Target Platform for 3rd parties: Orbit vs Maven #2133
Comments
|
Note that Oomph now does support including a normal *.target into a Targlet container and that target can contain Maven dependencies. This work was funding by https://www.diamond.ac.uk/ The approach I described in the forum will allow Maven dependencies in a centrally managed *.target file (along with distributed managed additional *.target files from SimRel projects) to be used to generate a normal p2 repository that can be consumed in the normal way exactly as you are currently consuming from Orbit. Mind you, the artifacts are PGP-signed, not jar-signed. Will that address all your concerns? |
|
@merks with orbit i had that impression that projects are "encouraged" to repackage their dependencies into their own repo. now when i will repackage the pgp signed stuff from the "new pgp signed orbit", will these become pgp signed automatically (just copy over the original signing info) or will they be unsigned and thus we have to care about signing again (point 4 in my list) will do some experiments on this |
|
The PGP key and signature are properties on the artifact, e.g., The underlying p2 infrastructure used by Tycho (a Tycho version that uses at least the 2022-03 release before which the PGP support was broken) and for installing or mirroring will transfer these properties from the source to the target. So yes, I do expect PGP signatures and keys to "follow" the artifact and that definitely generally works, e.g., the SimRel aggregator does nothing special to transfer the PGP key and signature properties, relying on p2 to do that.... |
|
And yes, the goal here is to provide something such that downstream consumers can avoid needing to do PGP signing and such that it's easy to provide downstream consumers with additional dependencies upon request, with an overall goal to be easier/cheaper to maintain than is currently the case for Orbit. |
|
is there an easy way to check if a p2 repo has valid pgp signature for a certain artifact? |
|
Open the artifacts.jar/artifacts.xml.xz and the artifacts.xml inside that. Find the |
|
@cdietrich, what I'm willing to try to do is, as I proposed in the past, switch entirely to Maven/Tycho. In my experience, that should simplify lots of our building parts, not to mention that the p2 repositories generated will not have the problems we have experienced lately. Also, my projects (both the official Eclipse projects and other projects I maintain) have an involved build structure, which I can easily manage with Maven/Tycho. I'm willing to do that as long as there's interest from the Xtext committers. |
|
@LorenzoBettini i am not sticking to any technology here as long as we are still compatibly consumable from pure maven and gradle builds and thus wont break these clients. @szarnekow i assume you would be fine with pure tycho builds as well. |
|
I can also help with pure Tycho builds having setup and maintained a large number of them over the past years. |
Yes, my artifacts are available from p2 repositories and Maven central. (everything signed, of course). I typically deploy to Maven central artifacts without the build qualifier (e.g., 2.12.1), while on p2 repositories, I leave the full build qualifier (e.g., 2.12.1.v202212...blah blah). But that's just my design choice. |
|
regardning repackaging looks good with tycho 2.7.5 and tycho 3.0.1: https://github.com/cdietrich/repackage-pgp-signed-stuff-experiments |
Absolutely. I'd go even a step further:: If things get simpler by merging everything into a single repo, I'm willing to do that, too. |
I didn't dare to say that, but I'd love to try that one as well :) |
|
FYI, I merged the EMF and XSD repositories, preserving the history. It wasn't so hard... |
|
the question is, how to stack the stuff on each other, |
|
Yes, that could be a possible workflow. @merks, how have you implemented merging?
|
|
I needed some help at the end from the webmaster: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/2444 As mentioned there, I followed these simple instructions which sounds like what you are describing: https://jeffkreeftmeijer.com/git-combine/ It was way simpler than I though it would be... Also this helped simplify the build so I am able to use a multi-branch pipeline: https://ci.eclipse.org/emf/job/build/ I also got rid of EMF's specialized site promoter/generator and reused the JustJ-provided one instead. |
|
i guess we can start experimenting with core, then we might see what makes problems and what works |
do you mean to experiment with Maven/Tycho with "core" or to try to merge "core" with another Git repository? |
|
experiment with tycho |
@merks this means however that Oomph cannot yet support Maven coordinates (as we do in the .target files) directly, is that right?
Could you please point me to the forum post you're mentioning? In general, would you suggest switching to target files in Oomph as well? |
|
Sorry I thought I had added a link to the Bugzilla that has a PDF attachment with documentation https://bugs.eclipse.org/bugs/show_bug.cgi?id=580054 WindowBuilder uses it: https://github.com/eclipse/windowbuilder/blob/master/setups/WindowBuilder.setup This target https://github.com/eclipse/windowbuilder/blob/master/target-platform/wb.target Includes this target: https://github.com/eclipse/windowbuilder/blob/master/target-platform/mvn/wb-mvn.target And that one is also used by Oomph's targlets. I had to add this task So that the wb-mvn.target is available in the workspace for use here: I'm hoping get what I described on cross-projects working over the weekend, in which case I could just add what you need so that it's in a regular p2 repository. Is there something specifically that you needed that's not also used directly by the platform? |
|
@merks thanks for the answer and sorry for my delay. While porting Xtext projects to Maven/Tycho there were a few projects that needed dependencies not available from Orbit and as a first attempt, I used Maven dependencies in the .target file. Later, I realized that for those specific (test) projects, I could go completely Maven (no PDE), so dependencies are taken directly from Maven Central. So for the moment the .target only contains p2 units. |
|
This this available, I think all is prepared: https://download.eclipse.org/oomph/simrel-orbit/ I'm not sure what's left to do for this issue.... |
Target Platform for 3rd parties: Orbit vs Maven
what happens if orbit is discontinued
problems / knowledge gaps for maven dependencies in target
(maybe https://docs.google.com/document/d/1dl10ia092X5hN1qfKoHYvriCNM-iBqiOkfjnntxaBbk/edit ?!? - is there a better documentation or example somewhere?)
The text was updated successfully, but these errors were encountered: