> 0.13.0-20220429.053938-92
> 20220429053938
>
>
> pom
> 0.13.0-20220429.053938-92
> 20220429053938
>
>
>
> 0.13.0-SNAPSHOT
> {code}
> Note above how the snapshotVersions have -92, -93 and -94 for the different
> classifiers. This is (I believe) a bug, and a regression (or at least change
> in behaviour) since 1.6. In 1.6 we get this:
> {code:java}
>
>
> org.eclipse.lsp4j
> org.eclipse.lsp4j
>
> 20220502160227
>
> 20220502.160227
> 105
>
>
>
> jar
> 0.13.0-20220502.160227-105
> 20220502160227
>
>
> pom
> 0.13.0-20220502.160227-105
> 20220502160227
>
>
> javadoc
> jar
> 0.13.0-20220502.160227-105
> 20220502160227
>
>
> sources
> jar
> 0.13.0-20220502.160227-105
> 20220502160227
>
>
>
> 0.13.0-SNAPSHOT
>
> {code}
> Where all the parts are -105.
> This issue causes a concrete problem as gradle cannot consume such snapshots
> - see [https://github.com/gradle/gradle/issues/20605]
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[GitHub] [maven-release] michael-o commented on a diff in pull request #118: Catch up
michael-o commented on code in PR #118:
URL: https://github.com/apache/maven-release/pull/118#discussion_r863513916
##
maven-release-manager/pom.xml:
##
@@ -59,14 +60,14 @@
- org.sonatype.plexus
+ org.codehaus.plexus
plexus-sec-dispatcher
- 1.3
+ 2.0
- org.sonatype.plexus
+ org.codehaus.plexus
plexus-cipher
- 1.7
+ 2.0
Review Comment:
Perfect thank you!
##
maven-release-manager/src/main/java/org/apache/maven/shared/release/DefaultReleaseManager.java:
##
@@ -37,38 +42,56 @@
import org.apache.maven.shared.release.phase.ReleasePhase;
import org.apache.maven.shared.release.phase.ResourceGenerator;
import org.apache.maven.shared.release.strategy.Strategy;
-import org.codehaus.plexus.component.annotations.Component;
-import org.codehaus.plexus.component.annotations.Requirement;
-import org.codehaus.plexus.logging.AbstractLogEnabled;
import org.codehaus.plexus.util.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import static java.util.Objects.requireNonNull;
/**
* Implementation of the release manager.
*
* @author mailto:br...@apache.org";>Brett Porter
*/
-@Component( role = ReleaseManager.class )
+@Singleton
+@Named
public class DefaultReleaseManager
-extends AbstractLogEnabled
implements ReleaseManager
{
-@Requirement
-private Map strategies;
+private static final Logger LOGGER = LoggerFactory.getLogger(
DefaultReleaseManager.class );
+
+private final Map strategies;
/**
* The available phases.
*/
-@Requirement
-private Map releasePhases;
+private final Map releasePhases;
/**
* The configuration storage.
*/
-@Requirement( hint = "properties" )
-private ReleaseDescriptorStore configStore;
+private final AtomicReference configStore;
private static final int PHASE_SKIP = 0, PHASE_START = 1, PHASE_END = 2,
GOAL_END = 12, ERROR = 99;
+@Inject
+public DefaultReleaseManager( Map strategies,
+ Map releasePhases,
+ @Named( "properties" )
ReleaseDescriptorStore configStore )
+{
+this.strategies = requireNonNull( strategies );
+this.releasePhases = requireNonNull( releasePhases );
+this.configStore = new AtomicReference<>( requireNonNull( configStore
) );
Review Comment:
Can you explain why this requires an atomic ref?
##
maven-release-manager/src/main/java/org/apache/maven/shared/release/config/PropertiesReleaseDescriptorStore.java:
##
@@ -101,21 +103,21 @@ public ReleaseDescriptorBuilder read(
ReleaseDescriptorBuilder mergeDescriptor,
}
catch ( FileNotFoundException e )
{
-getLogger().debug( file.getName() + " not found - using empty
properties" );
+LOGGER.debug( file.getName() + " not found - using empty
properties" );
}
catch ( IOException e )
{
throw new ReleaseDescriptorStoreException(
-"Error reading properties file '" + file.getName() + "': " +
e.getMessage(), e );
+"Error reading properties file '" + file.getName() + "': "
+ e.getMessage(), e );
Review Comment:
I hate this ugly duplication of exception messages, but this is not part of
this PR.
##
maven-release-manager/src/main/java/org/apache/maven/shared/release/config/PropertiesReleaseDescriptorStore.java:
##
@@ -101,21 +103,21 @@ public ReleaseDescriptorBuilder read(
ReleaseDescriptorBuilder mergeDescriptor,
}
catch ( FileNotFoundException e )
{
-getLogger().debug( file.getName() + " not found - using empty
properties" );
+LOGGER.debug( file.getName() + " not found - using empty
properties" );
}
catch ( IOException e )
{
throw new ReleaseDescriptorStoreException(
-"Error reading properties file '" + file.getName() + "': " +
e.getMessage(), e );
+"Error reading properties file '" + file.getName() + "': "
+ e.getMessage(), e );
}
-
+
try
{
-decryptProperties( properties );
+mavenCrypto.decryptProperties( properties );
}
-catch ( IllegalStateException | SecDispatcherException |
PlexusCipherException e )
+catch ( MavenCryptoException e )
{
-getLogger().debug( e.getMessage() );
+LOGGER.debug( e.getMessage() );
Review Comment:
Ha ha ha, crypto fails, but hey let's continue anyway.
##
maven-release-manager/src/main/java/org/apache/maven/shared/release/phase/AbstractRewritePomsPhase.java:
##
@@ -530,25 +537,25 @@ else if ( mappedVersion.equals( propertyValue ) )
{
// this property may have been updat
[GitHub] [maven-assembly-plugin] cstamas commented on pull request #55: Do not download whole universe
cstamas commented on PR #55: URL: https://github.com/apache/maven-assembly-plugin/pull/55#issuecomment-1115805829 We could even bolt on some existing IT, I did full IT suite build w/ and w/o this PR, here is what I got: These are states AFTER full IT suite ran successfully: Local repo by ITs * had 4192 files (master) vs 3418 files (PR). * size was 106816 bytes (master) vs 85808 bytes (PR). * CONTAINS org.eclipse.tycho maven plugin (master) vs DOES NOT contain s it (PR) And I think we got our test as well: tycho. It is a build plugin (used by sisu among others), and for sure NONE of our IT projects depend on it. Full outputs for reference below. On master (without PR): ``` cstamas@Urnebes ~/Worx/apache-maven/maven-assembly-plugin (master)$ find target/local-repo/ -type f | wc -l 4192 cstamas@Urnebes ~/Worx/apache-maven/maven-assembly-plugin (master)$ du target/local-repo/ -s 106816 target/local-repo/ cstamas@Urnebes ~/Worx/apache-maven/maven-assembly-plugin (master)$ ll target/local-repo/org/eclipse/ total 20 drwxrwxr-x 5 cstamas cstamas 4096 máj3 09:11 ./ drwxrwxr-x 24 cstamas cstamas 4096 máj3 09:11 ../ drwxrwxr-x 7 cstamas cstamas 4096 máj3 09:06 aether/ drwxrwxr-x 6 cstamas cstamas 4096 máj3 09:06 sisu/ drwxrwxr-x 18 cstamas cstamas 4096 máj3 09:11 tycho/ cstamas@Urnebes ~/Worx/apache-maven/maven-assembly-plugin (master)$ ``` On this PR: ``` cstamas@Urnebes ~/Worx/apache-maven/maven-assembly-plugin (do-not-download-whole-universe)$ find target/local-repo/ -type f | wc -l 3418 cstamas@Urnebes ~/Worx/apache-maven/maven-assembly-plugin (do-not-download-whole-universe)$ du target/local-repo/ -s 85808target/local-repo/ cstamas@Urnebes ~/Worx/apache-maven/maven-assembly-plugin (do-not-download-whole-universe)$ ll target/local-repo/org/eclipse/ total 16 drwxrwxr-x 4 cstamas cstamas 4096 máj3 08:58 ./ drwxrwxr-x 22 cstamas cstamas 4096 máj3 09:02 ../ drwxrwxr-x 7 cstamas cstamas 4096 máj3 08:58 aether/ drwxrwxr-x 6 cstamas cstamas 4096 máj3 08:58 sisu/ cstamas@Urnebes ~/Worx/apache-maven/maven-assembly-plugin (do-not-download-whole-universe)$ ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-assembly-plugin] cstamas commented on pull request #55: Do not download whole universe
cstamas commented on PR #55: URL: https://github.com/apache/maven-assembly-plugin/pull/55#issuecomment-1115805828 We could even bolt on some existing IT, I did full IT suite build w/ and w/o this PR, here is what I got: These are states AFTER full IT suite ran successfully: Local repo by ITs * had 4192 files (master) vs 3418 files (PR). * size was 106816 bytes (master) vs 85808 bytes (PR). * CONTAINS org.eclipse.tycho maven plugin (master) vs DOES NOT contain s it (PR) And I think we got our test as well: tycho. It is a build plugin (used by sisu among others), and for sure NONE of our IT projects depend on it. Full outputs for reference below. On master (without PR): ``` cstamas@Urnebes ~/Worx/apache-maven/maven-assembly-plugin (master)$ find target/local-repo/ -type f | wc -l 4192 cstamas@Urnebes ~/Worx/apache-maven/maven-assembly-plugin (master)$ du target/local-repo/ -s 106816 target/local-repo/ cstamas@Urnebes ~/Worx/apache-maven/maven-assembly-plugin (master)$ ll target/local-repo/org/eclipse/ total 20 drwxrwxr-x 5 cstamas cstamas 4096 máj3 09:11 ./ drwxrwxr-x 24 cstamas cstamas 4096 máj3 09:11 ../ drwxrwxr-x 7 cstamas cstamas 4096 máj3 09:06 aether/ drwxrwxr-x 6 cstamas cstamas 4096 máj3 09:06 sisu/ drwxrwxr-x 18 cstamas cstamas 4096 máj3 09:11 tycho/ cstamas@Urnebes ~/Worx/apache-maven/maven-assembly-plugin (master)$ ``` On this PR: ``` cstamas@Urnebes ~/Worx/apache-maven/maven-assembly-plugin (do-not-download-whole-universe)$ find target/local-repo/ -type f | wc -l 3418 cstamas@Urnebes ~/Worx/apache-maven/maven-assembly-plugin (do-not-download-whole-universe)$ du target/local-repo/ -s 85808target/local-repo/ cstamas@Urnebes ~/Worx/apache-maven/maven-assembly-plugin (do-not-download-whole-universe)$ ll target/local-repo/org/eclipse/ total 16 drwxrwxr-x 4 cstamas cstamas 4096 máj3 08:58 ./ drwxrwxr-x 22 cstamas cstamas 4096 máj3 09:02 ../ drwxrwxr-x 7 cstamas cstamas 4096 máj3 08:58 aether/ drwxrwxr-x 6 cstamas cstamas 4096 máj3 08:58 sisu/ cstamas@Urnebes ~/Worx/apache-maven/maven-assembly-plugin (do-not-download-whole-universe)$ ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MRELEASE-839) Unable to supply tag to release for release:perform
[
https://issues.apache.org/jira/browse/MRELEASE-839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17531079#comment-17531079
]
Vilius Šumskas commented on MRELEASE-839:
-
I can do tests if needed however I'm not Java developer so I'm unable to
provide PR. The main issue here is that since changes in MRELEASE-796 arguments
to git is passed incorrectly.
*Tests I performed*
This works without errors:
{code:java}
mvn org.apache.maven.plugins:maven-release-plugin:2.2.2:perform
-DconnectionUrl=scm:git:https://gitlab.com/fake/r365-autoconfig.git
-Dtag=0.1.14 -DuseReleaseProfile=false{code}
{code:java}
[INFO] Executing: cmd.exe /X /C "git clone
https://gitlab.com/fake/r365-autoconfig.git
C:\temp1\r365-autoconfig\target\checkout"
[INFO] Executing: cmd.exe /X /C "git ls-remote
https://gitlab.com/fake/r365-autoconfig.git";
[INFO] Executing: cmd.exe /X /C "git fetch
https://gitlab.com/fake/r365-autoconfig.git";
[INFO] Executing: cmd.exe /X /C "git checkout 0.1.14"
...build starts
{code}
however you cannot use it -DlocalCheckout=true:
{code:java}
mvn org.apache.maven.plugins:maven-release-plugin:2.2.2:perform
-DconnectionUrl=scm:git:https://gitlab.com/fake/r365-autoconfig.git
-Dtag=0.1.14 -DuseReleaseProfile=false -DlocalCheckout=true{code}
{code:java}
[INFO] Executing: cmd.exe /X /C "git clone file://C\temp1\r365-autoconfig
C:\temp1\r365-autoconfig\target\checkout"
[INFO] Working directory: C:\temp1\r365-autoconfig\target
[ERROR] Failed to execute goal
org.apache.maven.plugins:maven-release-plugin:2.2.2:perform (default-cli) on
project r365-autoconfig: Unable to checkout from SCM
[ERROR] Provider message:
[ERROR] The git-clone command failed.
[ERROR] Command output:
[ERROR] Cloning into 'C:\temp1\r365-autoconfig\target\checkout'...
[ERROR] fatal: '/C/temp1/r365-autoconfig' does not appear to be a git
repository{code}
With 2.3.2 it works, and this time you can use it with localCheckout too:
{code:java}
mvn org.apache.maven.plugins:maven-release-plugin:2.3.2:perform
-DconnectionUrl=scm:git:https://gitlab.com/fake/r365-autoconfig.git
-Dtag=0.1.14 -DuseReleaseProfile=false{code}
{code:java}
[INFO] Executing: cmd.exe /X /C "git clone --branch 0.1.14
https://gitlab.com/fake/r365-autoconfig.git
C:\temp1\r365-autoconfig\target\checkout"
[INFO] Executing: cmd.exe /X /C "git ls-remote
https://gitlab.com/fake/r365-autoconfig.git";
[INFO] Executing: cmd.exe /X /C "git fetch
https://gitlab.com/fake/r365-autoconfig.git";
[INFO] Executing: cmd.exe /X /C "git checkout 0.1.14"
...build starts{code}
{code:java}
mvn org.apache.maven.plugins:maven-release-plugin:2.3.2:perform
-DconnectionUrl=scm:git:https://gitlab.com/fake/r365-autoconfig.git
-Dtag=0.1.14 -DuseReleaseProfile=false -DlocalCheckout=true{code}
{code:java}
[INFO] Executing: cmd.exe /X /C "git clone --branch 0.1.14
file:///C:\temp1\r365-autoconfig C:\temp1\r365-autoconfig\target\checkout"
[INFO] Executing: cmd.exe /X /C "git ls-remote file:///C:\temp1\r365-autoconfig"
[INFO] Executing: cmd.exe /X /C "git fetch file:///C:\temp1\r365-autoconfig"
[INFO] Executing: cmd.exe /X /C "git checkout 0.1.14"
..build starts{code}
Anything above 2.3.2 produces errors with or without localCheckout:
{code:java}
mvn org.apache.maven.plugins:maven-release-plugin:2.5.2:perform
-DconnectionUrl=scm:git:https://gitlab.com/fake/r365-autoconfig.git
-Dtag=0.1.14 -DuseReleaseProfile=false{code}
{code:java}
[INFO] Executing: cmd.exe /X /C "git clone --branch
https://gitlab.com/fake/r365-autoconfig.git
C:\temp1\r365-autoconfig\target\checkout"
[ERROR] Failed to execute goal
org.apache.maven.plugins:maven-release-plugin:2.5.2:perform (default-cli) on
project r365-autoconfig: Unable to checkout from SCM
[ERROR] Provider message:
[ERROR] The git-clone command failed.
[ERROR] Command output:
[ERROR] Cloning into 'checkout'...
[ERROR] fatal: Remote branch https://gitlab.com/fake/r365-autoconfig.git not
found in upstream origin{code}
{code:java}
mvn org.apache.maven.plugins:maven-release-plugin:3.0.0-M5:perform
-DconnectionUrl=scm:git:https://gitlab.com/fake/r365-autoconfig.git
-Dtag=0.1.14 -DuseReleaseProfile=false{code}
{code:java}
[INFO] Executing: cmd.exe /X /C "git clone --depth 1 --branch
https://gitlab.com/fake/r365-autoconfig.git checkout"
[ERROR] Failed to execute goal
org.apache.maven.plugins:maven-release-plugin:3.0.0-M5:perform (default-cli) on
project r365-autoconfig: Unable to checkout from SCM
[ERROR] Provider message:
[ERROR] The git-clone command failed.
[ERROR] Command output:
[ERROR] fatal: repository 'checkout' does not exist{code}
> Unable to supply tag to release for release:perform
> ---
>
> Key: MRELEASE-839
> URL: https://issues.apache.org/jira/browse/MRELEASE-839
> Project: Maven Release Plugin
> Issue Type: Bug
[jira] [Created] (MASSEMBLY-956) Plugin resolves even plugins used to build dependencies
Tamás Cservenák created MASSEMBLY-956: - Summary: Plugin resolves even plugins used to build dependencies Key: MASSEMBLY-956 URL: https://issues.apache.org/jira/browse/MASSEMBLY-956 Project: Maven Assembly Plugin Issue Type: Task Components: dependencySet Reporter: Tamás Cservenák -- This message was sent by Atlassian Jira (v8.20.7#820007)
[GitHub] [maven-release] cstamas commented on a diff in pull request #118: Catch up
cstamas commented on code in PR #118:
URL: https://github.com/apache/maven-release/pull/118#discussion_r863535359
##
maven-release-manager/src/main/java/org/apache/maven/shared/release/DefaultReleaseManager.java:
##
@@ -37,38 +42,56 @@
import org.apache.maven.shared.release.phase.ReleasePhase;
import org.apache.maven.shared.release.phase.ResourceGenerator;
import org.apache.maven.shared.release.strategy.Strategy;
-import org.codehaus.plexus.component.annotations.Component;
-import org.codehaus.plexus.component.annotations.Requirement;
-import org.codehaus.plexus.logging.AbstractLogEnabled;
import org.codehaus.plexus.util.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import static java.util.Objects.requireNonNull;
/**
* Implementation of the release manager.
*
* @author mailto:br...@apache.org";>Brett Porter
*/
-@Component( role = ReleaseManager.class )
+@Singleton
+@Named
public class DefaultReleaseManager
-extends AbstractLogEnabled
implements ReleaseManager
{
-@Requirement
-private Map strategies;
+private static final Logger LOGGER = LoggerFactory.getLogger(
DefaultReleaseManager.class );
+
+private final Map strategies;
/**
* The available phases.
*/
-@Requirement
-private Map releasePhases;
+private final Map releasePhases;
/**
* The configuration storage.
*/
-@Requirement( hint = "properties" )
-private ReleaseDescriptorStore configStore;
+private final AtomicReference configStore;
private static final int PHASE_SKIP = 0, PHASE_START = 1, PHASE_END = 2,
GOAL_END = 12, ERROR = 99;
+@Inject
+public DefaultReleaseManager( Map strategies,
+ Map releasePhases,
+ @Named( "properties" )
ReleaseDescriptorStore configStore )
+{
+this.strategies = requireNonNull( strategies );
+this.releasePhases = requireNonNull( releasePhases );
+this.configStore = new AtomicReference<>( requireNonNull( configStore
) );
Review Comment:
A few lines lower there is a **setter** for config store, that is used in UT
ONLY. Simply put: for sanity sake, to keep ctor injection and keep all member
final, BUT to not completely rewrite tests, I did it like this. The setter has
comment on it.
This pattern is applied on several places, as sadly UTs were written with
"plexus on mind", so they lookup component from container and then change
members to some mocks... changed to pure ctor injection where I could, but
there are some complicated UTs that I just gave up, and added setter + atomic
ref to save my sanity :smile:
All this should not bother anything at "runtime" (in prod), when plugin runs
in build.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [maven-assembly-plugin] cstamas commented on pull request #55: [MASSEMBLY-956] Resolve only what is needed for final assembly
cstamas commented on PR #55: URL: https://github.com/apache/maven-assembly-plugin/pull/55#issuecomment-1115822557 @rfscholte added IT that FAILS on master, and PASSES OK on this branch See 3d2eadf871c82f7996ba46b54d4f481f49b7cc67 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-release] michael-o commented on a diff in pull request #118: Catch up
michael-o commented on code in PR #118:
URL: https://github.com/apache/maven-release/pull/118#discussion_r863541722
##
maven-release-manager/src/main/java/org/apache/maven/shared/release/DefaultReleaseManager.java:
##
@@ -37,38 +42,56 @@
import org.apache.maven.shared.release.phase.ReleasePhase;
import org.apache.maven.shared.release.phase.ResourceGenerator;
import org.apache.maven.shared.release.strategy.Strategy;
-import org.codehaus.plexus.component.annotations.Component;
-import org.codehaus.plexus.component.annotations.Requirement;
-import org.codehaus.plexus.logging.AbstractLogEnabled;
import org.codehaus.plexus.util.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import static java.util.Objects.requireNonNull;
/**
* Implementation of the release manager.
*
* @author mailto:br...@apache.org";>Brett Porter
*/
-@Component( role = ReleaseManager.class )
+@Singleton
+@Named
public class DefaultReleaseManager
-extends AbstractLogEnabled
implements ReleaseManager
{
-@Requirement
-private Map strategies;
+private static final Logger LOGGER = LoggerFactory.getLogger(
DefaultReleaseManager.class );
+
+private final Map strategies;
/**
* The available phases.
*/
-@Requirement
-private Map releasePhases;
+private final Map releasePhases;
/**
* The configuration storage.
*/
-@Requirement( hint = "properties" )
-private ReleaseDescriptorStore configStore;
+private final AtomicReference configStore;
private static final int PHASE_SKIP = 0, PHASE_START = 1, PHASE_END = 2,
GOAL_END = 12, ERROR = 99;
+@Inject
+public DefaultReleaseManager( Map strategies,
+ Map releasePhases,
+ @Named( "properties" )
ReleaseDescriptorStore configStore )
+{
+this.strategies = requireNonNull( strategies );
+this.releasePhases = requireNonNull( releasePhases );
+this.configStore = new AtomicReference<>( requireNonNull( configStore
) );
Review Comment:
Thanks...
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [maven-assembly-plugin] cstamas commented on pull request #55: [MASSEMBLY-956] Resolve only what is needed for final assembly
cstamas commented on PR #55: URL: https://github.com/apache/maven-assembly-plugin/pull/55#issuecomment-1115836070 Hm, not the best IT: as all IT share same local repo, it may end up in false positive somewhere in future (as current state is ok: fails on master, passes ok on branch), as if some future IT adds tycho dependency, this IT will fail (also, depending on run order). Best would be if this new IT would be able to use it's own dedicated local repo Any idea how to achieve that? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-assembly-plugin] rfscholte commented on pull request #55: [MASSEMBLY-956] Resolve only what is needed for final assembly
rfscholte commented on PR #55: URL: https://github.com/apache/maven-assembly-plugin/pull/55#issuecomment-1115868232 IIRC this plugin uses the mock repository manager, so it should be easy to define dependencies there. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MGPG-85) Regression in maven-metadata for SNAPSHOTs between 1.6 and 3.0.1
[
https://issues.apache.org/jira/browse/MGPG-85?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17531126#comment-17531126
]
Michael Osipov commented on MGPG-85:
I didn't say that. We first to figure out who generates the metadata. I don't
know htis plugin at all.
> Regression in maven-metadata for SNAPSHOTs between 1.6 and 3.0.1
>
>
> Key: MGPG-85
> URL: https://issues.apache.org/jira/browse/MGPG-85
> Project: Maven GPG Plugin
> Issue Type: Bug
>Affects Versions: 3.0.1
>Reporter: Jonah Graham
>Priority: Major
>
> Hello, on the Eclipse LSP4J project we use gpg:sign-and-deploy-file to upload
> files to Nexus snapshots. As we didn't specify version number when 3.0.1 was
> released last year we started using it automatically instead of 1.6 which we
> had been using previously.
> In 3.0.1 the buildNumber of multiple files uploaded together are different,
> e.g. you get a maven-metadata that looks like this:
>
> {code:java}
>
>
> org.eclipse.lsp4j
> org.eclipse.lsp4j
>
> 20220429053938
>
> 20220429.053938
> 94
>
>
>
> javadoc
> jar
> 0.13.0-20220429.053938-94
> 20220429053938
>
>
> sources
> jar
> 0.13.0-20220429.053938-93
> 20220429053938
>
>
> jar
> 0.13.0-20220429.053938-92
> 20220429053938
>
>
> pom
> 0.13.0-20220429.053938-92
> 20220429053938
>
>
>
> 0.13.0-SNAPSHOT
> {code}
> Note above how the snapshotVersions have -92, -93 and -94 for the different
> classifiers. This is (I believe) a bug, and a regression (or at least change
> in behaviour) since 1.6. In 1.6 we get this:
> {code:java}
>
>
> org.eclipse.lsp4j
> org.eclipse.lsp4j
>
> 20220502160227
>
> 20220502.160227
> 105
>
>
>
> jar
> 0.13.0-20220502.160227-105
> 20220502160227
>
>
> pom
> 0.13.0-20220502.160227-105
> 20220502160227
>
>
> javadoc
> jar
> 0.13.0-20220502.160227-105
> 20220502160227
>
>
> sources
> jar
> 0.13.0-20220502.160227-105
> 20220502160227
>
>
>
> 0.13.0-SNAPSHOT
>
> {code}
> Where all the parts are -105.
> This issue causes a concrete problem as gradle cannot consume such snapshots
> - see [https://github.com/gradle/gradle/issues/20605]
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[GitHub] [maven-indexer] slawekjaranowski commented on a diff in pull request #207: Make project Java 11
slawekjaranowski commented on code in PR #207:
URL: https://github.com/apache/maven-indexer/pull/207#discussion_r863644700
##
.github/workflows/maven-verify.yml:
##
@@ -25,5 +25,9 @@ jobs:
build:
name: Verify
uses: apache/maven-gh-actions-shared/.github/workflows/maven-verify.yml@v2
+with:
+ ff-jdk: '17'
+ maven_version: 3.8.5
+ jdk-matrix: '[ "17" ]'
Review Comment:
Why only 17?
You can exclude only jdk 8
```
matrix-exclude: >
[ {"jdk": "8"} ]
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [maven-indexer] cstamas commented on a diff in pull request #207: Make project Java 11
cstamas commented on code in PR #207: URL: https://github.com/apache/maven-indexer/pull/207#discussion_r863645294 ## .github/workflows/maven-verify.yml: ## @@ -25,5 +25,9 @@ jobs: build: name: Verify uses: apache/maven-gh-actions-shared/.github/workflows/maven-verify.yml@v2 +with: + ff-jdk: '17' + maven_version: 3.8.5 + jdk-matrix: '[ "17" ]' Review Comment: See here https://github.com/apache/maven-indexer/pull/207#issuecomment-1115316420 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (MRELEASE-839) Unable to supply tag to release for release:perform
[ https://issues.apache.org/jira/browse/MRELEASE-839?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Slawomir Jaranowski updated MRELEASE-839: - Labels: up-for-grabs (was: ) > Unable to supply tag to release for release:perform > --- > > Key: MRELEASE-839 > URL: https://issues.apache.org/jira/browse/MRELEASE-839 > Project: Maven Release Plugin > Issue Type: Bug > Components: perform >Affects Versions: 2.4.1 >Reporter: Tuure Laurinolli >Priority: Major > Labels: up-for-grabs > > The documentation at > http://maven.apache.org/maven-release/maven-release-plugin/examples/perform-release.html > and > http://maven.apache.org/maven-release/maven-release-plugin/plugin-info.html > claims that releases can be ma de of a specific tag, but no mechanism for > this is specified. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Commented] (MRELEASE-839) Unable to supply tag to release for release:perform
[
https://issues.apache.org/jira/browse/MRELEASE-839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17531134#comment-17531134
]
Slawomir Jaranowski commented on MRELEASE-839:
--
{quote}
I'm not Java developer
{quote}
I hope there are many Java developers who can help and provide PR.
So don't wait simply do it.
> Unable to supply tag to release for release:perform
> ---
>
> Key: MRELEASE-839
> URL: https://issues.apache.org/jira/browse/MRELEASE-839
> Project: Maven Release Plugin
> Issue Type: Bug
> Components: perform
>Affects Versions: 2.4.1
>Reporter: Tuure Laurinolli
>Priority: Major
> Labels: up-for-grabs
>
> The documentation at
> http://maven.apache.org/maven-release/maven-release-plugin/examples/perform-release.html
> and
> http://maven.apache.org/maven-release/maven-release-plugin/plugin-info.html
> claims that releases can be ma de of a specific tag, but no mechanism for
> this is specified.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[GitHub] [maven] michael-o commented on a diff in pull request #731: [MNG-7464] Warn about using read-only parameters for Mojo in configuration
michael-o commented on code in PR #731:
URL: https://github.com/apache/maven/pull/731#discussion_r863687256
##
maven-core/src/main/java/org/apache/maven/plugin/internal/AbstractMavenPluginParametersValidator.java:
##
@@ -0,0 +1,152 @@
+package org.apache.maven.plugin.internal;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import java.util.Arrays;
+import java.util.List;
+
+import org.apache.maven.plugin.descriptor.Parameter;
+import org.apache.maven.shared.utils.logging.MessageBuilder;
+import org.apache.maven.shared.utils.logging.MessageUtils;
+import
org.codehaus.plexus.component.configurator.expression.ExpressionEvaluationException;
+import
org.codehaus.plexus.component.configurator.expression.ExpressionEvaluator;
+import org.codehaus.plexus.configuration.PlexusConfiguration;
+import org.slf4j.Logger;
+
+/**
+ * Common implementations for plugin parameters configuration validation.
