Next release 4.8.0 - October 11th Performed #2417
Replies: 16 comments 43 replies
-
not sure, I'd like some help getting the rest of renovate PRs merged. Project is hard to work with IMO. It doesn't run well on windows if at all. The build system kind of ignores other platforms. Its gradle and I'm a maven user like most. If I can get it working in windows reliably, I'd be able to possibly get it released. I agree its way overdue. I've been running numerous patches on the spotbugs maven plugin against 4.7.3 for a while now and also want the update out soon, there is a lot in this since 4.7.3. But we do need some of the Renovate items addressed due to CVEs. |
Beta Was this translation helpful? Give feedback.
-
Thank you for your fast answer, @hazendaz, and I'm really sorry for my late one.
Which of theese do you think are the most important to have in the next release? Or are there some others, which I left out and are crucial to the new release? I use both Windows and Linux, and can verify that spotbugs doesn't build in Windows as flawlessly as it does in Linux, but haven't looked in depth at the exact problem(s) yet. I'm also quite new to the project, and I not sure, what is the exact process for fixing a problem, which @renovate already has a PR for? Should I create a new PR to the branch the bot created? As far as I can see, you are one of the most active members of the community. Are you the one, who is responsible for the release as well? |
Beta Was this translation helpful? Give feedback.
-
Thank you for looking at and merging my PRs. I managed to find a solution to the guava dependency problem, and it got merged. I propose that the next SpotBugs release includes bcel version 6.6.1 instead of waiting for 6.7.1. What are your thoughts on this?
Additionally, I noticed that the SonarCloud Code Analysis has been failing.
I'm happy to help with anything I can. On my end, the current master builds successfully on both Linux and Windows. |
Beta Was this translation helpful? Give feedback.
-
Thanks that is what I was seeing. I have the role to release. He gave me some pointers a year ago to release the gradle plugin. Looking again it appears probably the same. I'll look this weekend and work to cleanup the release steps. The eclipse plugin is released on all merges to mainline now. So only need worry about main code.
Sent from my Verizon, Samsung Galaxy smartphone
Get Outlook for Android<https://aka.ms/AAb9ysg>
…________________________________
From: Judit Knoll ***@***.***>
Sent: Wednesday, June 28, 2023 7:08:26 AM
To: spotbugs/spotbugs ***@***.***>
Cc: Jeremy Landis ***@***.***>; Mention ***@***.***>
Subject: Re: [spotbugs/spotbugs] Next release (Discussion #2417)
I found the RELEASE_PROCEDURE.md<https://github.com/spotbugs/spotbugs/blob/master/RELEASE_PROCEDURE.md>, the release.yml<https://github.com/spotbugs/spotbugs/blob/master/.github/workflows/release.yml>, and checked the earlier releases (e.g. PR for 4.7.3<#2216>). However the .travis.yml (referenced by the RELEASE_PROCEDURE.md) doesn't exist anymore, the processes got moved to GitHub Actions (see the PRs mentioned in #1123<#1123>). But I think only KengoTODA is authorized to do some steps.
@KengoTODA<https://github.com/KengoTODA> What do you think, is spotbugs ready for the 4.7.4 release?
—
Reply to this email directly, view it on GitHub<#2417 (reply in thread)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AAHODIYR5IFN2P6YKCVL77TXNQGCVANCNFSM6AAAAAAXMIP4NA>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
Hello, Please do not forget that several new features (detectors) were merged into |
Beta Was this translation helpful? Give feedback.
-
Agreed next release will be 4.8.0
Sent from my Verizon, Samsung Galaxy smartphone
Get Outlook for Android<https://aka.ms/AAb9ysg>
…________________________________
From: Balogh, Ádám ***@***.***>
Sent: Thursday, June 29, 2023 9:27:22 AM
To: spotbugs/spotbugs ***@***.***>
Cc: Jeremy Landis ***@***.***>; Mention ***@***.***>
Subject: Re: [spotbugs/spotbugs] Next release (Discussion #2417)
Hello,
Please do not forget that several new features (detectors) were merged into master recently. Until now, it was the rule that in case of new features the second version number was incremented. Thus, if this rule still holds, the next release should be 4.8.0 instead of 4.7.4..
—
Reply to this email directly, view it on GitHub<#2417 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AAHODI7W7H6JNXUUVGKWQPTXNV7DVANCNFSM6AAAAAAXMIP4NA>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
I was wondering about what should we aim for as the next release: 4.8.0 or 5.0.0? Regarding Issue Review:
Regarding Multiplatform Build:
About 5.0.0:
4.8.0 vs. 5.0.0:
Proposal: the next release should be 4.8.0, not 5.0.0, because
|
Beta Was this translation helpful? Give feedback.
-
This sounds good. Keep to jdk 8 for 4.8.0. Do we need to back anything out or pretty much ready to go?
