You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by GitBox <gi...@apache.org> on 2021/05/10 11:08:26 UTC

[GitHub] [maven-dependency-plugin] van-vliet opened a new pull request #133: MDEP-739 Dependency Plugin go-offline doesn't respect artifact classifier

van-vliet opened a new pull request #133:
URL: https://github.com/apache/maven-dependency-plugin/pull/133


   Following this checklist to help us incorporate your 
   contribution quickly and easily:
   
    - [x] Make sure there is a [JIRA issue](https://issues.apache.org/jira/browse/MDEP) filed 
          for the change (usually before you start working on it).  Trivial changes like typos do not 
          require a JIRA issue.  Your pull request should address just this issue, without 
          pulling in other changes.
          [MDEP-739](https://issues.apache.org/jira/projects/MDEP/issues/MDEP-739?filter=allopenissues)
    - [x] Each commit in the pull request should have a meaningful subject line and body.
    - [x] Format the pull request title like `[MDEP-XXX] - Fixes bug in ApproximateQuantiles`,
          where you replace `MDEP-XXX` with the appropriate JIRA issue. Best practice
          is to use the JIRA issue title in the pull request title and in the first line of the 
          commit message.
    - [x] Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
          See description below
    - [x] Run `mvn clean verify` to make sure basic checks pass. A more thorough check will 
          be performed on your pull request automatically.
    - [x] You have run the integration tests successfully (`mvn -Prun-its clean verify`).
   
   If your pull request is about ~20 lines of code you don't need to sign an
   [Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf) if you are unsure
   please ask on the developers list.
   
   To make clear that you license your contribution under 
   the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0)
   you have to acknowledge this by using the following check-box.
   
    - [x] I hereby declare this contribution to be licenced under the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0)
   
    - [ ] In any other case, please file an [Apache Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf).
   
   ### Description
   The go-offline plugin maps Artifact and Dependency objects to DependableCoordinate, which are then downloaded.
   In the conversion to DependenableCoordinate, the Artifact/Dependency was not included, which caused issues similar to 
   
   ```
   org.eclipse.aether.resolution.DependencyResolutionException: org.springframework.cloud:spring-cloud-stream:jar:tests:3.1.2 was not found in <repository>.
   ```
   
   ### Impact
   The dependency:go-offline is used to prepare maven dependencies in our CI system to allow share dependencies between different steps in our build pipeline. This bug currently breaks our CI pipeline. 
   
   Rolling back to maven-dependency-plugin version 3.1.1 is not an option due to [MDEP-204](https://issues.apache.org/jira/browse/MDEP-204) and other workarounds require republishing artifact without a classifier, which is also not desirable.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [maven-dependency-plugin] elharo commented on pull request #133: [MDEP-739] Dependency Plugin go-offline doesn't respect artifact classifier

Posted by GitBox <gi...@apache.org>.
elharo commented on pull request #133:
URL: https://github.com/apache/maven-dependency-plugin/pull/133#issuecomment-852208140


   Practically committer access is not enough. It really requires a PMC member for several steps. (I am not one.)
   
   There's no formal process or schedule. You just need to convince a PMC member to call a vote and release it if the vote passes. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [maven-dependency-plugin] michael-o commented on pull request #133: [MDEP-739] Dependency Plugin go-offline doesn't respect artifact classifier

Posted by GitBox <gi...@apache.org>.
michael-o commented on pull request #133:
URL: https://github.com/apache/maven-dependency-plugin/pull/133#issuecomment-852777381


   @van-vliet How crucial is is change for you?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [maven-dependency-plugin] van-vliet commented on pull request #133: [MDEP-739] Dependency Plugin go-offline doesn't respect artifact classifier

Posted by GitBox <gi...@apache.org>.
van-vliet commented on pull request #133:
URL: https://github.com/apache/maven-dependency-plugin/pull/133#issuecomment-851957072


   Thanks for the review @elharo !
   
   I am trying to figure our whether I should release/publish my changes as an artifact in my own organization or if I should wait for this PR to be part of an official release. I would prefer the latter, but I am unsure what timeline I should expect.
   
   I have read the [maven project release procedure](https://maven.apache.org/developers/release/maven-project-release-procedure.html) but it does not specify when a vote for release should be initiated. 
   