+ *
+ * @author Slawomir Jaranowski
+ */
+abstract class AbstractMavenPluginParametersValidator implements
MavenPluginConfigurationValidator
+{
+
+// plugin author can provide @Parameter( property = "session" ) in this
case property will always evaluate
+// so, we need ignore those
+
+// source org.apache.maven.plugin.PluginParameterExpressionEvaluator
+private static final List IGNORED_PROPERTY_VALUES = Arrays.asList(
+"basedir",
+"executedProject",
+"localRepository",
+"mojo",
+"mojoExecution",
+"plugin",
+"project",
+"reactorProjects",
+"session",
+"settings"
+);
+
+private static final List IGNORED_PROPERTY_PREFIX = Arrays.asList(
+"mojo.",
+"plugin.",
+"project.",
+"session.",
+"settings."
+);
+
+protected abstract Logger getLogger();
+
+protected static boolean isValueSet( PlexusConfiguration config,
+ ExpressionEvaluator
expressionEvaluator )
+{
+if ( config == null )
+{
+return false;
+}
+
+// there are sub items ... so configuration is declared
+if ( config.getChildCount() > 0 )
+{
+return true;
+}
+
+String strValue = config.getValue();
+
+if ( strValue == null || strValue.isEmpty() )
+{
+return false;
+}
+
+if ( isIgnoredProperty( strValue ) )
+{
+return false;
+}
+
+// for declaration like @Parameter( property = "config.property" )
+// the value will contains ${config.property}
Review Comment:
will contain
##
maven-core/src/main/java/org/apache/maven/plugin/internal/ReadOnlyPluginParametersValidator.java:
##
@@ -0,0 +1,80 @@
+package org.apache.maven.plugin.internal;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import javax.inject.Named;
+import javax.inject.Singleton;
+
+import org.apache.maven.plugin.descriptor.MojoDescriptor;
+import org.apache.maven.plugin.descriptor.Parameter;
+import
org.codehaus.plexus.component.configurator.expression.ExpressionEvaluator;
+import org.codehaus.plexus.configuration.PlexusConfiguration;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Print warnings if read-only parameters of plugin are used in configuration.
+ *
+ * @author Slawomir Jaranowski
+ */
+@Named
+@Singleton
+public class ReadOnlyPluginPar
[jira] [Commented] (MNG-7464) Warn about using read-only parameters for Mojo in configuration
[
https://issues.apache.org/jira/browse/MNG-7464?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17531151#comment-17531151
]
ASF GitHub Bot commented on MNG-7464:
-
michael-o commented on code in PR #731:
URL: https://github.com/apache/maven/pull/731#discussion_r863687256
##
maven-core/src/main/java/org/apache/maven/plugin/internal/AbstractMavenPluginParametersValidator.java:
##
@@ -0,0 +1,152 @@
+package org.apache.maven.plugin.internal;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import java.util.Arrays;
+import java.util.List;
+
+import org.apache.maven.plugin.descriptor.Parameter;
+import org.apache.maven.shared.utils.logging.MessageBuilder;
+import org.apache.maven.shared.utils.logging.MessageUtils;
+import
org.codehaus.plexus.component.configurator.expression.ExpressionEvaluationException;
+import
org.codehaus.plexus.component.configurator.expression.ExpressionEvaluator;
+import org.codehaus.plexus.configuration.PlexusConfiguration;
+import org.slf4j.Logger;
+
+/**
+ * Common implementations for plugin parameters configuration validation.
+ *
+ * @author Slawomir Jaranowski
+ */
+abstract class AbstractMavenPluginParametersValidator implements
MavenPluginConfigurationValidator
+{
+
+// plugin author can provide @Parameter( property = "session" ) in this
case property will always evaluate
+// so, we need ignore those
+
+// source org.apache.maven.plugin.PluginParameterExpressionEvaluator
+private static final List IGNORED_PROPERTY_VALUES = Arrays.asList(
+"basedir",
+"executedProject",
+"localRepository",
+"mojo",
+"mojoExecution",
+"plugin",
+"project",
+"reactorProjects",
+"session",
+"settings"
+);
+
+private static final List IGNORED_PROPERTY_PREFIX = Arrays.asList(
+"mojo.",
+"plugin.",
+"project.",
+"session.",
+"settings."
+);
+
+protected abstract Logger getLogger();
+
+protected static boolean isValueSet( PlexusConfiguration config,
+ ExpressionEvaluator
expressionEvaluator )
+{
+if ( config == null )
+{
+return false;
+}
+
+// there are sub items ... so configuration is declared
+if ( config.getChildCount() > 0 )
+{
+return true;
+}
+
+String strValue = config.getValue();
+
+if ( strValue == null || strValue.isEmpty() )
+{
+return false;
+}
+
+if ( isIgnoredProperty( strValue ) )
+{
+return false;
+}
+
+// for declaration like @Parameter( property = "config.property" )
+// the value will contains ${config.property}
Review Comment:
will contain
##
maven-core/src/main/java/org/apache/maven/plugin/internal/ReadOnlyPluginParametersValidator.java:
##
@@ -0,0 +1,80 @@
+package org.apache.maven.plugin.internal;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import javax.inject.Named;
+import javax.inject.Singleton;
+
+import org.apache.maven.plugin.descriptor.MojoDescriptor;
+import org.apache.maven.plugin.descriptor.Parameter;
+import
org.codehaus.plexus.component.configurator.expression.ExpressionEvaluator;
+import org.codehaus.plexus.configuration.PlexusConf
[GitHub] [maven] michael-o commented on a diff in pull request #731: [MNG-7464] Warn about using read-only parameters for Mojo in configuration
michael-o commented on code in PR #731:
URL: https://github.com/apache/maven/pull/731#discussion_r863688136
##
maven-core/src/main/java/org/apache/maven/plugin/internal/ReadOnlyPluginParametersValidator.java:
##
@@ -0,0 +1,80 @@
+package org.apache.maven.plugin.internal;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import javax.inject.Named;
+import javax.inject.Singleton;
+
+import org.apache.maven.plugin.descriptor.MojoDescriptor;
+import org.apache.maven.plugin.descriptor.Parameter;
+import
org.codehaus.plexus.component.configurator.expression.ExpressionEvaluator;
+import org.codehaus.plexus.configuration.PlexusConfiguration;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Print warnings if read-only parameters of plugin are used in configuration.
+ *
+ * @author Slawomir Jaranowski
+ */
+@Named
+@Singleton
+public class ReadOnlyPluginParametersValidator extends
AbstractMavenPluginParametersValidator
+{
+private static final Logger LOGGER = LoggerFactory.getLogger(
ReadOnlyPluginParametersValidator.class );
+
+@Override
+protected Logger getLogger()
+{
+return LOGGER;
+}
+
+@Override
+protected String getParameterLogReason( Parameter parameter )
+{
+return "is read-only, should not be used in configuration";
Review Comment:
Are you going to change this message?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[jira] [Commented] (MNG-7464) Warn about using read-only parameters for Mojo in configuration
[
https://issues.apache.org/jira/browse/MNG-7464?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17531161#comment-17531161
]
ASF GitHub Bot commented on MNG-7464:
-
michael-o commented on code in PR #731:
URL: https://github.com/apache/maven/pull/731#discussion_r863688136
##
maven-core/src/main/java/org/apache/maven/plugin/internal/ReadOnlyPluginParametersValidator.java:
##
@@ -0,0 +1,80 @@
+package org.apache.maven.plugin.internal;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import javax.inject.Named;
+import javax.inject.Singleton;
+
+import org.apache.maven.plugin.descriptor.MojoDescriptor;
+import org.apache.maven.plugin.descriptor.Parameter;
+import
org.codehaus.plexus.component.configurator.expression.ExpressionEvaluator;
+import org.codehaus.plexus.configuration.PlexusConfiguration;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Print warnings if read-only parameters of plugin are used in configuration.
+ *
+ * @author Slawomir Jaranowski
+ */
+@Named
+@Singleton
+public class ReadOnlyPluginParametersValidator extends
AbstractMavenPluginParametersValidator
+{
+private static final Logger LOGGER = LoggerFactory.getLogger(
ReadOnlyPluginParametersValidator.class );
+
+@Override
+protected Logger getLogger()
+{
+return LOGGER;
+}
+
+@Override
+protected String getParameterLogReason( Parameter parameter )
+{
+return "is read-only, should not be used in configuration";
Review Comment:
Are you going to change this message?
> Warn about using read-only parameters for Mojo in configuration
> ---
>
> Key: MNG-7464
> URL: https://issues.apache.org/jira/browse/MNG-7464
> Project: Maven
> Issue Type: New Feature
>Reporter: Slawomir Jaranowski
>Assignee: Slawomir Jaranowski
>Priority: Major
> Fix For: 3.9.0, 4.0.0-alpha-1, 4.0.0
>
>
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[GitHub] [maven-mvnd] cstamas opened a new pull request, #633: Drop Maven dupe classes
cstamas opened a new pull request, #633: URL: https://github.com/apache/maven-mvnd/pull/633 That has been fixed in Maven version used by mvnd. Last bit is MavenCli/DaemonCli that is currently "almost" a copy, but they do not share any code. On master DefaultModelBuilder and DefaultModelBuilderFactory (coming from maven. not copied in mvnd) are "disconnected", as one method is missing from DefaultModelBuilder. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-compiler-plugin] dependabot[bot] opened a new pull request, #122: Bump plexusCompilerVersion from 2.11.2-SNAPSHOT to 2.12.0
dependabot[bot] opened a new pull request, #122: URL: https://github.com/apache/maven-compiler-plugin/pull/122 Bumps `plexusCompilerVersion` from 2.11.2-SNAPSHOT to 2.12.0. Updates `plexus-compiler-api` from 2.11.2-SNAPSHOT to 2.12.0 Release notes Sourced from https://github.com/codehaus-plexus/plexus-compiler/releases";>plexus-compiler-api's releases. 2.12.0 🚀 New features and improvements fully ignore any possible jdk bug (https://github-redirect.dependabot.com/codehaus-plexus/plexus-compiler/issues/204";>#204) https://github.com/olamy";>@olamy [MCOMPILER-402] Add implicitOption to CompilerConfiguration (https://github-redirect.dependabot.com/codehaus-plexus/plexus-compiler/issues/202";>#202) https://github.com/pzygielo";>@pzygielo 📦 Dependency updates Bump maven-surefire-plugin from 3.0.0-M5 to 3.0.0-M6 (https://github-redirect.dependabot.com/codehaus-plexus/plexus-compiler/issues/207";>#207) https://github.com/dependabot";>@dependabot Bump error_prone_core from 2.11.0 to 2.13.1 (https://github-redirect.dependabot.com/codehaus-plexus/plexus-compiler/issues/210";>#210) https://github.com/dependabot";>@dependabot Bump github/codeql-action from 1 to 2 (https://github-redirect.dependabot.com/codehaus-plexus/plexus-compiler/issues/211";>#211) https://github.com/dependabot";>@dependabot Bump ecj from 3.28.0 to 3.29.0 (https://github-redirect.dependabot.com/codehaus-plexus/plexus-compiler/issues/203";>#203) https://github.com/dependabot";>@dependabot Bump release-drafter/release-drafter from 5.18.1 to 5.19.0 (https://github-redirect.dependabot.com/codehaus-plexus/plexus-compiler/issues/200";>#200) https://github.com/dependabot";>@dependabot Commits See full diff in https://github.com/codehaus-plexus/plexus-compiler/commits/plexus-compiler-2.12.0";>compare view Updates `plexus-compiler-manager` from 2.11.2-SNAPSHOT to 2.12.0 Release notes Sourced from https://github.com/codehaus-plexus/plexus-compiler/releases";>plexus-compiler-manager's releases. 2.12.0 🚀 New features and improvements fully ignore any possible jdk bug (https://github-redirect.dependabot.com/codehaus-plexus/plexus-compiler/issues/204";>#204) https://github.com/olamy";>@olamy [MCOMPILER-402] Add implicitOption to CompilerConfiguration (https://github-redirect.dependabot.com/codehaus-plexus/plexus-compiler/issues/202";>#202) https://github.com/pzygielo";>@pzygielo 📦 Dependency updates Bump maven-surefire-plugin from 3.0.0-M5 to 3.0.0-M6 (https://github-redirect.dependabot.com/codehaus-plexus/plexus-compiler/issues/207";>#207) https://github.com/dependabot";>@dependabot Bump error_prone_core from 2.11.0 to 2.13.1 (https://github-redirect.dependabot.com/codehaus-plexus/plexus-compiler/issues/210";>#210) https://github.com/dependabot";>@dependabot Bump github/codeql-action from 1 to 2 (https://github-redirect.dependabot.com/codehaus-plexus/plexus-compiler/issues/211";>#211) https://github.com/dependabot";>@dependabot Bump ecj from 3.28.0 to 3.29.0 (https://github-redirect.dependabot.com/codehaus-plexus/plexus-compiler/issues/203";>#203) https://github.com/dependabot";>@dependabot Bump release-drafter/release-drafter from 5.18.1 to 5.19.0 (https://github-redirect.dependabot.com/codehaus-plexus/plexus-compiler/issues/200";>#200) https://github.com/dependabot";>@dependabot Commits See full diff in https://github.com/codehaus-plexus/plexus-compiler/commits/plexus-compiler-2.12.0";>compare view Updates `plexus-compiler-javac` from 2.11.2-SNAPSHOT to 2.12.0 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more fo
[GitHub] [maven-mvnd] gnodet merged pull request #633: Drop Maven dupe classes
gnodet merged PR #633: URL: https://github.com/apache/maven-mvnd/pull/633 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-mvnd] gnodet commented on issue #609: [discussion] synchronization of code copied from Maven core
gnodet commented on issue #609: URL: https://github.com/apache/maven-mvnd/issues/609#issuecomment-1116259903 #633 has removed a few classes already -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-mvnd] gnodet merged pull request #632: FIx files generated with wrong user id, fixes #627
gnodet merged PR #632: URL: https://github.com/apache/maven-mvnd/pull/632 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-mvnd] gnodet closed issue #627: building libmvndnative.* creates root files in target directory
gnodet closed issue #627: building libmvndnative.* creates root files in target directory URL: https://github.com/apache/maven-mvnd/issues/627 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MNG-6026) Extend the Project Object Model (POM) with trust information (OpenPGP, hash values)
[
https://issues.apache.org/jira/browse/MNG-6026?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17531268#comment-17531268
]
Martin Monperrus commented on MNG-6026:
---
[~michael-o] thanks a lot that's very useful.
What's the timeline for model version 5?
> Extend the Project Object Model (POM) with trust information (OpenPGP, hash
> values)
> ---
>
> Key: MNG-6026
> URL: https://issues.apache.org/jira/browse/MNG-6026
> Project: Maven
> Issue Type: New Feature
> Components: Core
>Reporter: Florian Schmaus
>Priority: Major
> Labels: artifact-verification, security
>
> The origin of this feature request is the Stackoverflow question
> ["Verification of dependency authenticity in Maven POM based automated build
> systems"|http://stackoverflow.com/a/34795359/194894], and [especially a SO
> user requesting me to put this
> up|http://stackoverflow.com/questions/3307146/verification-of-dependency-authenticy-in-maven-pom-based-automated-build-systems/34795359?noredirect=1#comment62178671_34795359].
> h2. Extend the Project Object Model (POM) with trust information (OpenPGP -
> RFC 4480 and hash values)
> What we need is the possibility to model a trust relation from your project
> or artifact to the declared dependencies. So that, if all involved parties
> declare such a relation, we are able to create a "chain of trust" from the
> root (e.g. the project) over its dependencies down to the very last
> transitive dependency. The Project Object Model (POM) needs to be extended by
> a element for dependencies.
> h3. Current Situation
> Right now we have something like
> {code:xml}
>
> junit
> junit
> 4.0
>
> {code}
> h3. Hard dependencies
> For hard dependencies, could include the sha256sum of artifact
> and its POM file:
> {code:xml}
>
> junit
> junit
> [4.0]
>
>
> [sha256 of junit pom file]
> [sha256sum of artifact (junit.jar)]
>
>
>
> {code}
> h3. Soft dependencies
> If soft. also called "ranged" or "dynamic", dependencies are used, then we
> could specify the public key (or multiple) of the keypair used to sign the
> artifacts
> {code:xml}
>
> junit
> junit
> [4.0,4.5)
>
> [secure fingerprint of OpenPGP key used to sign the junit
> artifact(s)]
>
>
>
> {code}
> I'm not sure if this is the right place to raise an feature request for the
> POM format itself. I've already tried to get in touch with the right people
> about this feature request, but failed. I'm willing to help designing and
> implementing this, but need guidance.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] [Commented] (MNG-6026) Extend the Project Object Model (POM) with trust information (OpenPGP, hash values)
[
https://issues.apache.org/jira/browse/MNG-6026?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17531272#comment-17531272
]
Michael Osipov commented on MNG-6026:
-
Don't expect this to happen this year
> Extend the Project Object Model (POM) with trust information (OpenPGP, hash
> values)
> ---
>
> Key: MNG-6026
> URL: https://issues.apache.org/jira/browse/MNG-6026
> Project: Maven
> Issue Type: New Feature
> Components: Core
>Reporter: Florian Schmaus
>Priority: Major
> Labels: artifact-verification, security
>
> The origin of this feature request is the Stackoverflow question
> ["Verification of dependency authenticity in Maven POM based automated build
> systems"|http://stackoverflow.com/a/34795359/194894], and [especially a SO
> user requesting me to put this
> up|http://stackoverflow.com/questions/3307146/verification-of-dependency-authenticy-in-maven-pom-based-automated-build-systems/34795359?noredirect=1#comment62178671_34795359].
> h2. Extend the Project Object Model (POM) with trust information (OpenPGP -
> RFC 4480 and hash values)
> What we need is the possibility to model a trust relation from your project
> or artifact to the declared dependencies. So that, if all involved parties
> declare such a relation, we are able to create a "chain of trust" from the
> root (e.g. the project) over its dependencies down to the very last
> transitive dependency. The Project Object Model (POM) needs to be extended by
> a element for dependencies.
> h3. Current Situation
> Right now we have something like
> {code:xml}
>
> junit
> junit
> 4.0
>
> {code}
> h3. Hard dependencies
> For hard dependencies, could include the sha256sum of artifact
> and its POM file:
> {code:xml}
>
> junit
> junit
> [4.0]
>
>
> [sha256 of junit pom file]
> [sha256sum of artifact (junit.jar)]
>
>
>
> {code}
> h3. Soft dependencies
> If soft. also called "ranged" or "dynamic", dependencies are used, then we
> could specify the public key (or multiple) of the keypair used to sign the
> artifacts
> {code:xml}
>
> junit
> junit
> [4.0,4.5)
>
> [secure fingerprint of OpenPGP key used to sign the junit
> artifact(s)]
>
>
>
> {code}
> I'm not sure if this is the right place to raise an feature request for the
> POM format itself. I've already tried to get in touch with the right people
> about this feature request, but failed. I'm willing to help designing and
> implementing this, but need guidance.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[GitHub] [maven-filtering] dependabot[bot] opened a new pull request, #33: Bump maven-shared-components from 34 to 36
dependabot[bot] opened a new pull request, #33: URL: https://github.com/apache/maven-filtering/pull/33 Bumps [maven-shared-components](https://github.com/apache/maven-parent) from 34 to 36. Release notes Sourced from https://github.com/apache/maven-parent/releases";>maven-shared-components's releases. 36 What's Changed [MPOM-300] switch from GA to ASF Matomo. by https://github.com/bmarwell";>@bmarwell in https://github-redirect.dependabot.com/apache/maven-parent/pull/58";>apache/maven-parent#58 [MPOM-308] Upgrade Maven PMD Plugin from 3.15.0 to 3.16.0 by https://github.com/slawekjaranowski";>@slawekjaranowski in https://github-redirect.dependabot.com/apache/maven-parent/pull/59";>apache/maven-parent#59 Bump taglist-maven-plugin from 2.4 to 3.0.0 by https://github.com/dependabot";>@dependabot in https://github-redirect.dependabot.com/apache/maven-parent/pull/45";>apache/maven-parent#45 Bump maven-jxr-plugin from 3.1.1 to 3.2.0 by https://github.com/dependabot";>@dependabot in https://github-redirect.dependabot.com/apache/maven-parent/pull/60";>apache/maven-parent#60 [MPOM-313] execute checkstyle in early phase of the build by https://github.com/olamy";>@olamy in https://github-redirect.dependabot.com/apache/maven-parent/pull/55";>apache/maven-parent#55 [MPOM-314] Upgrade modello-maven-plugin from 1.11 to 2.0.0 by https://github.com/slawekjaranowski";>@slawekjaranowski in https://github-redirect.dependabot.com/apache/maven-parent/pull/61";>apache/maven-parent#61 Bump apache from 25 to 26 by https://github.com/dependabot";>@dependabot in https://github-redirect.dependabot.com/apache/maven-parent/pull/62";>apache/maven-parent#62 New Contributors https://github.com/bmarwell";>@bmarwell made their first contribution in https://github-redirect.dependabot.com/apache/maven-parent/pull/58";>apache/maven-parent#58 https://github.com/olamy";>@olamy made their first contribution in https://github-redirect.dependabot.com/apache/maven-parent/pull/55";>apache/maven-parent#55 Full Changelog: https://github.com/apache/maven-parent/compare/maven-parent-35...maven-parent-36";>https://github.com/apache/maven-parent/compare/maven-parent-35...maven-parent-36 35 What's Changed docs: remove out of date comment by https://github.com/elharo";>@elharo in https://github-redirect.dependabot.com/apache/maven-parent/pull/8";>apache/maven-parent#8 [MPOM-252] remove broken mail list archives by https://github.com/elharo";>@elharo in https://github-redirect.dependabot.com/apache/maven-parent/pull/18";>apache/maven-parent#18 Bump plexus-utils from 3.1.0 to 3.3.0 by https://github.com/dependabot";>@dependabot in https://github-redirect.dependabot.com/apache/maven-parent/pull/13";>apache/maven-parent#13 Bump maven-toolchains-plugin from 1.1 to 3.0.0 by https://github.com/dependabot";>@dependabot in https://github-redirect.dependabot.com/apache/maven-parent/pull/10";>apache/maven-parent#10 Bump plexus-container-default from 1.0-alpha-30 to 2.1.0 by https://github.com/dependabot";>@dependabot in https://github-redirect.dependabot.com/apache/maven-parent/pull/11";>apache/maven-parent#11 Bump plexus-component-annotations from 2.0.0 to 2.1.0 by https://github.com/dependabot";>@dependabot in https://github-redirect.dependabot.com/apache/maven-parent/pull/15";>apache/maven-parent#15 Bump mavenPluginToolsVersion from 3.5.2 to 3.6.0 by https://github.com/dependabot";>@dependabot in https://github-redirect.dependabot.com/apache/maven-parent/pull/16";>apache/maven-parent#16 Bump modello-maven-plugin from 1.9.1 to 1.11 by https://github.com/dependabot";>@dependabot in https://github-redirect.dependabot.com/apache/maven-parent/pull/12";>apache/maven-parent#12 Bump maven-jxr-plugin from 2.5 to 3.0.0 by https://github.com/dependabot";>@dependabot in https://github-redirect.dependabot.com/apache/maven-parent/pull/9";>apache/maven-parent#9 Bump maven-pmd-plugin from 3.8 to 3.13.0 by https://github.com/dependabot";>@dependabot in https://github-redirect.dependabot.com/apache/maven-parent/pull/17";>apache/maven-parent#17 Bump maven-pmd-plugin from 3.14.0 to 3.15.0 by https://github.com/dependabot";>@dependabot in https://github-redirect.dependabot.com/apache/maven-parent/pull/28";>apache/maven-parent#28 [MPOM-268] - Removed unused property by https://github.com/khmarbaise";>@khmarbaise in https://github-redirect.dependabot.com/apache/maven-parent/pull/29";>apache/maven-parent#29 Bump mavenPluginToolsVersion from 3.6.0 to 3.6.1 by https://github.com/dependabot";>@dependabot in https://github-redirect.dependabot.com/apache/maven-parent/pull/25";>apache/maven-parent#25 [MPOM-270] Fix enforcer plugin by https://github.com/cstamas";>@cstamas in https://github-redirect.dependabot.com/apache/maven-parent/pull/32";>apache/maven-parent#32 [MPOM-271] Add "drop legacy dependencies" profile by https://github.com/cstam
[GitHub] [maven-filtering] dependabot[bot] commented on pull request #28: Bump maven-shared-components from 34 to 35
dependabot[bot] commented on PR #28: URL: https://github.com/apache/maven-filtering/pull/28#issuecomment-1116383287 Superseded by #33. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-filtering] dependabot[bot] closed pull request #28: Bump maven-shared-components from 34 to 35
dependabot[bot] closed pull request #28: Bump maven-shared-components from 34 to 35 URL: https://github.com/apache/maven-filtering/pull/28 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-mvnd] cstamas opened a new pull request, #635: Use "official" sisu-maven-plugin
cstamas opened a new pull request, #635: URL: https://github.com/apache/maven-mvnd/pull/635 Instead to pull in takari-lifecycle only to use one single mojo out of it (the index). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-mvnd] gnodet commented on pull request #635: Use "official" sisu-maven-plugin
gnodet commented on PR #635: URL: https://github.com/apache/maven-mvnd/pull/635#issuecomment-1116446254 Actually, I don't think using the plugin is a good idea. I'd rather use the situ-inject APT processor which should kick in by simply adding `sisu-inject` to the class path at compile scope. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-mvnd] gnodet commented on issue #628: make libmvndnative.* builds reproducible
gnodet commented on issue #628: URL: https://github.com/apache/maven-mvnd/issues/628#issuecomment-1116449875 @hboutemy this should be fixed if you want to have another look -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-mvnd] gnodet commented on issue #597: NPE
gnodet commented on issue #597: URL: https://github.com/apache/maven-mvnd/issues/597#issuecomment-1116468525 Can't reproduce. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-mvnd] gnodet closed issue #597: NPE
gnodet closed issue #597: NPE URL: https://github.com/apache/maven-mvnd/issues/597 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-mvnd] gnodet opened a new pull request, #636: Use sisu apt processor
gnodet opened a new pull request, #636: URL: https://github.com/apache/maven-mvnd/pull/636 This is a replacement for #635 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-script-interpreter] slachiewicz merged pull request #67: [MSHARED-1002] Require Java 8
slachiewicz merged PR #67: URL: https://github.com/apache/maven-script-interpreter/pull/67 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-script-interpreter] dependabot[bot] commented on pull request #70: Bump maven-project-info-reports-plugin from 3.2.2 to 3.3.0
dependabot[bot] commented on PR #70: URL: https://github.com/apache/maven-script-interpreter/pull/70#issuecomment-1116655165 Looks like org.apache.maven.plugins:maven-project-info-reports-plugin is no longer a dependency, so this is no longer needed. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-script-interpreter] dependabot[bot] closed pull request #70: Bump maven-project-info-reports-plugin from 3.2.2 to 3.3.0
dependabot[bot] closed pull request #70: Bump maven-project-info-reports-plugin from 3.2.2 to 3.3.0 URL: https://github.com/apache/maven-script-interpreter/pull/70 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (MSHARED-1002) Require Java 8
[ https://issues.apache.org/jira/browse/MSHARED-1002?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz updated MSHARED-1002: -- Fix Version/s: maven-script-interpreter-1.3 > Require Java 8 > -- > > Key: MSHARED-1002 > URL: https://issues.apache.org/jira/browse/MSHARED-1002 > Project: Maven Shared Components > Issue Type: Dependency upgrade > Components: maven-common-artifact-filters, maven-filtering, > maven-script-interpreter >Reporter: Sylwester Lachiewicz >Priority: Major > Fix For: maven-script-interpreter-1.3 > > -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Commented] (MSHARED-1002) Require Java 8
[ https://issues.apache.org/jira/browse/MSHARED-1002?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17531415#comment-17531415 ] Hudson commented on MSHARED-1002: - Build succeeded in Jenkins: Maven » Maven TLP » maven-script-interpreter » master #12 See https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven-script-interpreter/job/master/12/ > Require Java 8 > -- > > Key: MSHARED-1002 > URL: https://issues.apache.org/jira/browse/MSHARED-1002 > Project: Maven Shared Components > Issue Type: Dependency upgrade > Components: maven-common-artifact-filters, maven-filtering, > maven-script-interpreter >Reporter: Sylwester Lachiewicz >Priority: Major > Fix For: maven-script-interpreter-1.3 > > -- This message was sent by Atlassian Jira (v8.20.7#820007)
[GitHub] [maven-script-interpreter] slachiewicz merged pull request #68: [MSHARED-1068] Upgrade Groovy to 4.0.2
slachiewicz merged PR #68: URL: https://github.com/apache/maven-script-interpreter/pull/68 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-script-interpreter] slachiewicz commented on pull request #69: Bump maven-shared-components from 34 to 36
slachiewicz commented on PR #69: URL: https://github.com/apache/maven-script-interpreter/pull/69#issuecomment-1116661123 @dependabot rebase -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Assigned] (MSHARED-1068) Upgrade Groovy to 4.0.2
[ https://issues.apache.org/jira/browse/MSHARED-1068?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz reassigned MSHARED-1068: - Assignee: Sylwester Lachiewicz > Upgrade Groovy to 4.0.2 > --- > > Key: MSHARED-1068 > URL: https://issues.apache.org/jira/browse/MSHARED-1068 > Project: Maven Shared Components > Issue Type: Dependency upgrade > Components: maven-script-interpreter >Reporter: Sylwester Lachiewicz >Assignee: Sylwester Lachiewicz >Priority: Major > -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Updated] (MSHARED-1068) Upgrade Groovy to 4.0.2
[ https://issues.apache.org/jira/browse/MSHARED-1068?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz updated MSHARED-1068: -- Fix Version/s: maven-script-interpreter-1.3 > Upgrade Groovy to 4.0.2 > --- > > Key: MSHARED-1068 > URL: https://issues.apache.org/jira/browse/MSHARED-1068 > Project: Maven Shared Components > Issue Type: Dependency upgrade > Components: maven-script-interpreter >Reporter: Sylwester Lachiewicz >Assignee: Sylwester Lachiewicz >Priority: Major > Fix For: maven-script-interpreter-1.3 > > -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Closed] (MSHARED-1068) Upgrade Groovy to 4.0.2
[ https://issues.apache.org/jira/browse/MSHARED-1068?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sylwester Lachiewicz closed MSHARED-1068. - Resolution: Fixed > Upgrade Groovy to 4.0.2 > --- > > Key: MSHARED-1068 > URL: https://issues.apache.org/jira/browse/MSHARED-1068 > Project: Maven Shared Components > Issue Type: Dependency upgrade > Components: maven-script-interpreter >Reporter: Sylwester Lachiewicz >Assignee: Sylwester Lachiewicz >Priority: Major > Fix For: maven-script-interpreter-1.3 > > -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Commented] (MSHARED-1068) Upgrade Groovy to 4.0.2
[ https://issues.apache.org/jira/browse/MSHARED-1068?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17531418#comment-17531418 ] Hudson commented on MSHARED-1068: - Build succeeded in Jenkins: Maven » Maven TLP » maven-script-interpreter » master #13 See https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven-script-interpreter/job/master/13/ > Upgrade Groovy to 4.0.2 > --- > > Key: MSHARED-1068 > URL: https://issues.apache.org/jira/browse/MSHARED-1068 > Project: Maven Shared Components > Issue Type: Dependency upgrade > Components: maven-script-interpreter >Reporter: Sylwester Lachiewicz >Assignee: Sylwester Lachiewicz >Priority: Major > Fix For: maven-script-interpreter-1.3 > > -- This message was sent by Atlassian Jira (v8.20.7#820007)
[GitHub] [maven-script-interpreter] dependabot[bot] commented on pull request #69: Bump maven-shared-components from 34 to 36
dependabot[bot] commented on PR #69: URL: https://github.com/apache/maven-script-interpreter/pull/69#issuecomment-1116667143 Looks like org.apache.maven.shared:maven-shared-components is up-to-date now, so this is no longer needed. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [maven-script-interpreter] dependabot[bot] closed pull request #69: Bump maven-shared-components from 34 to 36
dependabot[bot] closed pull request #69: Bump maven-shared-components from 34 to 36 URL: https://github.com/apache/maven-script-interpreter/pull/69 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Comment Edited] (MNG-6026) Extend the Project Object Model (POM) with trust information (OpenPGP, hash values)
[
https://issues.apache.org/jira/browse/MNG-6026?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17529592#comment-17529592
]
Herve Boutemy edited comment on MNG-6026 at 5/4/22 6:02 AM:
[~monperrus], there is none and likely will not change before model version 5.
Part of it is now partially available with Maven Resolver 1.8.0 MRESOLVER-234:
{{org.eclipse.aether.internal.impl.FileProvidedChecksumsSource}}. You can
populate a directory with checksums and use them as provided for the items
being downloaded. It will have the same effect as you intend to have.
was (Author: michael-o):
[~monperrus], there is none and likely will not change before model version 5.
Part of it is now partially available with Maven Resolver 1.8.0:
{{org.eclipse.aether.internal.impl.FileProvidedChecksumsSource}}. You can
populate a directory with checksums and use them as provided for the items
being downloaded. It will have the same effect as you intend to have.
> Extend the Project Object Model (POM) with trust information (OpenPGP, hash
> values)
> ---
>
> Key: MNG-6026
> URL: https://issues.apache.org/jira/browse/MNG-6026
> Project: Maven
> Issue Type: New Feature
> Components: Core
>Reporter: Florian Schmaus
>Priority: Major
> Labels: artifact-verification, security
>
> The origin of this feature request is the Stackoverflow question
> ["Verification of dependency authenticity in Maven POM based automated build
> systems"|http://stackoverflow.com/a/34795359/194894], and [especially a SO
> user requesting me to put this
> up|http://stackoverflow.com/questions/3307146/verification-of-dependency-authenticy-in-maven-pom-based-automated-build-systems/34795359?noredirect=1#comment62178671_34795359].
> h2. Extend the Project Object Model (POM) with trust information (OpenPGP -
> RFC 4480 and hash values)
> What we need is the possibility to model a trust relation from your project
> or artifact to the declared dependencies. So that, if all involved parties
> declare such a relation, we are able to create a "chain of trust" from the
> root (e.g. the project) over its dependencies down to the very last
> transitive dependency. The Project Object Model (POM) needs to be extended by
> a element for dependencies.
> h3. Current Situation
> Right now we have something like
> {code:xml}
>
> junit
> junit
> 4.0
>
> {code}
> h3. Hard dependencies
> For hard dependencies, could include the sha256sum of artifact
> and its POM file:
> {code:xml}
>
> junit
> junit
> [4.0]
>
>
> [sha256 of junit pom file]
> [sha256sum of artifact (junit.jar)]
>
>
>
> {code}
> h3. Soft dependencies
> If soft. also called "ranged" or "dynamic", dependencies are used, then we
> could specify the public key (or multiple) of the keypair used to sign the
> artifacts
> {code:xml}
>
> junit
> junit
> [4.0,4.5)
>
> [secure fingerprint of OpenPGP key used to sign the junit
> artifact(s)]
>
>
>
> {code}
> I'm not sure if this is the right place to raise an feature request for the
> POM format itself. I've already tried to get in touch with the right people
> about this feature request, but failed. I'm willing to help designing and
> implementing this, but need guidance.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] [Created] (MSHADE-420) Reproducible Builds timestamp issue in some cases
Herve Boutemy created MSHADE-420:
Summary: Reproducible Builds timestamp issue in some cases
Key: MSHADE-420
URL: https://issues.apache.org/jira/browse/MSHADE-420
Project: Maven Shade Plugin
Issue Type: Bug
Affects Versions: 3.2.4
Reporter: Herve Boutemy
seen in Tika
https://github.com/jvm-repo-rebuild/reproducible-central/blob/master/content/org/apache/tika/tika-2.4.0.diffoscope
maven-shade-plugin 3.2.4 has an issue with timestamps in unexplained
circumstances:
why does 21-Nov-20 20:25 from reference become 21-Nov-21 01:25 in rebuild?
why does 20-May-14 07:15 from reference become 20-May-14 11:15 in rebuild?
{noformat}
21 / 44 target/reference/tika-parser-nlp-package-2.4.0.jar
tika-parsers/tika-parsers-ml/tika-parser-nlp-package/target/tika-parser-nlp-package-2.4.0.jar
--- target/reference/tika-parser-nlp-package-2.4.0.jar
+++
tika-parsers/tika-parsers-ml/tika-parser-nlp-package/target/tika-parser-nlp-package-2.4.0.jar
├── zipinfo {}
│ @@ -9868,1231 +9868,1231 @@
│ -rw 2.0 fat 2653 bl defN 22-Apr-08 17:41
schemas/wsdl/ws-addr-wsdl.xsd
│ -rw 2.0 fat 5591 bl defN 22-Apr-08 17:41 schemas/wsdl/ws-addr.xsd
│ -rw 2.0 fat 1606 bl defN 22-Apr-08 17:41 schemas/wsdl/wsdl.xjb
│ -rw 2.0 fat12126 bl defN 22-Apr-08 17:41 schemas/wsdl/wsdl.xsd
│ -rw 2.0 fat 8198 bl defN 22-Apr-08 17:41 schemas/wsdl/wsrm.xsd
│ -rw 2.0 fat 932 bl defN 22-Apr-08 17:41 schemas/wsdl/xmime.xsd
│ -rw 2.0 fat 5840 bl defN 22-Apr-08 17:41 schemas/wsdl/xml.xsd
│ --rw 2.0 fat0 bl defN 21-Nov-20 20:25
META-INF/maven/com.fasterxml.woodstox/
│ --rw 2.0 fat0 bl defN 21-Nov-20 20:25
META-INF/maven/com.fasterxml.woodstox/woodstox-core/
│ --rw 2.0 fat 70 bl defN 21-Nov-20 20:25
META-INF/maven/com.fasterxml.woodstox/woodstox-core/pom.properties
│ --rw 2.0 fat15917 bl defN 21-Nov-20 20:25
META-INF/maven/com.fasterxml.woodstox/woodstox-core/pom.xml
│ --rw 2.0 fat0 bl defN 21-Nov-20 20:25 com/ctc/
│ --rw 2.0 fat0 bl defN 21-Nov-20 20:25 com/ctc/wstx/
│ --rw 2.0 fat0 bl defN 21-Nov-20 20:25 com/ctc/wstx/api/
...
