-
Notifications
You must be signed in to change notification settings - Fork 199
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
support for dependency report to include artifact publish date #398
Comments
Sure, PRs are very much appreciated. |
@ben-manes, took a few hours to write up my first draft of groovy script to do this. Now, I see why you did not do this :), there is no way to get a project artifact publish timestamp, I ended up using a maven SOLR search API to get what I wanted. Can get similar info to find how many releases were done since current release. If this approach looks okay, I can clean up and send a PR with some tests. krishna81m@6ec715d#diff-fc7f993a4dcd591abca59fe0914bf71cR371 |
Unfortunately that's problematic since publishing to alternative repositories is quite common. Sometimes artifacts migrate from Central to JCenter, or similar, so it becomes error prone. If maven included the timestamps as part of its metadata then maybe we could extract that, but otherwise I think this be too brittle. What do you think of breadcrumbs (#69) instead? That could be obtained much simpler, e.g. split the version string into parts of as |
Completely agree not sticking to a repo, this was just a POC, this could be a list of repositories that user can choose in the order of preference and enabling this slow feature based on a property. AFAIK, checking maven repository files again, there is nothing other than lastUpdated timestamps https://repository.membrane-soa.org/content/groups/public/.lastUpdated=1587873698040. Whatever maven metadata gives you should be coming from here once they are cached locally. Let me check if other repositories have something similar like maven central search. Right now, I wrote a script that already does dates and total versions in between, something like below to find versions and dates using mvnrepository.com html parsing which is worse than official maven central search APIs that can give all of this information. Sure, a modified breadcrumb that can adjust to a fixed width if there are too many would be a great idea. Current script:
|
Any direct http call will get messy. For example,
There is also a quirk in lastUpdate being unreliable due to using local time or not being updated by the deployer. The POC is a really nice idee, but I'm afraid its hard to generalize |
yep agreed, cannot find publish timestamp, just versioning and build timestamps, in the maven-artifact artifact. Did grep its source code for anything of interest: https://github.com/apache/maven-plugins Nothing in the core artifact classes either: |
Closing since this seems too tricky to capture reliably. |
Just completed writing a script for our legacy Monolith that basically uses artifact publish date to get an idea how old a library is from current version date as well as how many releases behind it is. Then came across this plugin on stackoverflow and wondered if it would be a great addition to include current version release date and the latest release version date in the report.
https://repo.maven.apache.org/maven2/org/springframework/spring-aop/
https://mvnrepository.com/artifact/org.springframework/spring-aop/latest
Can try and submit a PR as well.
The text was updated successfully, but these errors were encountered: