Route Maven through Moderne Artifactory cache to avoid HTTP 429#1096
Merged
Conversation
Maven Central has started rate-limiting parallel test resolution (HTTP 429), failing CI across recipe repos. Inline the same mirror configuration used by moderneinc/rewrite-java-security: route `mirrorOf: "*"` through artifactory.moderne.ninja's moderne-cache-3 via s4u/maven-settings-action, and set REWRITE_GRADLE_MIRROR_* on the build/publish steps so Gradle resolution goes through the cache too. This replaces the call into openrewrite/gh-automation's reusable ci-gradle.yml / publish-gradle.yml workflows with their composite actions called inline, which is the bypass pattern the reusable workflow explicitly recommends for consumers that need a mirror.
The five other JSpecify recipes in this file pin to 1.0.0; this one used `latest.release`, which now resolves to `1.0.0.redhat-00001` through the Moderne Artifactory cache mirror, breaking JSpecifyBestPracticesTest.
timtebeek
added a commit
that referenced
this pull request
May 15, 2026
…1101) `classpathFromResources("sun.internal.new")` uses `Pattern.compile(artifactName + ".*")` to match against artifact-version strings in both `META-INF/rewrite/classpath.tsv.gz` type tables and JAR files under `META-INF/rewrite/classpath/`. Since `.` is a regex wildcard, the prefix `sun.internal.new` can match unrelated artifacts, and the static `TypeTable.classesDirByArtifact` cache can cause the local JAR fallback to be skipped depending on test ordering and what type tables happen to be on the runtime classpath. After #1096 routed Maven resolution through Moderne's Artifactory cache mirror, the four type-attribution-sensitive `IBMSemeruTest` cases started failing on every scheduled CI run with "LST contains missing or invalid type information". Loading the JAR directly via `classpath(Collection<Path>)` and a `getResource` lookup bypasses both the regex matching and the shared static cache, so the IBM JSSE stub classes are always available to the parser. Fixes #1100
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
https://repo.maven.apache.org/maven2: HTTP 429— Maven Central is rate-limiting parallel test resolution.moderneinc/rewrite-java-securityuses successfully today: route all Maven resolution throughhttps://artifactory.moderne.ninja/artifactory/moderne-cache-3/vias4u/maven-settings-action, and setREWRITE_GRADLE_MIRROR_*env vars on the Gradle build / publish steps.openrewrite/gh-automation's reusableci-gradle.yml/publish-gradle.ymlwith their composite actions invoked inline — the bypass pattern the reusable workflow explicitly recommends for consumers that need a mirror.Test plan
s4u/maven-settings-actionstep ranHTTP 429lines in build logs