Sent from my Verizon, Samsung Galaxy smartphone
Get Outlook for Android<https://aka.ms/AAb9ysg>
…________________________________
From: Judit Knoll ***@***.***>
Sent: Thursday, August 10, 2023 4:12:12 AM
To: spotbugs/spotbugs ***@***.***>
Cc: Jeremy Landis ***@***.***>; Mention ***@***.***>
Subject: Re: [spotbugs/spotbugs] Next release (Discussion #2417)
I was wondering about what should we aim for as the next release: 4.8.0 or 5.0.0?
I've been considering our options for the next release, and I find the following points relevant:
Regarding Issue Review:
* I agree that issues need to be reviewed, but perhaps not all before the next release. We could set a goal, threshold, or deadline (e.g., review every open issue updated in the last year, currently just under 100 issues).
* Older issues may take more time to verify and may not be as urgent.
Regarding Multiplatform Build:
* I've started working on a multiplatform build GitHub action and will create a PR shortly. While useful, I see this as a nice-to-have feature.
About 5.0.0:
* We have a milestone for 5.0.0 containing breaking changes: Milestone 15<https://github.com/spotbugs/spotbugs/milestone/15>.
* Two of the three issues in this milestone currently lack PRs or solutions (Issue 1324<#1324>, Issue 1100<#1100>). Are these blocking changes for 5.0.0, or can they be postponed?
* Some PRs seem suitable only for 5.0.0 (PR 2055<#2055>, PR 2492<#2492>), but they aren't listed among the planned breaking changes.
4.8.0 vs. 5.0.0:
* We need to identify which issues, PRs, and features are blocking for 4.8.0 and 5.0.0.
* The only blocking PR for 4.8.0 seems to be PR 2278<#2278>, waiting for the new bcel release with PR 221<apache/commons-bcel#221> merged.
Proposal: the next release should be 4.8.0, not 5.0.0, because
* There will be less blocking issues.
* It's easier for to users to adapt if the new version has less, smaller changes.
* There are merged PRs, which several users are waiting for.
* There are already plenty of changes, fixes, new features merged for a release.
* Even the release itself without the original release managers could be quite a challange, it may be a bit less troublesome if it is not a new major version.
—
Reply to this email directly, view it on GitHub<#2417 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AAHODI4NRYQWMGSBEOXZSSLXUSJVZANCNFSM6AAAAAAXMIP4NA>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
Gib next Release, we need it for the security update, yes please (つ◉益◉)つ |
Beta Was this translation helpful? Give feedback.
-
I looked into the release process once again, and even released a version on my fork (using a simplified release.yml, see JuditKnoll#2) to test the release procedure (see JuditKnoll#3, release, run of the releasing job). Found an issue when trying it out, created #2554 PR to solve. According to the RELEASE_PROCEDURE.md file these are the following steps to the release:
So, what's needs to be done to release a new version?
+1. Create a PR under spotbugs-gradle-plugin to update to the newest spotbugs version. Did I miss out or misunderstand anything? |
Beta Was this translation helpful? Give feedback.
-
Didn't get release out, still messing with spotless + git EOL markers. Basic gist is we need spotless upgraded but I'm not understanding the issue faced where classes are missing. Will continue looking into it this week. |
Beta Was this translation helpful? Give feedback.
-
I've solved spotless issue based on how it's done on the gradle plugin. I'm convinced there is class path resolution issued but was able to resolve to latest version. I've also corrected git attributes and spotless config to standards. All those issues were related. Now all source will auto determine line endings from git as expected. I'll get PR up shortly along with trimming whitespace added.
Sent from my Verizon, Samsung Galaxy smartphone
Get Outlook for Android<https://aka.ms/AAb9ysg>
…________________________________
From: Judit Knoll ***@***.***>
Sent: Thursday, September 28, 2023 6:50:19 AM
To: spotbugs/spotbugs ***@***.***>
Cc: Jeremy Landis ***@***.***>; Mention ***@***.***>
Subject: Re: [spotbugs/spotbugs] Next release (Discussion #2417)
Are you sure that the spotless upgrade is necessary for the release?
I tried to look into it a few times, but couldn't solve the issue. Commented my findings earlier to the relevant PR (#2343<#2343>).
—
Reply to this email directly, view it on GitHub<#2417 (reply in thread)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AAHODIZGVWXYRQFHXHNQAJLX4VI6XANCNFSM6AAAAAAXMIP4NA>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
There were some issues generally getting the build to work locally which are now resolved. I am still looking at a few minor issues mostly with gradle not working the same on local vs github. I more or less have it ready to go but want to be certain before cutting release. I'll adjust the milestone delivery date tonight for 4.8.0 as to where i think it will be. The future dates will remain as is. Given this is first release post long term maintainers releasing I believe it's best we get it right and don't end up patching too quickly. Once this is resolved we will be back on regular cadence going forward.
Outside of all items coming with this, the current release works fine through jdk 21 provided asm overridden. And for eclipse plugin the snapshot is available after every merge.
Sent from my Verizon, Samsung Galaxy smartphone
Get Outlook for Android<https://aka.ms/AAb9ysg>
…________________________________
From: abishek75 ***@***.***>
Sent: Tuesday, October 3, 2023 6:47:54 AM
To: spotbugs/spotbugs ***@***.***>
Cc: Jeremy Landis ***@***.***>; Mention ***@***.***>
Subject: Re: [spotbugs/spotbugs] Next release (Discussion #2417)
Thanks @gtoison<https://github.com/gtoison> for the clarification, Can some-one confirm the date for 4.8.0 which was planned for end-September, also JDK 17 running version i.e. 6.0.0 is still planned for end-January 2024 ?
—
Reply to this email directly, view it on GitHub<#2417 (reply in thread)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AAHODI4M65NOP22JL6HTOLLX5PUNVAVCNFSM6AAAAAAXMIP4NCVHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM3TCNZUGMYDS>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
Hi, I've gotten past the concerns I had on windows. Gradle was not using the jvm I had set for usage and was dropping to java 17. I had put up more builds on my fork and couldn't understand at first why jdk 21 failed. While the product is compatible - gradle is not / kotlin is not. That is likely important for users to understand so noting that here. Now, as far as release. I have 2 tasks I've added to issues I'll finalize for this and do the release this weekend. So for releasing, I have no issues doing that either. Learned over last week I pretty much have global access here so I can write directly to any branch as far as I can tell and/or modify rules if needed. So what I plan to do is cut a branch called 'release/4.8.0' similar to prior releases, put the files on there that matter. I am not going to document the gradle or maven plugins as updated as that would be false info at time of the core. I'll update those later. I'll then tag that commit and let everyone review that before doing a local merge forwards and pushing so its not squashed. Expect sometime Saturday to start this with release attempt then on Sunday. I've updated the milestone to reflect that. Post the release, I think we just continue general BAU with nothing massive for a few weeks while that makes the rounds to everyone. By say end of November if we hear no major issues requiring additional releases, I plan to improve upon eclipse formatting along with more modern line sizing (120). That affects most all files and does make most things look better. I have that done already. Post that, we can start moving onto jdk 11 as well and start cleaning up the code. I've been pretty deep in the code and it does need a lot of TLC. |
Beta Was this translation helpful? Give feedback.
-
Git allows to skip a global formatting change so git blame and all else is fine. Maven has been doing just that across all their repos. I'll show that when it's done. Won't be this release. Was just noting it. To git it will simply ignore that change by adding commit id to one of the git files. Maven recently added auto formatting to all their projects and added that at same time. Basically git then doesn't show the diff. It's a special case for such a purpose. Ultimately it does matter. At some point spotless won't work if we keep thinking formating from nearly a decade back is great. At some point that ability would go.
Sent from my Verizon, Samsung Galaxy smartphone
Get Outlook for Android<https://aka.ms/AAb9ysg>
…________________________________
From: Judit Knoll ***@***.***>
Sent: Wednesday, October 4, 2023 4:40:01 AM
To: spotbugs/spotbugs ***@***.***>
Cc: Jeremy Landis ***@***.***>; Mention ***@***.***>
Subject: Re: [spotbugs/spotbugs] Next release 4.8.0 - October 8th ETA (Discussion #2417)
I also think that format changes are not worth of losing the info provided by the git blame.
—
Reply to this email directly, view it on GitHub<#2417 (reply in thread)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AAHODI7XFM4SW6TCXKHMC7LX5UOGDAVCNFSM6AAAAAAXMIP4NCVHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM3TCOBUGE4TM>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
Release is completed! The release simply came down to doing the 2 commits and pushing them manually. PR isn't really needed nor matter since it works off the tag which would not be on the PR anyways. I presume only reason to raise PR would be to make sure it looks correct. All seemed to work well other than a github warning on deprecated items in the build file (I've fixed but not pushed up). So I think we are done here other than we need to review the process again and make sure documentation properly matches. From here this is a piece of cake. We do need to push out the gradle and maven plugins to match still. |
Beta Was this translation helpful? Give feedback.
-
Hello,
The last Spotbugs version 4.7.3 was released on 2022-10-15. Up until then there was a new release every or every other month made by @KengoTODA.
I have seen that @KengoTODA mentioned here, that he is not so active recently, but I couldn't reach the discussion he referenced (maybe I am not authorized to access it).
I was wondering whether there is a(n approximate) date for the next release?
I'm happy to help with the release process, if I can.
There are some open PR-s that I am currently working on, which I would be really happy if I could have in the next release.
Who may I ask for a review?
Thank you for your answer in advance!
Beta Was this translation helpful? Give feedback.
All reactions