You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@accumulo.apache.org by Billie Rinaldi <bi...@gmail.com> on 2013/11/08 16:37:16 UTC

mvn dependency:analyze

I would like to add running mvn dependency:analyze as a step in our release
process.  This should be done with both major and minor releases, as it is
very easy to add new direct dependencies without realizing it (when they
were previously transitive dependencies), or to leave around dependencies
that are no longer needed.

Billie

Re: mvn dependency:analyze

Posted by Josh Elser <jo...@gmail.com>.

+1

On 11/8/13, 10:37 AM, Billie Rinaldi wrote:
> I would like to add running mvn dependency:analyze as a step in our release
> process.  This should be done with both major and minor releases, as it is
> very easy to add new direct dependencies without realizing it (when they
> were previously transitive dependencies), or to leave around dependencies
> that are no longer needed.
>
> Billie
>

Re: mvn dependency:analyze

Posted by Christopher <ct...@apache.org>.

I was just looking through that yesterday. Since you're taking a look,
I'll defer looking at it again until closer to release.

--
Christopher L Tubbs II
http://gravatar.com/ctubbsii


On Fri, Nov 8, 2013 at 10:37 AM, Billie Rinaldi
<bi...@gmail.com> wrote:
> I would like to add running mvn dependency:analyze as a step in our release
> process.  This should be done with both major and minor releases, as it is
> very easy to add new direct dependencies without realizing it (when they
> were previously transitive dependencies), or to leave around dependencies
> that are no longer needed.
>
> Billie

Re: mvn dependency:analyze

Posted by Mike Drob <md...@mdrob.com>.

I feel like that would be very flaky. Reflection can cause some weird
dependency graphs that maven is not able to follow.

On Fri, Nov 8, 2013 at 2:32 PM, Sean Busbey <bu...@clouderagovt.com>wrote:

> On Fri, Nov 8, 2013 at 1:29 PM, Mike Drob <md...@mdrob.com> wrote:
>
> > +1
> >
> > Nobody looks at dependency resolution until it bites you in the rear.
> >
> > We could conceivably add this to the pom to automate the running, but
> would
> > still need to make sure that somebody reads the output.
> >
>
>
> The release build script could read the output and fail if needed, yes?
>
> --
> Sean
>

Re: mvn dependency:analyze

Posted by Sean Busbey <bu...@clouderagovt.com>.

On Fri, Nov 8, 2013 at 1:29 PM, Mike Drob <md...@mdrob.com> wrote:

> +1
>
> Nobody looks at dependency resolution until it bites you in the rear.
>
> We could conceivably add this to the pom to automate the running, but would
> still need to make sure that somebody reads the output.
>

The release build script could read the output and fail if needed, yes?

-- 
Sean

Re: mvn dependency:analyze

Posted by Christopher <ct...@apache.org>.

I have a few bash one-liners to wget and check the checksums and gpg
sigs, if you need them.

--
Christopher L Tubbs II
http://gravatar.com/ctubbsii


On Fri, Nov 8, 2013 at 4:47 PM, Josh Elser <jo...@gmail.com> wrote:
> With 1.6.0, I plan to make a document that will be a more functional
> (step-by-step) walkthrough.
>
> I think I have a ticket somewhere for that.
>
>
> On 11/8/13, 4:19 PM, Sean Busbey wrote:
>>
>> http://accumulo.apache.org/governance/releasing.html
>>
>> Under "Testing"
>> On Nov 8, 2013 3:14 PM, "Joey Echeverria" <jo...@clouderagovt.com>
>> wrote:
>>
>>> On Fri, Nov 8, 2013 at 3:16 PM, Christopher <ct...@apache.org> wrote:
>>>>
>>>> We won't be able to get rid of all the resulting warnings. So,
>>>> automating it would probably just encourage people to ignore these
>>>> warnings instead of address them. I'd rather just make it a point to
>>>> explicitly check during testing before releasing, and to encourage
>>>> people to consider dependencies throughout development.
>>>
>>>
>>> Do we have a document on how to test a release? In particular, I'm
>>> thinking of a process to follow after an RC is cut to determine if it
>>> should get a +1 to become the release.
>>>
>>> -Joey
>>>
>>
>

Re: mvn dependency:analyze

Posted by Josh Elser <jo...@gmail.com>.

