New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[maven] Find snapshot metadata in nested pom #3728
Comments
I don’t fully understand your request, sorry. Can you provide more details including examples and logs if possible? What type of Maven registry is it? |
Our repositories are hosted on nexus3 (i don't if the same problem occurs with artifactory). We have 3 maven repositories :
Use case : here is an extract of maven-metadata.xml for mylib : <metadata modelVersion="1.1.0">
<groupId>groupid</groupId>
<artifactId>mylib</artifactId>
<versioning>
<latest>5.1.22-SNAPSHOT</latest>
<release>5.1.21</release>
<versions>
<version>5.0.0</version>
<version>5.0.1</version>
<version>5.0.2</version>
<version>5.0.3</version>
<version>5.0.4</version>
<version>5.0.5</version>
<version>5.1.20</version>
<version>5.1.21</version>
<version>5.1.22-SNAPSHOT</version>
</versions>
<lastUpdated>20190517040006</lastUpdated>
</versioning>
</metadata> Log file :
when renovate try to download mylib-5.1.22-SNAPSHOT.pom, a 404 error occurs because it doesn't exist (the structure of a snapshot directory is different). |
Versions Maven plugin works well in this case :
but renovate is not able to find this update. |
Have you set |
Sorry i didn't know this flag but it's only a part of the solution. I've made a simple test : force the result of pomContent if pomContent is undefined when calling downloadMavenXml : async function getDependencyInfo(dependency, repoUrl, version) {
const result = {};
const path = `${version}/${dependency.name}-${version}.pom`;
const pomContent = await downloadMavenXml(dependency, repoUrl, path);
if (!pomContent)
return {homepage:'foo',sourceUrl:'bar'};
// return result;
const homepage = pomContent.valueWithPath('url');
if (homepage && !containsPlaceholder(homepage)) {
result.homepage = homepage;
}
const sourceUrl = pomContent.valueWithPath('scm.url');
if (sourceUrl && !containsPlaceholder(sourceUrl)) {
result.sourceUrl = sourceUrl;
}
return result;
} renovate/lib/datasource/maven/index.js Line 193 in b701e15
|
So right now, if we cannot find homepage or sourc eurl then we return |
Yes, if the pom file is unavailable (to extract homepage / sourceurl) then it fails. i think it should :
This new maven-metadata.xml looks like : <?xml version="1.0" encoding="UTF-8"?>
<metadata modelVersion="1.1.0">
<groupId>groupid</groupId>
<artifactId>mylib</artifactId>
<version>5.1.22-SNAPSHOT</version>
<versioning>
<snapshot>
<timestamp>20190516.193217</timestamp>
<buildNumber>145</buildNumber>
</snapshot>
<lastUpdated>20190517040006</lastUpdated>
<snapshotVersions>
<snapshotVersion>
<extension>pom</extension>
<value>5.1.22-20190516.193217-145</value>
<updated>20190516193217</updated>
</snapshotVersion>
</snapshotVersions>
</versioning>
</metadata>
|
Sounds good, thanks. |
Finally, it seems that switching from ignoreUnstable: true to ignoreUnstable: false was the solution. The only bug is that it can't find the sourceurl and homepage but i'm not sure it's necessary to add more complexity just for snapshots MR. So if you're ok with that, we can close this "issue" |
I would still like to keep this open but will rename it so that we learn to capture the pom for the snapshot too. Thanks. |
@jgarec can you summarize for us:
|
When this issue was opened, it was necessary to download the pom file of the snapshot to get the url of the project / the homepage ... but now, renovate is able to find this with the latest release published : renovate/lib/datasource/maven/index.ts Lines 274 to 277 in 5701164
So i wonder if we could just consider that using unstable versions doesn't require to check that the pom is valid and available ? |
If the pom file is there, then what leads you to need to skip the pom check altogether? |
I believe I'm seeing the same issue as @jgarec. The maven datasource checks for presence of the pom via a URL like As you can see from his screenshots, the repository doesn't store a So the |
I'd like to take this one. |
Hi there, Help us by making a minimal reproduction repository. Before we can start work on your issue we first need to know exactly what's causing the current behavior. A minimal reproduction helps us with this. To get started, please read our guide on creating a minimal reproduction to understand what is needed. We may close the issue if you (or someone else) have not provided a minimal reproduction within two weeks. If you need more time, or are stuck, please ask for help or more time in a comment. Good luck, The Renovate team |
Actually this one needs a reproduction first |
When a bug has been marked as needing a reproduction, it means nobody can work on it until one is provided. In cases where no reproduction is possible, or the issue creator does not have the time to reproduce, we unfortunately need to close such issues as they are non-actionable and serve no benefit by remaining open. This issue will be closed after 7 days of inactivity. |
It seems that #11327 doesn't fix this issue. Still can't update -SNAPSHOT deps without setting |
Needs reproduction |
It turned out even RENOVATE_EXPERIMENTAL_NO_MAVEN_POM_CHECK didn't work out. |
When a bug has been marked as needing a reproduction, it means nobody can work on it until one is provided. In cases where no reproduction is possible, or the issue creator does not have the time to reproduce, we unfortunately need to close such issues as they are non-actionable and serve no benefit by remaining open. This issue will be closed after 7 days of inactivity. |
This bug report has been closed as we need a reproduction to work on this. If the original poster or anybody else with the same problem discovers that they can reproduce it, please create a new issue, and reference this issue. |
What would you like Renovate to be able to do?
Being able to update to latest snapshot which could be newer than the latest release.
Describe the solution you'd like
By default, update to latest release but for some dependencies that are explictly described in config file, update to latest snapshot if available.
Describe alternatives you've considered
Additional context
In debug logs, i can see that snapshots are identified as "newer versions" but when renovate try to download it, there is an error because snapshot and release repositories have not the same structure (multiple artifacts for the same snapshot versions). This download fails so renovate considers that this version is unavailable :
Release repository structure :
Snapshot repository structure :
In this case, i think renovate should download another maven-metadata and identify the right artifact to download.
The text was updated successfully, but these errors were encountered: