Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix reproducible build issues with 7.0.0 #4967

Merged
merged 4 commits into from Apr 23, 2024
Merged

Fix reproducible build issues with 7.0.0 #4967

merged 4 commits into from Apr 23, 2024

Conversation

adangel
Copy link
Member

@adangel adangel commented Apr 18, 2024

Describe the PR

For the latest release 7.0.0, not all artifacts are reproducible:

15 files are not reproducible. This PR fixes these.

  1. The BOM for the parent POM created by cyclonedx contains all modules. However, due to the cyclic dependency between pmd and pmd-designer (see Circular dependencies between pmd-ui, pmd-core, pmd-cli #4446) we do the release in two phases: first without pmd-cli/pmd-dist and in the 2nd phase only pmd-cli/pmd-dist. In the first phase, the parent POM is published and the BOM doesn't contain pmd-cli/pmd-dist. This PR now always excludes these two modules from the BOM, so that the whole project can be reproduced without doing the reproducible build in two phases as well.
  2. When generating the tokenizers/parsers with javacc, we use maven-antrun-plugin to run some ant script that does some replaceregexp on files. When ant does this, it first performs the replaceregex on a temporary file with limited file permissions (like having umask 077). These files are then packed into the source jar by maven-source-plugin. In the older version of that plugin (3.2.1 used by PMD 7.0.0-rc4), these limited file permissions have obviously been ignored and all the files in the archive had the correct permission. The upgrade of maven-source-plugin to 3.3.0 changed to preserve the file permission (as opposed to reapply the umask for the files in the archive). Ant has a fix for the tasks, that create a temporary file, to preserve the permissions of the original file, so that the permissions in the archive are now correct. This PR now updates the ant version used by maven-antrun-plugin to use this fix.

Related issues

  • None

Ready?

  • Added unit tests for fixed bug/feature
  • Passing all unit tests
  • Complete build ./mvnw clean verify passes (checked automatically by github actions)
  • Added (in-code) documentation (if needed)

@adangel
Bump maven-source-plugin from 3.3.0 to 3.3.1
d9dcaae
@adangel
Use latest ant for maven-antrun-plugin
4b14d4e 
This preserves the file permissions when doing
a replaceregexp on a file.
@adangel
Exclude pmd-cli/pmd-dist from cyclonedx BOM
53aecb6 
This should make the bom.xml/bom.json files be
reproducible again.
@adangel
[doc] Update release notes (pmd#4967)
b42108d
@adangel adangel added a:bug PMD crashes or fails to analyse a file. in:pmd-internals Affects PMD's internals labels Apr 18, 2024
@adangel adangel added this to the 7.1.0 milestone Apr 18, 2024
@adangel adangel changed the title Fix reproducible builds Fix reproducible build issues with 7.0.0 Apr 18, 2024
@pmd-test
Copy link

1 Message
📖 No regression tested rules have been changed.

Generated by 🚫 Danger

oowekyala added a commit that referenced this pull request Apr 23, 2024
@oowekyala
Merge branch 'pr/4967'
59bda4c 
Ref #4967
@oowekyala oowekyala merged commit 3765e45 into pmd:master Apr 23, 2024
3 checks passed
@adangel adangel deleted the fix-reproducible-builds branch April 25, 2024 06:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oowekyala oowekyala oowekyala approved these changes

Assignees
No one assigned
Labels
a:bug PMD crashes or fails to analyse a file. in:pmd-internals Affects PMD's internals
Projects
None yet
Milestone
7.1.0
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@adangel @pmd-test @oowekyala