With 1.6.0, I plan to make a document that will be a more functional 
(step-by-step) walkthrough.

I think I have a ticket somewhere for that.

On 11/8/13, 4:19 PM, Sean Busbey wrote:
> http://accumulo.apache.org/governance/releasing.html
>
> Under "Testing"
> On Nov 8, 2013 3:14 PM, "Joey Echeverria" <jo...@clouderagovt.com> wrote:
>
>> On Fri, Nov 8, 2013 at 3:16 PM, Christopher <ct...@apache.org> wrote:
>>> We won't be able to get rid of all the resulting warnings. So,
>>> automating it would probably just encourage people to ignore these
>>> warnings instead of address them. I'd rather just make it a point to
>>> explicitly check during testing before releasing, and to encourage
>>> people to consider dependencies throughout development.
>>
>> Do we have a document on how to test a release? In particular, I'm
>> thinking of a process to follow after an RC is cut to determine if it
>> should get a +1 to become the release.
>>
>> -Joey
>>
>

Re: mvn dependency:analyze

Posted by Sean Busbey <bu...@clouderagovt.com>.

http://accumulo.apache.org/governance/releasing.html

Under "Testing"
On Nov 8, 2013 3:14 PM, "Joey Echeverria" <jo...@clouderagovt.com> wrote:

> On Fri, Nov 8, 2013 at 3:16 PM, Christopher <ct...@apache.org> wrote:
> > We won't be able to get rid of all the resulting warnings. So,
> > automating it would probably just encourage people to ignore these
> > warnings instead of address them. I'd rather just make it a point to
> > explicitly check during testing before releasing, and to encourage
> > people to consider dependencies throughout development.
>
> Do we have a document on how to test a release? In particular, I'm
> thinking of a process to follow after an RC is cut to determine if it
> should get a +1 to become the release.
>
> -Joey
>

Re: mvn dependency:analyze

Posted by Joey Echeverria <jo...@clouderagovt.com>.

On Fri, Nov 8, 2013 at 3:16 PM, Christopher <ct...@apache.org> wrote:
> We won't be able to get rid of all the resulting warnings. So,
> automating it would probably just encourage people to ignore these
> warnings instead of address them. I'd rather just make it a point to
> explicitly check during testing before releasing, and to encourage
> people to consider dependencies throughout development.

Do we have a document on how to test a release? In particular, I'm
thinking of a process to follow after an RC is cut to determine if it
should get a +1 to become the release.

-Joey

Re: mvn dependency:analyze

Posted by Christopher <ct...@apache.org>.

We won't be able to get rid of all the resulting warnings. So,
automating it would probably just encourage people to ignore these
warnings instead of address them. I'd rather just make it a point to
explicitly check during testing before releasing, and to encourage
people to consider dependencies throughout development.

--
Christopher L Tubbs II
http://gravatar.com/ctubbsii


On Fri, Nov 8, 2013 at 2:29 PM, Mike Drob <md...@mdrob.com> wrote:
> +1
>
> Nobody looks at dependency resolution until it bites you in the rear.
>
> We could conceivably add this to the pom to automate the running, but would
> still need to make sure that somebody reads the output.
>
>
> On Fri, Nov 8, 2013 at 10:37 AM, Billie Rinaldi <bi...@gmail.com>wrote:
>
>> I would like to add running mvn dependency:analyze as a step in our release
>> process.  This should be done with both major and minor releases, as it is
>> very easy to add new direct dependencies without realizing it (when they
>> were previously transitive dependencies), or to leave around dependencies
>> that are no longer needed.
>>
>> Billie
>>

Re: mvn dependency:analyze

Posted by Mike Drob <md...@mdrob.com>.

