You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@spark.apache.org by "LuciferYang (via GitHub)" <gi...@apache.org> on 2023/02/17 15:15:40 UTC

[GitHub] [spark] LuciferYang opened a new pull request, #40065: [SPARK-42382][BUILD] Upgrade `cyclonedx-maven-plugin` to 2.7.5

LuciferYang opened a new pull request, #40065:
URL: https://github.com/apache/spark/pull/40065

   ### What changes were proposed in this pull request?
   This pr aims upgrade `cyclonedx-maven-plugin` from 2.7.3 to 2.7.5
   
   
   ### Why are the changes needed?
   <!--
   Please clarify why the changes are needed. For instance,
     1. If you propose a new API, clarify the use case for a new API.
     2. If you fix a bug, you can clarify why it is a bug.
   -->
   
   
   ### Does this PR introduce _any_ user-facing change?
   <!--
   Note that it means *any* user-facing change including all aspects such as the documentation fix.
   If yes, please clarify the previous behavior and the change this PR proposes - provide the console output, description and/or an example to show the behavior difference if possible.
   If possible, please also clarify if this is a user-facing change compared to the released Spark versions or within the unreleased branches such as master.
   If no, write 'No'.
   -->
   
   
   ### How was this patch tested?
   <!--
   If tests were added, say they were added here. Please make sure to add some test cases that check the changes thoroughly including negative and positive cases if possible.
   If it was tested in a way different from regular unit tests, please clarify how you tested step by step, ideally copy and paste-able, so that other reviewers can test and check, and descendants can verify in the future.
   If tests were not added, please describe why they were not added and/or why it was difficult to add.
   If benchmark tests were added, please run the benchmarks in GitHub Actions for the consistent environment, and the instructions could accord to: https://spark.apache.org/developer-tools.html#github-workflow-benchmarks.
   -->
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] LuciferYang commented on pull request #40065: [SPARK-42382][BUILD] Upgrade `cyclonedx-maven-plugin` to 2.7.5

Posted by "LuciferYang (via GitHub)" <gi...@apache.org>.
LuciferYang commented on PR #40065:
URL: https://github.com/apache/spark/pull/40065#issuecomment-1434828500

   cc @dongjoon-hyun 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] LuciferYang commented on pull request #40065: [SPARK-42382][BUILD] Upgrade `cyclonedx-maven-plugin` to 2.7.5

Posted by "LuciferYang (via GitHub)" <gi...@apache.org>.
LuciferYang commented on PR #40065:
URL: https://github.com/apache/spark/pull/40065#issuecomment-1435520529

   I think we should wait for 2.7.6 or higher to test usability, then we can reuse this jira. I will close this pr first, thanks @dongjoon-hyun 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] dongjoon-hyun commented on pull request #40065: [SPARK-42382][BUILD] Upgrade `cyclonedx-maven-plugin` to 2.7.5

Posted by "dongjoon-hyun (via GitHub)" <gi...@apache.org>.
dongjoon-hyun commented on PR #40065:
URL: https://github.com/apache/spark/pull/40065#issuecomment-1435007566

   I mean in our GitHub Action repo. We are using CycloneDX 2.7.3, aren't we?
   
   > I make another one build with maven 3.8.7 + cyclonedx-maven-plugin 2.7.4 https://github.com/LuciferYang/spark/actions/runs/4205904014/jobs/7298678641


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] dongjoon-hyun commented on pull request #40065: [SPARK-42382][BUILD] Upgrade `cyclonedx-maven-plugin` to 2.7.5

Posted by "dongjoon-hyun (via GitHub)" <gi...@apache.org>.
dongjoon-hyun commented on PR #40065:
URL: https://github.com/apache/spark/pull/40065#issuecomment-1435279944

   If you don't mind, please allow me one or two days. I'll check this during weekend~ Thank you for your patience always.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] LuciferYang closed pull request #40065: [SPARK-42382][BUILD] Upgrade `cyclonedx-maven-plugin` to 2.7.5

Posted by "LuciferYang (via GitHub)" <gi...@apache.org>.
LuciferYang closed pull request #40065: [SPARK-42382][BUILD] Upgrade `cyclonedx-maven-plugin` to 2.7.5
URL: https://github.com/apache/spark/pull/40065


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] dongjoon-hyun commented on pull request #40065: [SPARK-42382][BUILD] Upgrade `cyclonedx-maven-plugin` to 2.7.5

Posted by "dongjoon-hyun (via GitHub)" <gi...@apache.org>.
dongjoon-hyun commented on PR #40065:
URL: https://github.com/apache/spark/pull/40065#issuecomment-1435116865

   I'm trying to assess the issue. So, those combination issue is not the AS-IS Apache Spark issue in both master/branch-3.4, right?
   
