New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

9.1.3.0 and 9.1.4.0 have a -SNAPSHOT dependency #4135

Closed
chrisseaton opened this Issue Sep 6, 2016 · 13 comments

Comments

Projects
None yet
4 participants
@chrisseaton
Contributor

chrisseaton commented Sep 6, 2016

@chrisseaton chrisseaton added this to the JRuby 9.1.5.0 milestone Sep 6, 2016

@headius

This comment has been minimized.

Show comment
Hide comment
@headius

headius Sep 6, 2016

Member

Boo...I though Sonatype was supposed to catch this sort of thing. https://issues.sonatype.org/browse/OSSRH-24828

More motivation for another quick-flip release.

Member

headius commented Sep 6, 2016

Boo...I though Sonatype was supposed to catch this sort of thing. https://issues.sonatype.org/browse/OSSRH-24828

More motivation for another quick-flip release.

@mosabua

This comment has been minimized.

Show comment
Hide comment
@mosabua

mosabua Sep 6, 2016

I am not sure how your build works totally but typically you can catch this with using the Maven release plugin (can be a PITA.. I know).

Alternatively for a more lightweight check you could add the enforcer plugin invocation to your release profile.

http://maven.apache.org/enforcer/enforcer-rules/requireReleaseDeps.html

mosabua commented Sep 6, 2016

I am not sure how your build works totally but typically you can catch this with using the Maven release plugin (can be a PITA.. I know).

Alternatively for a more lightweight check you could add the enforcer plugin invocation to your release profile.

http://maven.apache.org/enforcer/enforcer-rules/requireReleaseDeps.html

@headius

This comment has been minimized.

Show comment
Hide comment
@headius

headius Sep 6, 2016

Member

Thank you for the suggestions, @mosabua!

Our release is rather complicated (almost a dozen different artifacts, submodules, etc) so the release plugin may not work for us. Adding a lightweight plugin to check it probably will work out better.

@mkristian what do you think?

Member

headius commented Sep 6, 2016

Thank you for the suggestions, @mosabua!

Our release is rather complicated (almost a dozen different artifacts, submodules, etc) so the release plugin may not work for us. Adding a lightweight plugin to check it probably will work out better.

@mkristian what do you think?

@chrisseaton

This comment has been minimized.

Show comment
Hide comment
@chrisseaton

chrisseaton Sep 6, 2016

Contributor

If we just need to solve the problem, a grep of pom.rb for SNAPSHOT would have caught this. Could that go into whatever scripts you have for deploying.

Contributor

chrisseaton commented Sep 6, 2016

If we just need to solve the problem, a grep of pom.rb for SNAPSHOT would have caught this. Could that go into whatever scripts you have for deploying.

@headius

This comment has been minimized.

Show comment
Hide comment
@headius

headius Sep 6, 2016

Member

It appears we do have this plugin in the root poms, but perhaps it's not properly getting enabled for a non-snapshot release:

/pom.rb

    unless model.version =~ /-SNAPSHOT/
       #rules[:requireReleaseDeps] = { :message => 'No Snapshots Allowed!' }
    end
    plugin :enforcer, '1.4' do
      execute_goal :enforce, :rules => rules
    end

@chrisseaton I certainly wouldn't consider it a solution if we have to add more manual steps...and it's probably not a very good solution if we have to add something to @enebo's scripts when we should be shrinking them.

This really should be automated by either Maven itself or by Sonatype OSSRH. It's never correct for a maven-central jar to be released with snapshot deps.

Member

headius commented Sep 6, 2016

It appears we do have this plugin in the root poms, but perhaps it's not properly getting enabled for a non-snapshot release:

/pom.rb

    unless model.version =~ /-SNAPSHOT/
       #rules[:requireReleaseDeps] = { :message => 'No Snapshots Allowed!' }
    end
    plugin :enforcer, '1.4' do
      execute_goal :enforce, :rules => rules
    end

@chrisseaton I certainly wouldn't consider it a solution if we have to add more manual steps...and it's probably not a very good solution if we have to add something to @enebo's scripts when we should be shrinking them.

This really should be automated by either Maven itself or by Sonatype OSSRH. It's never correct for a maven-central jar to be released with snapshot deps.

@mosabua

This comment has been minimized.

Show comment
Hide comment
@mosabua

mosabua Sep 6, 2016

You really just have to figure out there is no "-SNAPSHOT" version string. The "Maven way" to work around this is to use the release plugin or the enforcer rule. It seems you are already using it but the usage of the requireReleaseDeps rule is deactivated if I see this correctly from the snippet.

mosabua commented Sep 6, 2016

You really just have to figure out there is no "-SNAPSHOT" version string. The "Maven way" to work around this is to use the release plugin or the enforcer rule. It seems you are already using it but the usage of the requireReleaseDeps rule is deactivated if I see this correctly from the snippet.

@headius

This comment has been minimized.

Show comment
Hide comment
@headius

headius Sep 6, 2016

Member

@mosabua Yes, this rule should end up being enabled when we switch to a non-SNAPSHOT release version for JRuby itself, but that doesn't appear to be triggering.

Member

headius commented Sep 6, 2016

@mosabua Yes, this rule should end up being enabled when we switch to a non-SNAPSHOT release version for JRuby itself, but that doesn't appear to be triggering.

@headius

This comment has been minimized.

Show comment
Hide comment
@headius

headius Sep 6, 2016

Member

@mosabua Sorry, I understand what you were saying...we have the rules commented out. We'll see if we can set up a better version of this that uses Maven profiles instead.

Member

headius commented Sep 6, 2016

@mosabua Sorry, I understand what you were saying...we have the rules commented out. We'll see if we can set up a better version of this that uses Maven profiles instead.

@headius

This comment has been minimized.

Show comment
Hide comment
@headius

headius Sep 6, 2016

Member

I modified the "release" profile to enable (unconditionally) the enforcer, and that appears to work without breaking non-release SNAPSHOT builds of JRuby.

I'll go with this but still need buy-in from @mkristian and @enebo.

diff --git a/pom.rb b/pom.rb
index 50c8e69..065be87 100644
--- a/pom.rb
+++ b/pom.rb
@@ -122,12 +122,6 @@ project 'JRuby', 'https://github.com/jruby/jruby' do
     plugin :jar, '2.6'

     rules = { :requireMavenVersion => { :version => '[3.3.0,)' } }
-    unless model.version =~ /-SNAPSHOT/
-       #rules[:requireReleaseDeps] = { :message => 'No Snapshots Allowed!' }
-    end
-    plugin :enforcer, '1.4' do
-      execute_goal :enforce, :rules => rules
-    end

     plugin :compiler, '3.3'
     plugin :shade, '2.4.3'
@@ -276,6 +270,9 @@ project 'JRuby', 'https://github.com/jruby/jruby' do
   end

   profile 'release' do
+    plugin :enforcer, '1.4' do
+      execute_goal :enforce, :rules => { requireReleaseDeps: { :message => 'No Snapshots Allowed!' } }
+    end
     modules [ 'truffle', 'test', 'maven' ]
     properties 'invoker.skip' => true
   end

Output:

...
[INFO] --- maven-enforcer-plugin:1.4:enforce (enforce-maven) @ jruby-core ---
[INFO] 
[INFO] --- maven-enforcer-plugin:1.4:enforce (default) @ jruby-core ---
[WARNING] Rule 0: org.apache.maven.plugins.enforcer.RequireReleaseDeps failed with message:
No Snapshots Allowed!
Found Banned Dependency: com.github.jnr:jnr-constants:jar:0.9.3-SNAPSHOT
Use 'mvn dependency:tree' to locate the source of the banned dependencies.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO] 
[INFO] JRuby .............................................. SUCCESS [  1.515 s]
[INFO] JRuby Core ......................................... FAILURE [  1.257 s]
[INFO] JRuby Lib Setup .................................... SKIPPED
...
Member

headius commented Sep 6, 2016

I modified the "release" profile to enable (unconditionally) the enforcer, and that appears to work without breaking non-release SNAPSHOT builds of JRuby.

I'll go with this but still need buy-in from @mkristian and @enebo.

diff --git a/pom.rb b/pom.rb
index 50c8e69..065be87 100644
--- a/pom.rb
+++ b/pom.rb
@@ -122,12 +122,6 @@ project 'JRuby', 'https://github.com/jruby/jruby' do
     plugin :jar, '2.6'

     rules = { :requireMavenVersion => { :version => '[3.3.0,)' } }
-    unless model.version =~ /-SNAPSHOT/
-       #rules[:requireReleaseDeps] = { :message => 'No Snapshots Allowed!' }
-    end
-    plugin :enforcer, '1.4' do
-      execute_goal :enforce, :rules => rules
-    end

     plugin :compiler, '3.3'
     plugin :shade, '2.4.3'
@@ -276,6 +270,9 @@ project 'JRuby', 'https://github.com/jruby/jruby' do
   end

   profile 'release' do
+    plugin :enforcer, '1.4' do
+      execute_goal :enforce, :rules => { requireReleaseDeps: { :message => 'No Snapshots Allowed!' } }
+    end
     modules [ 'truffle', 'test', 'maven' ]
     properties 'invoker.skip' => true
   end

Output:

...
[INFO] --- maven-enforcer-plugin:1.4:enforce (enforce-maven) @ jruby-core ---
[INFO] 
[INFO] --- maven-enforcer-plugin:1.4:enforce (default) @ jruby-core ---
[WARNING] Rule 0: org.apache.maven.plugins.enforcer.RequireReleaseDeps failed with message:
No Snapshots Allowed!
Found Banned Dependency: com.github.jnr:jnr-constants:jar:0.9.3-SNAPSHOT
Use 'mvn dependency:tree' to locate the source of the banned dependencies.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO] 
[INFO] JRuby .............................................. SUCCESS [  1.515 s]
[INFO] JRuby Core ......................................... FAILURE [  1.257 s]
[INFO] JRuby Lib Setup .................................... SKIPPED
...

headius added a commit that referenced this issue Sep 6, 2016

Unconditionally enable maven enforcer in release profile.
This will prevent issues like #4135 from happening in the future.
@headius

This comment has been minimized.

Show comment
Hide comment
@headius

headius Sep 6, 2016

Member

I have released jnr-constants 0.9.3 to central, so we can fix our dep once it propagates.

I've also committed my patch (plus the mistakenly-removed maven version constraint) and pushed to the test_enforcer branch.

Member

headius commented Sep 6, 2016

I have released jnr-constants 0.9.3 to central, so we can fix our dep once it propagates.

I've also committed my patch (plus the mistakenly-removed maven version constraint) and pushed to the test_enforcer branch.

@mosabua

This comment has been minimized.

Show comment
Hide comment
@mosabua

mosabua Sep 6, 2016

I am glad it works @headius and I could provide some help.

mosabua commented Sep 6, 2016

I am glad it works @headius and I could provide some help.

@headius headius closed this in 1ed8422 Sep 6, 2016

@headius

This comment has been minimized.

Show comment
Hide comment
@headius

headius Sep 6, 2016

Member

This issue is fixed by getting jnr-constants 0.9.3 release out and using it in the build in 1ed8422. After review, we will also merge in #4137 to hopefully prevent this happening again.

Member

headius commented Sep 6, 2016

This issue is fixed by getting jnr-constants 0.9.3 release out and using it in the build in 1ed8422. After review, we will also merge in #4137 to hopefully prevent this happening again.

@mkristian

This comment has been minimized.

Show comment
Hide comment
@mkristian

mkristian Sep 7, 2016

Member

@headius the release plugin does not work with our pom.rb and did cause strange problems in the beginning using maven for jruby. so I think you guys have found the best solution :)

Member

mkristian commented Sep 7, 2016

@headius the release plugin does not work with our pom.rb and did cause strange problems in the beginning using maven for jruby. so I think you guys have found the best solution :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment