Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-50804

Block MRP from picking up incremental deps (was: Enforcer rules for incremental/snapshot deps)

    XMLWordPrintable

Details

    • Story
    • Status: Resolved (View Workflow)
    • Minor
    • Resolution: Fixed
    • plugin-pom
    • None

    Description

      Need Enforcer rules to be found or written, and then configured, so that:

      • When produce-incrementals, no snapshot dependencies (or plugins, etc.) are permitted.
      • When jenkins-release, no incremental dependencies are permitted in compile / provided / runtime scope.
        • Arguably there is no harm in test-scope dependencies or plugins being of an incremental version—consume-incrementals would still be active in a source checkout from scm/tag, and these versions are irrelevant if the POM is read from a repository.
        • Perhaps also block the parent POM from being of an incremental version, since it could affect downstream components which do not also consume-incrementals—at least unless upstream maybe-produce-incrementals, in which case flatten-maven-plugin would erase this anyway.

      Attachments

        Activity

          jglick Jesse Glick added a comment - - edited

          Given JEP-229, this should probably be closed, in favor of -P!consume-incrementals in release build environments.

          jglick Jesse Glick added a comment - - edited Given JEP-229, this should probably be closed, in favor of -P!consume-incrementals in release build environments.
          jglick Jesse Glick added a comment -

          When produce-incrementals, no snapshot dependencies (or plugins, etc.) are permitted.

          This already seems to work due to https://github.com/jenkinsci/plugin-pom/blob/ec78ae1af0b5365d8d17121f3d5be720acb87f13/pom.xml#L550-L570 which is activated in that mode. E.g. after mvn -f workflow-step-api-plugin -Pquick-build install and patching workflow-api-plugin

          diff --git pom.xml pom.xml
          index e93dcf5..bbbc862 100644
          --- pom.xml
          +++ pom.xml
          @@ -84,6 +84,7 @@
                   <dependency>
                       <groupId>org.jenkins-ci.plugins.workflow</groupId>
                       <artifactId>workflow-step-api</artifactId>
          +            <version>2.24-SNAPSHOT</version>
                   </dependency>
                   <dependency>
                       <groupId>org.jenkins-ci.plugins</groupId>
          

          then mvn validate succeeds but mvn validate -Dset.changelist -Dignore.dirt fails as expected:

          …
          [INFO] --- maven-enforcer-plugin:3.0.0-M3:enforce (no-snapshots-in-release) @ workflow-api ---
          [WARNING] Rule 0: org.apache.maven.plugins.enforcer.RequireReleaseDeps failed with message:
          No SNAPSHOT versions are allowed for releases
          Found Banned Dependency: org.jenkins-ci.plugins.workflow:workflow-step-api:jar:2.24-SNAPSHOT
          Use 'mvn dependency:tree' to locate the source of the banned dependencies.
          [INFO] ------------------------------------------------------------------------
          [INFO] BUILD FAILURE
          [INFO] ------------------------------------------------------------------------
          [INFO] Total time:  2.498 s
          [INFO] Finished at: 2021-06-02T17:09:49-04:00
          [INFO] ------------------------------------------------------------------------
          [ERROR] Failed to execute goal org.apache.maven.plugins:maven-enforcer-plugin:3.0.0-M3:enforce (no-snapshots-in-release) on project workflow-api: Some Enforcer rules have failed. Look above for specific messages explaining why the rule failed. -> [Help 1]
          …
          
          jglick Jesse Glick added a comment - When produce-incrementals , no snapshot dependencies (or plugins, etc.) are permitted. This already seems to work due to https://github.com/jenkinsci/plugin-pom/blob/ec78ae1af0b5365d8d17121f3d5be720acb87f13/pom.xml#L550-L570 which is activated in that mode. E.g. after mvn -f workflow-step-api-plugin -Pquick-build install and patching workflow-api-plugin diff --git pom.xml pom.xml index e93dcf5..bbbc862 100644 --- pom.xml +++ pom.xml @@ -84,6 +84,7 @@ <dependency> <groupId> org.jenkins-ci.plugins.workflow </groupId> <artifactId> workflow-step-api </artifactId> + <version> 2.24-SNAPSHOT </version> </dependency> <dependency> <groupId> org.jenkins-ci.plugins </groupId> then mvn validate succeeds but mvn validate -Dset.changelist -Dignore.dirt fails as expected: … [INFO] --- maven-enforcer-plugin:3.0.0-M3:enforce (no-snapshots-in-release) @ workflow-api --- [WARNING] Rule 0: org.apache.maven.plugins.enforcer.RequireReleaseDeps failed with message: No SNAPSHOT versions are allowed for releases Found Banned Dependency: org.jenkins-ci.plugins.workflow:workflow-step-api:jar:2.24-SNAPSHOT Use 'mvn dependency:tree' to locate the source of the banned dependencies. [INFO] ------------------------------------------------------------------------ [INFO] BUILD FAILURE [INFO] ------------------------------------------------------------------------ [INFO] Total time: 2.498 s [INFO] Finished at: 2021-06-02T17:09:49-04:00 [INFO] ------------------------------------------------------------------------ [ERROR] Failed to execute goal org.apache.maven.plugins:maven-enforcer-plugin:3.0.0-M3:enforce (no-snapshots-in-release) on project workflow-api: Some Enforcer rules have failed. Look above for specific messages explaining why the rule failed. -> [Help 1] …

          People

            jglick Jesse Glick
            jglick Jesse Glick
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: