Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Repositories to resolve Maven artifacts from seem to be tampered with #454

Closed
2 of 5 tasks
sschuberth opened this issue Feb 17, 2023 · 4 comments
Closed
2 of 5 tasks

Repositories to resolve Maven artifacts from seem to be tampered with #454

sschuberth opened this issue Feb 17, 2023 · 4 comments
Labels
bug Something isn't working

Comments

@sschuberth
Copy link

Description:

In our tests that we run in GitHub actions that use setup-java we verify the full URLs where artifacts in Maven / Gradle test projects have been resolved from (as our project is about dependency analysis).

With a recent change that fixes the order of Maven repositories to search for artifacts on our side, we realized that the new expected test results fail on GitHub actions while the same tests pass locally (tested on Windows, Linux, Docker).

So it seems that it's probably setup-java that's somehow tampering with Maven artifact resolution. As a Maven settings.xml takes precedence over repositories declared in POMs, I added a commit to my PR that should avoid setup-java to write a settings.xml, but the issue remains.

Task version:

actions/setup-java@v3

Platform:

  • Ubuntu
  • macOS
  • Windows

Runner type:

  • Hosted
  • Self-hosted

Repro steps:

See the GradleKotlinScriptFunTest and SbtFunTest test failures in https://github.com/oss-review-toolkit/ort/actions/runs/4196901639/jobs/7278510514.

Expected behavior:

All dependencies for the Gradle test project used by GradleKotlinScriptFunTest should be resolved from JCenter.

Actual behavior:

Only on GitHub actions with setup-java, dependencies are resolved from Maven Central instead of JCenter, e.g from

https://repo.maven.apache.org/maven2/org/jetbrains/annotations/13.0/annotations-13.0.jar

instead of the expected

https://jcenter.bintray.com/org/jetbrains/annotations/13.0/annotations-13.0.jar
@sschuberth sschuberth added bug Something isn't working needs triage labels Feb 17, 2023
@sschuberth sschuberth mentioned this issue Feb 17, 2023
Merged
@IvanZosimov
Copy link
Contributor

Hi, @sschuberth, thank for the issue, we will take a look at it and get back to you with updates.

@sschuberth
Copy link
Author

I'm pretty certain by now that it's not (only) setup-java's fault, as I cannot reproduce the issue with a small test project that I created who's Gradle build scan proves that artifacts were resolved from JCenter. Also, when running GradleKotlinScriptFunTest in our original project outside of Docker, the test passes. I'll do some more test to double-check and will eventually close this issue.

@sschuberth
Copy link
Author

I'm now confident that the issue is not with setup-java, sorry for the noise!

@sschuberth sschuberth closed this as not planned Won't fix, can't repro, duplicate, stale Feb 20, 2023
@IvanZosimov
Copy link
Contributor

@sschuberth, thanks for your feedback ❤️

@snyk-bot snyk-bot mentioned this issue Mar 6, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sschuberth @IvanZosimov