[GitHub] [arrow] kou opened a new issue, #35086: [Java][CI] Failed to generate BOM by CycloneDX

["kou (via GitHub)" <gi...@apache.org>]

kou opened a new issue, #35086:
URL: https://github.com/apache/arrow/issues/35086

   ### Describe the bug, including details regarding any error messages, version, and platform.
   
   https://github.com/ursacomputing/crossbow/actions/runs/4675892709/jobs/8296102801#step:6:17292
   
   ```text
   [INFO] CycloneDX: Resolving Dependencies
   Error: [ERROR] An error occurred attempting to read POM
   org.codehaus.plexus.util.xml.pull.XmlPullParserException: UTF-8 BOM plus xml decl of ISO-8859-1 is incompatible (position: START_DOCUMENT seen <?xml version="1.0" encoding="ISO-8859-1"... @1:42) 
       at org.codehaus.plexus.util.xml.pull.MXParser.parseXmlDeclWithVersion (MXParser.java:3439)
       at org.codehaus.plexus.util.xml.pull.MXParser.parseXmlDecl (MXParser.java:3361)
       at org.codehaus.plexus.util.xml.pull.MXParser.parsePI (MXParser.java:3213)
       at org.codehaus.plexus.util.xml.pull.MXParser.parseProlog (MXParser.java:1828)
       at org.codehaus.plexus.util.xml.pull.MXParser.nextImpl (MXParser.java:1757)
       at org.codehaus.plexus.util.xml.pull.MXParser.next (MXParser.java:1375)
       at org.apache.maven.model.io.xpp3.MavenXpp3Reader.read (MavenXpp3Reader.java:3940)
       at org.apache.maven.model.io.xpp3.MavenXpp3Reader.read (MavenXpp3Reader.java:612)
       at org.apache.maven.model.io.xpp3.MavenXpp3Reader.read (MavenXpp3Reader.java:627)
       at org.cyclonedx.maven.BaseCycloneDxMojo.readPom (BaseCycloneDxMojo.java:759)
       at org.cyclonedx.maven.BaseCycloneDxMojo.readPom (BaseCycloneDxMojo.java:746)
       at org.cyclonedx.maven.BaseCycloneDxMojo.retrieveParentProject (BaseCycloneDxMojo.java:694)
       at org.cyclonedx.maven.BaseCycloneDxMojo.getClosestMetadata (BaseCycloneDxMojo.java:524)
       at org.cyclonedx.maven.BaseCycloneDxMojo.convert (BaseCycloneDxMojo.java:481)
       at org.cyclonedx.maven.CycloneDxMojo.execute (CycloneDxMojo.java:70)
       at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126)
       at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:342)
       at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:330)
       at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:213)
       at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:175)
       at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:76)
       at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:163)
       at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39)
       at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:160)
       at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105)
       at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73)
       at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53)
       at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118)
       at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261)
       at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173)
       at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101)
       at org.apache.maven.cli.MavenCli.execute (MavenCli.java:827)
       at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:272)
       at org.apache.maven.cli.MavenCli.main (MavenCli.java:195)
       at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
       at java.lang.reflect.Method.invoke (Method.java:498)
       at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
       at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
       at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
       at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
   [INFO] CycloneDX: Creating BOM
   [INFO] CycloneDX: Writing BOM (XML): /Users/runner/work/crossbow/crossbow/arrow/java/vector/target/bom.xml
   [INFO] CycloneDX: Validating BOM (XML): /Users/runner/work/crossbow/crossbow/arrow/java/vector/target/bom.xml
   [INFO] CycloneDX: Writing BOM (JSON): /Users/runner/work/crossbow/crossbow/arrow/java/vector/target/bom.json
   [INFO] CycloneDX: Validating BOM (JSON): /Users/runner/work/crossbow/crossbow/arrow/java/vector/target/bom.json
   Warning:  Unknown keyword additionalItems - you should define your own Meta Schema. If the keyword is irrelevant for validation, just use a NonValidationKeyword
   ```
   
   ### Component(s)
   
   Continuous Integration, Java


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@arrow.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [arrow] kou closed issue #35086: [Java][CI] Failed to generate SBOM by CycloneDX

["kou (via GitHub)" <gi...@apache.org>]

kou closed issue #35086: [Java][CI] Failed to generate SBOM by CycloneDX
URL: https://github.com/apache/arrow/issues/35086


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@arrow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [arrow] dongjoon-hyun commented on issue #35086: [Java][CI] Failed to generate SBOM by CycloneDX

["dongjoon-hyun (via GitHub)" <gi...@apache.org>]

dongjoon-hyun commented on issue #35086:
URL: https://github.com/apache/arrow/issues/35086#issuecomment-1506007594

   Hi, @kou . Did you change Apache Maven version or CycloneDX plugin version? There was a reported issue for that combinations.
   