   FYI, Cyclone plugin 2.7.4 issue is a known one. When I started SBOM works, 2.7.4 was the lastest but was unusable across multiple ASF projects. That was the main reason I chose 2.7.3 instead of the latest at that time. I'm not quite sure if 2.7.5 is stable enough.
   
   Anyway, we can apply this PR on `master` branch for Apache Spark 3.5.0 only separately from the Maven issue. Maven is also another big issues always.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] LuciferYang commented on pull request #40065: [SPARK-42382][BUILD] Upgrade `cyclonedx-maven-plugin` to 2.7.5

Posted by "LuciferYang (via GitHub)" <gi...@apache.org>.
LuciferYang commented on PR #40065:
URL: https://github.com/apache/spark/pull/40065#issuecomment-1434952516

   I make another one build with 2.7.4 https://github.com/LuciferYang/spark/actions/runs/4205904014/jobs/7298678641
   
   <img width="1074" alt="image" src="https://user-images.githubusercontent.com/1475305/219719321-dc1e6aa3-1a21-4e93-92ce-60cee921493b.png">
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] LuciferYang commented on pull request #40065: [SPARK-42382][BUILD] Upgrade `cyclonedx-maven-plugin` to 2.7.5

Posted by "LuciferYang (via GitHub)" <gi...@apache.org>.
LuciferYang commented on PR #40065:
URL: https://github.com/apache/spark/pull/40065#issuecomment-1435050161

   Please let me explain my intention more:
   
   1. First of all, I want to update maven to 3.9.0(keep use CycloneDX 2.7.3), then I found the following error:
   
   ```
   [ERROR] An error occurred attempting to read POM
   org.codehaus.plexus.util.xml.pull.XmlPullParserException: UTF-8 BOM plus xml decl of ISO-8859-1 is incompatible (position: START_DOCUMENT seen <?xml version="1.0" encoding="ISO-8859-1"... @1:42) 
       at org.codehaus.plexus.util.xml.pull.MXParser.parseXmlDeclWithVersion (MXParser.java:3423)
       at org.codehaus.plexus.util.xml.pull.MXParser.parseXmlDecl (MXParser.java:3345)
       at org.codehaus.plexus.util.xml.pull.MXParser.parsePI (MXParser.java:3197)
       at org.codehaus.plexus.util.xml.pull.MXParser.parseProlog (MXParser.java:1828)
       at org.codehaus.plexus.util.xml.pull.MXParser.nextImpl (MXParser.java:1757)
       at org.codehaus.plexus.util.xml.pull.MXParser.next (MXParser.java:1375)
       at org.apache.maven.model.io.xpp3.MavenXpp3Reader.read (MavenXpp3Reader.java:3940)
       at org.apache.maven.model.io.xpp3.MavenXpp3Reader.read (MavenXpp3Reader.java:612)
       at org.apache.maven.model.io.xpp3.MavenXpp3Reader.read (MavenXpp3Reader.java:627)
       at org.cyclonedx.maven.BaseCycloneDxMojo.readPom (BaseCycloneDxMojo.java:759)
       at org.cyclonedx.maven.BaseCycloneDxMojo.readPom (BaseCycloneDxMojo.java:746)
       at org.cyclonedx.maven.BaseCycloneDxMojo.retrieveParentProject (BaseCycloneDxMojo.java:694)
       at org.cyclonedx.maven.BaseCycloneDxMojo.getClosestMetadata (BaseCycloneDxMojo.java:524)
       at org.cyclonedx.maven.BaseCycloneDxMojo.convert (BaseCycloneDxMojo.java:481)
       at org.cyclonedx.maven.CycloneDxMojo.execute (CycloneDxMojo.java:70)
       at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126)
       at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:342)
       at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:330)
       at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:213)
       at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:175)
       at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:76)
       at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:163)
       at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39)
       at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:160)
       at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105)
       at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73)
       at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53)
       at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118)
       at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:260)
       at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:172)
       at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:100)
       at org.apache.maven.cli.MavenCli.execute (MavenCli.java:821)
       at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:270)
       at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
       at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
       at java.lang.reflect.Method.invoke (Method.java:498)
       at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
       at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
       at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
       at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
   ```
   
   I think We should see similar errors here: https://github.com/LuciferYang/spark/actions/runs/4206035140/jobs/7299042843 later
   
   2. then I want to test maven 3.9.0 + CycloneDX 2.7.4 couple of days ago, but there an error same as  `maven 3.8.7 + cyclonedx-maven-plugin 2.7.4`,  I think we should see it here: https://github.com/LuciferYang/spark/runs/11424487074 later
   
   3. then I test maven 3.9.0 + CycloneDX 2.7.5 today, there is no above issues(we can check https://github.com/LuciferYang/spark/runs/11424568023 later).
   
   If I want to upgrade Spark to use maven 3.9.0, I must upgrade cyclonedx-maven-plugin to 2.7.5, so should I upgrade them in one pr at the same time? 
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] steveloughran commented on pull request #40065: [SPARK-42382][BUILD] Upgrade `cyclonedx-maven-plugin` to 2.7.5

Posted by "steveloughran (via GitHub)" <gi...@apache.org>.
steveloughran commented on PR #40065:
URL: https://github.com/apache/spark/pull/40065#issuecomment-1441571006

   I'm hitting this when trying to build hadoop having updated maven via homebrew so as to get spark to work.  joy. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] dongjoon-hyun commented on pull request #40065: [SPARK-42382][BUILD] Upgrade `cyclonedx-maven-plugin` to 2.7.5

Posted by "dongjoon-hyun (via GitHub)" <gi...@apache.org>.
dongjoon-hyun commented on PR #40065:
URL: https://github.com/apache/spark/pull/40065#issuecomment-1435482433

   Got it. Thank you for informing.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] LuciferYang commented on pull request #40065: [SPARK-42382][BUILD] Upgrade `cyclonedx-maven-plugin` to 2.7.5

Posted by "LuciferYang (via GitHub)" <gi...@apache.org>.
LuciferYang commented on PR #40065:
URL: https://github.com/apache/spark/pull/40065#issuecomment-1435045931

   Yes, we use CycloneDX 2.7.3. So I should not explain that 2.7.4 has such issue in the pr description, because it does not affect Spark now, am I right?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] dongjoon-hyun commented on pull request #40065: [SPARK-42382][BUILD] Upgrade `cyclonedx-maven-plugin` to 2.7.5

Posted by "dongjoon-hyun (via GitHub)" <gi...@apache.org>.
dongjoon-hyun commented on PR #40065:
URL: https://github.com/apache/spark/pull/40065#issuecomment-1435785032

   +1 for your decision, @LuciferYang . Thank you for letting me know before I started my work~ :) 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] LuciferYang commented on pull request #40065: [SPARK-42382][BUILD] Upgrade `cyclonedx-maven-plugin` to 2.7.5

Posted by "LuciferYang (via GitHub)" <gi...@apache.org>.
LuciferYang commented on PR #40065:
URL: https://github.com/apache/spark/pull/40065#issuecomment-1435129166

   Yeah, Spark 3.4.0 does not need this pr.
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] LuciferYang commented on pull request #40065: [SPARK-42382][BUILD] Upgrade `cyclonedx-maven-plugin` to 2.7.5

Posted by "LuciferYang (via GitHub)" <gi...@apache.org>.
LuciferYang commented on PR #40065:
URL: https://github.com/apache/spark/pull/40065#issuecomment-1435477929

   @dongjoon-hyun found a new issue related to 2.7.5: https://github.com/CycloneDX/cyclonedx-maven-plugin/issues/284
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org

[GitHub] [spark] dongjoon-hyun commented on pull request #40065: [SPARK-42382][BUILD] Upgrade `cyclonedx-maven-plugin` to 2.7.5

Posted by "dongjoon-hyun (via GitHub)" <gi...@apache.org>.
dongjoon-hyun commented on PR #40065:
URL: https://github.com/apache/spark/pull/40065#issuecomment-1502216909

   This PR is superseded by https://github.com/apache/spark/pull/40726 .


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org