│ --rw 2.0 fat 722 bl defN 20-May-14 07:15
org/codehaus/stax2/validation/XMLValidationSchema.class
│ --rw 2.0 fat 7795 bl defN 20-May-14 07:15
org/codehaus/stax2/validation/XMLValidationSchemaFactory.class
│ --rw 2.0 fat 1801 bl defN 20-May-14 07:15
org/codehaus/stax2/validation/XMLValidator.class
│ +-rw 2.0 fat0 bl defN 21-Nov-21 01:25
META-INF/maven/com.fasterxml.woodstox/
│ +-rw 2.0 fat0 bl defN 21-Nov-21 01:25
META-INF/maven/com.fasterxml.woodstox/woodstox-core/
│ +-rw 2.0 fat 70 bl defN 21-Nov-21 01:25
META-INF/maven/com.fasterxml.woodstox/woodstox-core/pom.properties
│ +-rw 2.0 fat15917 bl defN 21-Nov-21 01:25
META-INF/maven/com.fasterxml.woodstox/woodstox-core/pom.xml
│ +-rw 2.0 fat0 bl defN 21-Nov-21 01:25 com/ctc/
│ +-rw 2.0 fat0 bl defN 21-Nov-21 01:25 com/ctc/wstx/
│ +-rw 2.0 fat0 bl defN 21-Nov-21 01:25 com/ctc/wstx/api/
...
│ +-rw 2.0 fat 722 bl defN 20-May-14 11:15
org/codehaus/stax2/validation/XMLValidationSchema.class
│ +-rw 2.0 fat 7795 bl defN 20-May-14 11:15
org/codehaus/stax2/validation/XMLValidationSchemaFactory.class
│ +-rw 2.0 fat 1801 bl defN 20-May-14 11:15
org/codehaus/stax2/validation/XMLValidator.class
│ -rw 2.0 fat0 bl defN 21-Sep-14 14:41
META-INF/maven/org.apache.ws.xmlschema/
│ -rw 2.0 fat0 bl defN 21-Sep-14 14:41
META-INF/maven/org.apache.ws.xmlschema/xmlschema-core/
│ -rw 2.0 fat 146 bl defN 21-Sep-14 14:41
META-INF/maven/org.apache.ws.xmlschema/xmlschema-core/pom.properties
│ -rw 2.0 fat 6857 bl defN 21-Sep-14 14:41
META-INF/maven/org.apache.ws.xmlschema/xmlschema-core/pom.xml
│ -rw 2.0 fat0 bl defN 21-Sep-14 14:41 org/apache/ws/
│ -rw 2.0 fat0 bl defN 21-Sep-14 14:41 org/apache/ws/commons/
│ -rw 2.0 fat0 bl defN 21-Sep-14 14:41
org/apache/ws/commons/schema/
{noformat}
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] [Created] (MARTIFACT-32) add new plugins issues/fixes
Herve Boutemy created MARTIFACT-32: -- Summary: add new plugins issues/fixes Key: MARTIFACT-32 URL: https://issues.apache.org/jira/browse/MARTIFACT-32 Project: Maven Artifact Plugin Issue Type: Improvement Affects Versions: 3.3.0 Reporter: Herve Boutemy Fix For: 3.3.1 -- This message was sent by Atlassian Jira (v8.20.7#820007)
[GitHub] [maven-release] hboutemy commented on pull request #118: Catch up
hboutemy commented on PR #118: URL: https://github.com/apache/maven-release/pull/118#issuecomment-1116971073 we need a MNG Jira issue with an update of every commit message to be able to track the change in the future -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (MSHADE-420) Reproducible Builds timestamp issue in some cases
[
https://issues.apache.org/jira/browse/MSHADE-420?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Herve Boutemy updated MSHADE-420:
-
Description:
seen in Tika
https://github.com/jvm-repo-rebuild/reproducible-central/blob/master/content/org/apache/tika/tika-2.4.0.diffoscope
maven-shade-plugin 3.2.4 has an issue with timestamps in unexplained
circumstances:
why does 21-Nov-20 20:25 from reference become 21-Nov-21 01:25 in rebuild?
why does 20-May-14 07:15 from reference become 20-May-14 11:15 in rebuild?
could be related to the timezone of the rebuilder?
{noformat}
21 / 44 target/reference/tika-parser-nlp-package-2.4.0.jar
tika-parsers/tika-parsers-ml/tika-parser-nlp-package/target/tika-parser-nlp-package-2.4.0.jar
--- target/reference/tika-parser-nlp-package-2.4.0.jar
+++
tika-parsers/tika-parsers-ml/tika-parser-nlp-package/target/tika-parser-nlp-package-2.4.0.jar
├── zipinfo {}
│ @@ -9868,1231 +9868,1231 @@
│ -rw 2.0 fat 2653 bl defN 22-Apr-08 17:41
schemas/wsdl/ws-addr-wsdl.xsd
│ -rw 2.0 fat 5591 bl defN 22-Apr-08 17:41 schemas/wsdl/ws-addr.xsd
│ -rw 2.0 fat 1606 bl defN 22-Apr-08 17:41 schemas/wsdl/wsdl.xjb
│ -rw 2.0 fat12126 bl defN 22-Apr-08 17:41 schemas/wsdl/wsdl.xsd
│ -rw 2.0 fat 8198 bl defN 22-Apr-08 17:41 schemas/wsdl/wsrm.xsd
│ -rw 2.0 fat 932 bl defN 22-Apr-08 17:41 schemas/wsdl/xmime.xsd
│ -rw 2.0 fat 5840 bl defN 22-Apr-08 17:41 schemas/wsdl/xml.xsd
│ --rw 2.0 fat0 bl defN 21-Nov-20 20:25
META-INF/maven/com.fasterxml.woodstox/
│ --rw 2.0 fat0 bl defN 21-Nov-20 20:25
META-INF/maven/com.fasterxml.woodstox/woodstox-core/
│ --rw 2.0 fat 70 bl defN 21-Nov-20 20:25
META-INF/maven/com.fasterxml.woodstox/woodstox-core/pom.properties
│ --rw 2.0 fat15917 bl defN 21-Nov-20 20:25
META-INF/maven/com.fasterxml.woodstox/woodstox-core/pom.xml
│ --rw 2.0 fat0 bl defN 21-Nov-20 20:25 com/ctc/
│ --rw 2.0 fat0 bl defN 21-Nov-20 20:25 com/ctc/wstx/
│ --rw 2.0 fat0 bl defN 21-Nov-20 20:25 com/ctc/wstx/api/
...
│ --rw 2.0 fat 722 bl defN 20-May-14 07:15
org/codehaus/stax2/validation/XMLValidationSchema.class
│ --rw 2.0 fat 7795 bl defN 20-May-14 07:15
org/codehaus/stax2/validation/XMLValidationSchemaFactory.class
│ --rw 2.0 fat 1801 bl defN 20-May-14 07:15
org/codehaus/stax2/validation/XMLValidator.class
│ +-rw 2.0 fat0 bl defN 21-Nov-21 01:25
META-INF/maven/com.fasterxml.woodstox/
│ +-rw 2.0 fat0 bl defN 21-Nov-21 01:25
META-INF/maven/com.fasterxml.woodstox/woodstox-core/
│ +-rw 2.0 fat 70 bl defN 21-Nov-21 01:25
META-INF/maven/com.fasterxml.woodstox/woodstox-core/pom.properties
│ +-rw 2.0 fat15917 bl defN 21-Nov-21 01:25
META-INF/maven/com.fasterxml.woodstox/woodstox-core/pom.xml
│ +-rw 2.0 fat0 bl defN 21-Nov-21 01:25 com/ctc/
│ +-rw 2.0 fat0 bl defN 21-Nov-21 01:25 com/ctc/wstx/
│ +-rw 2.0 fat0 bl defN 21-Nov-21 01:25 com/ctc/wstx/api/
...
│ +-rw 2.0 fat 722 bl defN 20-May-14 11:15
org/codehaus/stax2/validation/XMLValidationSchema.class
│ +-rw 2.0 fat 7795 bl defN 20-May-14 11:15
org/codehaus/stax2/validation/XMLValidationSchemaFactory.class
│ +-rw 2.0 fat 1801 bl defN 20-May-14 11:15
org/codehaus/stax2/validation/XMLValidator.class
│ -rw 2.0 fat0 bl defN 21-Sep-14 14:41
META-INF/maven/org.apache.ws.xmlschema/
│ -rw 2.0 fat0 bl defN 21-Sep-14 14:41
META-INF/maven/org.apache.ws.xmlschema/xmlschema-core/
│ -rw 2.0 fat 146 bl defN 21-Sep-14 14:41
META-INF/maven/org.apache.ws.xmlschema/xmlschema-core/pom.properties
│ -rw 2.0 fat 6857 bl defN 21-Sep-14 14:41
META-INF/maven/org.apache.ws.xmlschema/xmlschema-core/pom.xml
│ -rw 2.0 fat0 bl defN 21-Sep-14 14:41 org/apache/ws/
│ -rw 2.0 fat0 bl defN 21-Sep-14 14:41 org/apache/ws/commons/
│ -rw 2.0 fat0 bl defN 21-Sep-14 14:41
org/apache/ws/commons/schema/
{noformat}
was:
seen in Tika
https://github.com/jvm-repo-rebuild/reproducible-central/blob/master/content/org/apache/tika/tika-2.4.0.diffoscope
maven-shade-plugin 3.2.4 has an issue with timestamps in unexplained
circumstances:
why does 21-Nov-20 20:25 from reference become 21-Nov-21 01:25 in rebuild?
why does 20-May-14 07:15 from reference become 20-May-14 11:15 in rebuild?
{noformat}
21 / 44 target/reference/tika-parser-nlp-package-2.4.0.jar
tika-parsers/tika-parsers-ml/tika-parser-nlp-package/target/tika-parser-nlp-package-2.4.0.jar
--- target/reference/tika-parser-nlp-package-2.4.0.jar
+++
tika-parsers/tika-parsers-ml/tika-parser-nlp-package/target/tika-parser-nlp-package-2.4.0.jar
├── zipinfo {}
│ @@ -9868,1231 +9868,1231 @@
│ -rw-