   In Apache Spark community, we used a fixed Maven version to avoid Apache Maven project regression.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [arrow] dongjoon-hyun commented on issue #35086: [Java][CI] Failed to generate SBOM by CycloneDX

["dongjoon-hyun (via GitHub)" <gi...@apache.org>]

dongjoon-hyun commented on issue #35086:
URL: https://github.com/apache/arrow/issues/35086#issuecomment-1506118345

   Here is the PR.
   - https://github.com/apache/arrow/pull/35094


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [arrow] kou commented on issue #35086: [Java][CI] Failed to generate BOM by CycloneDX

["kou (via GitHub)" <gi...@apache.org>]

kou commented on issue #35086:
URL: https://github.com/apache/arrow/issues/35086#issuecomment-1505917550

   @dongjoon-hyun Could you take a look at this because you introduce this feature by #15267?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [arrow] dongjoon-hyun commented on issue #35086: [Java][CI] Failed to generate SBOM by CycloneDX

["dongjoon-hyun (via GitHub)" <gi...@apache.org>]

dongjoon-hyun commented on issue #35086:
URL: https://github.com/apache/arrow/issues/35086#issuecomment-1506123206

   No problem at all. Thank you always. 👍🏻 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [arrow] dongjoon-hyun commented on issue #35086: [Java][CI] Failed to generate SBOM by CycloneDX

["dongjoon-hyun (via GitHub)" <gi...@apache.org>]

dongjoon-hyun commented on issue #35086:
URL: https://github.com/apache/arrow/issues/35086#issuecomment-1506115879

   BTW, from Spark community, we found that cyclonedx plugin 2.7.5 has some issues, but cyclones plugin 2.7.6 works fine.
   
   I verified the reported Arrow build issue locally with the following command and verified that new latest plugin fixes it, @kou .
   ```
   $ mvn clean package -DskipTests --pl vector --am
   ```
   
   Let me make a PR.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [arrow] kou commented on issue #35086: [Java][CI] Failed to generate SBOM by CycloneDX

["kou (via GitHub)" <gi...@apache.org>]

kou commented on issue #35086:
URL: https://github.com/apache/arrow/issues/35086#issuecomment-1506121391

   Thanks for the information!
   Sorry... I'm trying 2.7.6 in #35092...


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [arrow] dongjoon-hyun commented on issue #35086: [Java][CI] Failed to generate SBOM by CycloneDX

["dongjoon-hyun (via GitHub)" <gi...@apache.org>]

dongjoon-hyun commented on issue #35086:
URL: https://github.com/apache/arrow/issues/35086#issuecomment-1506110262

   Thank you. I'll check more in Arrow repository.
   
   The report came from Apache Hadoop community while Apache ORC, Apache Parquet, Apache Zookeeper, Apache Spark 3.4.0 RC7 (vote will finished tonight) published SBOM successfully.
   
   
   - Apache Hadoop: https://github.com/apache/hadoop/commit/55254de62479810851c4dde161758c106d9eb722
   - Apache ORC 1.7.8: https://repo1.maven.org/maven2/org/apache/orc/orc-core/1.7.8/orc-core-1.7.8-cyclonedx.json
   - Apache ORC 1.8.2: https://repo1.maven.org/maven2/org/apache/orc/orc-core/1.8.2/orc-core-1.8.2-cyclonedx.json
   - Apache ORC 1.8.3: https://repo1.maven.org/maven2/org/apache/orc/orc-core/1.8.3/orc-core-1.8.3-cyclonedx.json
   - Apache Parquet 1.13.0: https://repo1.maven.org/maven2/org/apache/parquet/parquet-common/1.13.0/parquet-common-1.13.0-cyclonedx.json
   - Apache Zookeeper 3.8.1: https://repo1.maven.org/maven2/org/apache/zookeeper/zookeeper/3.8.1/zookeeper-3.8.1-cyclonedx.json
   - Apache Spark 3.4.0 RC7: https://repository.apache.org/content/repositories/orgapachespark-1441/org/apache/spark/spark-core_2.12/3.4.0/spark-core_2.12-3.4.0-cyclonedx.json
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [arrow] kou commented on issue #35086: [Java][CI] Failed to generate SBOM by CycloneDX

["kou (via GitHub)" <gi...@apache.org>]

kou commented on issue #35086:
URL: https://github.com/apache/arrow/issues/35086#issuecomment-1506102552

   @dongjoon-hyun Thanks for taking a look at this! Sorry. I'm not familiar with Java but it seems that we didn't change Apache Maven version nor CycloneDX plugin version explicitly. You pinned CycloneDX plugin version in #15267. So CycloneDX plugin version may not be changed. But it seems that we don't pin Apache Maven's version explicitly. So Apache Maven version may be changed.
   
   > There was a reported issue for that combinations.
   
   Could you share the URL of the report?
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org