You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@arrow.apache.org by "kou (via GitHub)" <gi...@apache.org> on 2023/04/12 20:45:17 UTC
[GitHub] [arrow] kou opened a new issue, #35086: [Java][CI] Failed to generate BOM by CycloneDX
kou opened a new issue, #35086:
URL: https://github.com/apache/arrow/issues/35086
### Describe the bug, including details regarding any error messages, version, and platform.
https://github.com/ursacomputing/crossbow/actions/runs/4675892709/jobs/8296102801#step:6:17292
```text
[INFO] CycloneDX: Resolving Dependencies
Error: [ERROR] An error occurred attempting to read POM
org.codehaus.plexus.util.xml.pull.XmlPullParserException: UTF-8 BOM plus xml decl of ISO-8859-1 is incompatible (position: START_DOCUMENT seen <?xml version="1.0" encoding="ISO-8859-1"... @1:42)
at org.codehaus.plexus.util.xml.pull.MXParser.parseXmlDeclWithVersion (MXParser.java:3439)
at org.codehaus.plexus.util.xml.pull.MXParser.parseXmlDecl (MXParser.java:3361)
at org.codehaus.plexus.util.xml.pull.MXParser.parsePI (MXParser.java:3213)
at org.codehaus.plexus.util.xml.pull.MXParser.parseProlog (MXParser.java:1828)
at org.codehaus.plexus.util.xml.pull.MXParser.nextImpl (MXParser.java:1757)
at org.codehaus.plexus.util.xml.pull.MXParser.next (MXParser.java:1375)
at org.apache.maven.model.io.xpp3.MavenXpp3Reader.read (MavenXpp3Reader.java:3940)
at org.apache.maven.model.io.xpp3.MavenXpp3Reader.read (MavenXpp3Reader.java:612)
at org.apache.maven.model.io.xpp3.MavenXpp3Reader.read (MavenXpp3Reader.java:627)
at org.cyclonedx.maven.BaseCycloneDxMojo.readPom (BaseCycloneDxMojo.java:759)
at org.cyclonedx.maven.BaseCycloneDxMojo.readPom (BaseCycloneDxMojo.java:746)
at org.cyclonedx.maven.BaseCycloneDxMojo.retrieveParentProject (BaseCycloneDxMojo.java:694)
at org.cyclonedx.maven.BaseCycloneDxMojo.getClosestMetadata (BaseCycloneDxMojo.java:524)
at org.cyclonedx.maven.BaseCycloneDxMojo.convert (BaseCycloneDxMojo.java:481)
at org.cyclonedx.maven.CycloneDxMojo.execute (CycloneDxMojo.java:70)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:342)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:330)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:213)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:175)
at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:76)
at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:163)
at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:160)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:827)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:272)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:195)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
[INFO] CycloneDX: Creating BOM
[INFO] CycloneDX: Writing BOM (XML): /Users/runner/work/crossbow/crossbow/arrow/java/vector/target/bom.xml
[INFO] CycloneDX: Validating BOM (XML): /Users/runner/work/crossbow/crossbow/arrow/java/vector/target/bom.xml
[INFO] CycloneDX: Writing BOM (JSON): /Users/runner/work/crossbow/crossbow/arrow/java/vector/target/bom.json
[INFO] CycloneDX: Validating BOM (JSON): /Users/runner/work/crossbow/crossbow/arrow/java/vector/target/bom.json
Warning: Unknown keyword additionalItems - you should define your own Meta Schema. If the keyword is irrelevant for validation, just use a NonValidationKeyword
```
### Component(s)
Continuous Integration, Java
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@arrow.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow] kou closed issue #35086: [Java][CI] Failed to generate SBOM by CycloneDX
Posted by "kou (via GitHub)" <gi...@apache.org>.
kou closed issue #35086: [Java][CI] Failed to generate SBOM by CycloneDX
URL: https://github.com/apache/arrow/issues/35086
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow] dongjoon-hyun commented on issue #35086: [Java][CI] Failed to generate SBOM by CycloneDX
Posted by "dongjoon-hyun (via GitHub)" <gi...@apache.org>.
dongjoon-hyun commented on issue #35086:
URL: https://github.com/apache/arrow/issues/35086#issuecomment-1506007594
Hi, @kou . Did you change Apache Maven version or CycloneDX plugin version? There was a reported issue for that combinations.