+1

Nobody looks at dependency resolution until it bites you in the rear.

We could conceivably add this to the pom to automate the running, but would
still need to make sure that somebody reads the output.

On Fri, Nov 8, 2013 at 10:37 AM, Billie Rinaldi <bi...@gmail.com>wrote:

> I would like to add running mvn dependency:analyze as a step in our release
> process.  This should be done with both major and minor releases, as it is
> very easy to add new direct dependencies without realizing it (when they
> were previously transitive dependencies), or to leave around dependencies
> that are no longer needed.
>
> Billie
>

Re: mvn dependency:analyze

Posted by Bill Havanki <bh...@clouderagovt.com>.

+1


On Fri, Nov 8, 2013 at 10:51 AM, Billie Rinaldi <bi...@gmail.com>wrote:

> I'm doing it for 1.6.0.  Rather, I've done it once already, and am willing
> to do it again after the other patches / bug fixes are in.
>
>
> On Fri, Nov 8, 2013 at 7:44 AM, Sean Busbey <bu...@clouderagovt.com>
> wrote:
>
> > Sounds reasonable. I presume this wouldn't apply to 1.6.0 since it's in
> > progress? John could still opt to do it.
> >
> > We should include example text of necessary follow-on actions based on
> > results of analyze.
> >
> > Call a vote?
> >
> > --
> > Sean
> > On Nov 8, 2013 9:38 AM, "Billie Rinaldi" <bi...@gmail.com>
> wrote:
> >
> > > I would like to add running mvn dependency:analyze as a step in our
> > release
> > > process.  This should be done with both major and minor releases, as it
> > is
> > > very easy to add new direct dependencies without realizing it (when
> they
> > > were previously transitive dependencies), or to leave around
> dependencies
> > > that are no longer needed.
> > >
> > > Billie
> > >
> >
>



-- 
| - - -
| Bill Havanki
| Solutions Architect, Cloudera Government Solutions
| - - -

Re: mvn dependency:analyze

Posted by Billie Rinaldi <bi...@gmail.com>.

I'm doing it for 1.6.0.  Rather, I've done it once already, and am willing
to do it again after the other patches / bug fixes are in.


On Fri, Nov 8, 2013 at 7:44 AM, Sean Busbey <bu...@clouderagovt.com> wrote:

> Sounds reasonable. I presume this wouldn't apply to 1.6.0 since it's in
> progress? John could still opt to do it.
>
> We should include example text of necessary follow-on actions based on
> results of analyze.
>
> Call a vote?
>
> --
> Sean
> On Nov 8, 2013 9:38 AM, "Billie Rinaldi" <bi...@gmail.com> wrote:
>
> > I would like to add running mvn dependency:analyze as a step in our
> release
> > process.  This should be done with both major and minor releases, as it
> is
> > very easy to add new direct dependencies without realizing it (when they
> > were previously transitive dependencies), or to leave around dependencies
> > that are no longer needed.
> >
> > Billie
> >
>

Re: mvn dependency:analyze

Posted by Sean Busbey <bu...@clouderagovt.com>.

Sounds reasonable. I presume this wouldn't apply to 1.6.0 since it's in
progress? John could still opt to do it.

We should include example text of necessary follow-on actions based on
results of analyze.

Call a vote?

-- 
Sean
On Nov 8, 2013 9:38 AM, "Billie Rinaldi" <bi...@gmail.com> wrote:

> I would like to add running mvn dependency:analyze as a step in our release
> process.  This should be done with both major and minor releases, as it is
> very easy to add new direct dependencies without realizing it (when they
> were previously transitive dependencies), or to leave around dependencies
> that are no longer needed.
>
> Billie
>