[M2] How to ensure reproducible releases?

[Jörg Schaible <Jo...@Elsag-Solutions.com>]

Hello folks,

what is the best way to ensure reproducible releases in M2? By default Maven will update its plugins and dependencies from time to time - which is fine as long as I work on the trunk. But when I release an artifact, I must freeze the current set of plugins/versions for this release - how can I achieve that?

Otherwise M2 might just break the reproducibility of such a release - as it happened for me today with the new surefire plugin: forkMode "perTest" was renamed in the latest release to "pertest". Any release done with the old version is not longer reproducible! The build is broken, because the new version of the plugin fails with an unknown fork mode.

- Jörg

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org

Re: [M2] How to ensure reproducible releases?

[Simon Kitching <sk...@apache.org>]

On Mon, 2006-04-10 at 12:17 +0200, Jörg Schaible wrote:
> Hello folks,
> 
> what is the best way to ensure reproducible releases in M2? By default Maven will update its plugins and dependencies from time to time - which is fine as long as I work on the trunk. But when I release an artifact, I must freeze the current set of plugins/versions for this release - how can I achieve that?
> 
> Otherwise M2 might just break the reproducibility of such a release - as it happened for me today with the new surefire plugin: forkMode "perTest" was renamed in the latest release to "pertest". Any release done with the old version is not longer reproducible! The build is broken, because the new version of the plugin fails with an unknown fork mode.

I've seen in the documentation that you can specify versions like this:
 <version>[2.2]</version>

I believe this explicitly locks the dependency at *exactly* that
version. Presumably this works for plugin versions too.

And it should make things work faster too, as Maven has no need to check
remote repositories for newer versions if an exact version is specified
and is already available (well, I'm guessing it works like that).

Cheers,

Simon



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org

Re: [M2] How to ensure reproducible releases?

[Brett Porter <br...@gmail.com>]

I'm working on the release plugin this week so that it is a bit
friendlier with rewriting, and so that it does a better job of
populating versions for you.

As for the pertest thing, that's a regression that should be filed and
fixed (I guess by making both valid now). There is an open bug to
rename pertest - please add a comment to that and we'll give it a
sensible name + the old options.

- Brett

On 4/10/06, Geoffrey De Smet <ge...@gmail.com> wrote:
> Lock down the versions of your plugins with <build><pluginManagement>,
> either:
> - manually
> - by using the release plugin (warning: currently that rewrites all your
> pom's and removed comments, schema declarations, reorders dependencies, etc)
>
> With kind regards,
> Geoffrey De Smet
>
>
> Jörg Schaible wrote:
> > Hello folks,
> >
> > what is the best way to ensure reproducible releases in M2? By default Maven will update its plugins and dependencies from time to time - which is fine as long as I work on the trunk. But when I release an artifact, I must freeze the current set of plugins/versions for this release - how can I achieve that?
> >
> > Otherwise M2 might just break the reproducibility of such a release - as it happened for me today with the new surefire plugin: forkMode "perTest" was renamed in the latest release to "pertest". Any release done with the old version is not longer reproducible! The build is broken, because the new version of the plugin fails with an unknown fork mode.
> >
> > - Jörg
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> For additional commands, e-mail: users-help@maven.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org

Re: [M2] How to ensure reproducible releases?

[Geoffrey De Smet <ge...@gmail.com>]

Lock down the versions of your plugins with <build><pluginManagement>, 
either:
- manually
- by using the release plugin (warning: currently that rewrites all your 
pom's and removed comments, schema declarations, reorders dependencies, etc)

With kind regards,
Geoffrey De Smet


Jörg Schaible wrote:
> Hello folks,
> 
> what is the best way to ensure reproducible releases in M2? By default Maven will update its plugins and dependencies from time to time - which is fine as long as I work on the trunk. But when I release an artifact, I must freeze the current set of plugins/versions for this release - how can I achieve that?
> 
> Otherwise M2 might just break the reproducibility of such a release - as it happened for me today with the new surefire plugin: forkMode "perTest" was renamed in the latest release to "pertest". Any release done with the old version is not longer reproducible! The build is broken, because the new version of the plugin fails with an unknown fork mode.
> 
> - Jörg


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org