Details
-
Story
-
Status: Resolved (View Workflow)
-
Minor
-
Resolution: Fixed
-
None
Description
Need Enforcer rules to be found or written, and then configured, so that:
- When produce-incrementals, no snapshot dependencies (or plugins, etc.) are permitted.
- When jenkins-release, no incremental dependencies are permitted in compile / provided / runtime scope.
- Arguably there is no harm in test-scope dependencies or plugins being of an incremental version—consume-incrementals would still be active in a source checkout from scm/tag, and these versions are irrelevant if the POM is read from a repository.
- Perhaps also block the parent POM from being of an incremental version, since it could affect downstream components which do not also consume-incrementals—at least unless upstream maybe-produce-incrementals, in which case flatten-maven-plugin would erase this anyway.
Attachments
Issue Links
Activity
| Field | Original Value | New Value |
|---|---|---|
| Epic Link |
|
| Assignee | Jesse Glick [ jglick ] |
| Link | This issue relates to INFRA-2821 [ INFRA-2821 ] |
| Remote Link | This issue links to "jenkins-maven-cd-action #3 (Web Link)" [ 26477 ] |
When produce-incrementals, no snapshot dependencies (or plugins, etc.) are permitted.
This already seems to work due to https://github.com/jenkinsci/plugin-pom/blob/ec78ae1af0b5365d8d17121f3d5be720acb87f13/pom.xml#L550-L570 which is activated in that mode. E.g. after mvn -f workflow-step-api-plugin -Pquick-build install and patching workflow-api-plugin
diff --git pom.xml pom.xml
index e93dcf5..bbbc862 100644
--- pom.xml
+++ pom.xml
@@ -84,6 +84,7 @@
<dependency>
<groupId>org.jenkins-ci.plugins.workflow</groupId>
<artifactId>workflow-step-api</artifactId>
+ <version>2.24-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>org.jenkins-ci.plugins</groupId>
then mvn validate succeeds but mvn validate -Dset.changelist -Dignore.dirt fails as expected:
… [INFO] --- maven-enforcer-plugin:3.0.0-M3:enforce (no-snapshots-in-release) @ workflow-api --- [WARNING] Rule 0: org.apache.maven.plugins.enforcer.RequireReleaseDeps failed with message: No SNAPSHOT versions are allowed for releases Found Banned Dependency: org.jenkins-ci.plugins.workflow:workflow-step-api:jar:2.24-SNAPSHOT Use 'mvn dependency:tree' to locate the source of the banned dependencies. [INFO] ------------------------------------------------------------------------ [INFO] BUILD FAILURE [INFO] ------------------------------------------------------------------------ [INFO] Total time: 2.498 s [INFO] Finished at: 2021-06-02T17:09:49-04:00 [INFO] ------------------------------------------------------------------------ [ERROR] Failed to execute goal org.apache.maven.plugins:maven-enforcer-plugin:3.0.0-M3:enforce (no-snapshots-in-release) on project workflow-api: Some Enforcer rules have failed. Look above for specific messages explaining why the rule failed. -> [Help 1] …
| Remote Link | This issue links to "plugin-pom #416 (Web Link)" [ 26762 ] |
| Remote Link | This issue links to "pom #172 (Web Link)" [ 26763 ] |
| Assignee | Jesse Glick [ jglick ] |
| Status | Open [ 1 ] | In Progress [ 3 ] |
| Status | In Progress [ 3 ] | In Review [ 10005 ] |
| Summary | Enforcer rules for incremental/snapshot deps | Block MRP from picking up incremental deps (was: Enforcer rules for incremental/snapshot deps) |
| Resolution | Fixed [ 1 ] | |
| Status | In Review [ 10005 ] | Fixed but Unreleased [ 10203 ] |
| Status | Fixed but Unreleased [ 10203 ] | Resolved [ 5 ] |
Given JEP-229, this should probably be closed, in favor of -P!consume-incrementals in release build environments.