In Apache Spark community, we used a fixed Maven version to avoid Apache Maven project regression.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow] dongjoon-hyun commented on issue #35086: [Java][CI] Failed to generate SBOM by CycloneDX
Posted by "dongjoon-hyun (via GitHub)" <gi...@apache.org>.
dongjoon-hyun commented on issue #35086:
URL: https://github.com/apache/arrow/issues/35086#issuecomment-1506118345
Here is the PR.
- https://github.com/apache/arrow/pull/35094
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow] kou commented on issue #35086: [Java][CI] Failed to generate BOM by CycloneDX
Posted by "kou (via GitHub)" <gi...@apache.org>.
kou commented on issue #35086:
URL: https://github.com/apache/arrow/issues/35086#issuecomment-1505917550
@dongjoon-hyun Could you take a look at this because you introduce this feature by #15267?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow] dongjoon-hyun commented on issue #35086: [Java][CI] Failed to generate SBOM by CycloneDX
Posted by "dongjoon-hyun (via GitHub)" <gi...@apache.org>.
dongjoon-hyun commented on issue #35086:
URL: https://github.com/apache/arrow/issues/35086#issuecomment-1506123206
No problem at all. Thank you always. 👍🏻
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow] dongjoon-hyun commented on issue #35086: [Java][CI] Failed to generate SBOM by CycloneDX
Posted by "dongjoon-hyun (via GitHub)" <gi...@apache.org>.
dongjoon-hyun commented on issue #35086:
URL: https://github.com/apache/arrow/issues/35086#issuecomment-1506115879
BTW, from Spark community, we found that cyclonedx plugin 2.7.5 has some issues, but cyclones plugin 2.7.6 works fine.
I verified the reported Arrow build issue locally with the following command and verified that new latest plugin fixes it, @kou .
```
$ mvn clean package -DskipTests --pl vector --am
```
Let me make a PR.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow] kou commented on issue #35086: [Java][CI] Failed to generate SBOM by CycloneDX
Posted by "kou (via GitHub)" <gi...@apache.org>.
kou commented on issue #35086:
URL: https://github.com/apache/arrow/issues/35086#issuecomment-1506121391
Thanks for the information!
Sorry... I'm trying 2.7.6 in #35092...
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow] dongjoon-hyun commented on issue #35086: [Java][CI] Failed to generate SBOM by CycloneDX
Posted by "dongjoon-hyun (via GitHub)" <gi...@apache.org>.
dongjoon-hyun commented on issue #35086:
URL: https://github.com/apache/arrow/issues/35086#issuecomment-1506110262
Thank you. I'll check more in Arrow repository.
The report came from Apache Hadoop community while Apache ORC, Apache Parquet, Apache Zookeeper, Apache Spark 3.4.0 RC7 (vote will finished tonight) published SBOM successfully.
- Apache Hadoop: https://github.com/apache/hadoop/commit/55254de62479810851c4dde161758c106d9eb722
- Apache ORC 1.7.8: https://repo1.maven.org/maven2/org/apache/orc/orc-core/1.7.8/orc-core-1.7.8-cyclonedx.json
- Apache ORC 1.8.2: https://repo1.maven.org/maven2/org/apache/orc/orc-core/1.8.2/orc-core-1.8.2-cyclonedx.json
- Apache ORC 1.8.3: https://repo1.maven.org/maven2/org/apache/orc/orc-core/1.8.3/orc-core-1.8.3-cyclonedx.json
- Apache Parquet 1.13.0: https://repo1.maven.org/maven2/org/apache/parquet/parquet-common/1.13.0/parquet-common-1.13.0-cyclonedx.json
- Apache Zookeeper 3.8.1: https://repo1.maven.org/maven2/org/apache/zookeeper/zookeeper/3.8.1/zookeeper-3.8.1-cyclonedx.json
- Apache Spark 3.4.0 RC7: https://repository.apache.org/content/repositories/orgapachespark-1441/org/apache/spark/spark-core_2.12/3.4.0/spark-core_2.12-3.4.0-cyclonedx.json
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow] kou commented on issue #35086: [Java][CI] Failed to generate SBOM by CycloneDX
Posted by "kou (via GitHub)" <gi...@apache.org>.
kou commented on issue #35086:
URL: https://github.com/apache/arrow/issues/35086#issuecomment-1506102552
@dongjoon-hyun Thanks for taking a look at this! Sorry. I'm not familiar with Java but it seems that we didn't change Apache Maven version nor CycloneDX plugin version explicitly. You pinned CycloneDX plugin version in #15267. So CycloneDX plugin version may not be changed. But it seems that we don't pin Apache Maven's version explicitly. So Apache Maven version may be changed.
> There was a reported issue for that combinations.
Could you share the URL of the report?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org