   It seems there have been a lot of changes since the official 3.1.2 release. Version 3.1.3 was not a public release - its not present on the [official plugin page](https://maven.apache.org/plugins/maven-dependency-plugin/download.cgi) and not in the [public maven repository](https://mvnrepository.com/artifact/org.apache.maven.plugins/maven-dependency-plugin) either. 
   
   Would it make sense to initiate a vote if this PR is merged?
   @slachiewicz


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [maven-dependency-plugin] elharo commented on a change in pull request #133: [MDEP-739] Dependency Plugin go-offline doesn't respect artifact classifier

Posted by GitBox <gi...@apache.org>.
elharo commented on a change in pull request #133:
URL: https://github.com/apache/maven-dependency-plugin/pull/133#discussion_r639657695



##########
File path: src/it/projects/mdep-739-go-offline-respect-classifiers/invoker.properties
##########
@@ -0,0 +1,19 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+# 
+#   http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+invoker.java.version = 1.9+

Review comment:
       1.8 at the latest, I suspect




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [maven-dependency-plugin] elharo edited a comment on pull request #133: [MDEP-739] Dependency Plugin go-offline doesn't respect artifact classifier

Posted by GitBox <gi...@apache.org>.
elharo edited a comment on pull request #133:
URL: https://github.com/apache/maven-dependency-plugin/pull/133#issuecomment-852208140


   Practically committer access is not enough. It really requires a PMC member for several steps. (I am not one.)
   
   There's no formal process or schedule for deciding to release. You just need to convince a PMC member to call a vote and release it if the vote passes. Committers can do some of this, but I don't recommend it.  


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [maven-dependency-plugin] elharo edited a comment on pull request #133: [MDEP-739] Dependency Plugin go-offline doesn't respect artifact classifier

Posted by GitBox <gi...@apache.org>.
elharo edited a comment on pull request #133:
URL: https://github.com/apache/maven-dependency-plugin/pull/133#issuecomment-852210165


   Also a **lot** of work goes into pushing a new release. It is not a trivial process. When I had employer support for some of this work a year ago, it took multiple hours of work, and days of calendar time per release. It's probably easier for a PMC member since there are fewer steps where they'd have to wait for the PMC member to respond. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [maven-dependency-plugin] van-vliet commented on pull request #133: [MDEP-739] Dependency Plugin go-offline doesn't respect artifact classifier

Posted by GitBox <gi...@apache.org>.
van-vliet commented on pull request #133:
URL: https://github.com/apache/maven-dependency-plugin/pull/133#issuecomment-852882664


   @michael-o I am not sure how to describe the cruciality to you. I can describe the impact of not seeing this change released:
   
   My colleagues and I have a couple of projects that encounter this issue. Without an official release, we have the following options:
   1. Change our CI pipeline so it does not use go-offline
   1. Re-release dependencies that have a classifier with a new name and no classifier
   1. Release a forked version of the maven-dependency-plugin and use that in our CI pipeline.
   
   Option 1 is a huge task that will affect all of our builds and will require a lot of work.
   Option 2 is possible since we have only seen this issue with a single dependency so far. Version bumps and other dependencies with classifiers will make this option unsustainable in the long term. 
   Option 3 would fix the issue, but would require maintenance until we can switch back to an official release. We have no interest in maintaining a fork with just a single bugfix.
   
   Neither options are good for us. They all require a significant amount of effort to implement. Without an official release, we implement the least effort workaround, which is probably is option 3.
   
   [MDEP-739](https://issues.apache.org/jira/projects/MDEP/issues/MDEP-739?filter=allopenissues) was reported by someone else, so at least one other person has encountered the issue and would benefit from the change.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [maven-dependency-plugin] michael-o commented on pull request #133: [MDEP-739] Dependency Plugin go-offline doesn't respect artifact classifier

Posted by GitBox <gi...@apache.org>.
michael-o commented on pull request #133:
URL: https://github.com/apache/maven-dependency-plugin/pull/133#issuecomment-855884060


   @van-vliet Vote is out. I accept donations ;-)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [maven-dependency-plugin] van-vliet commented on pull request #133: [MDEP-739] Dependency Plugin go-offline doesn't respect artifact classifier

Posted by GitBox <gi...@apache.org>.
van-vliet commented on pull request #133:
URL: https://github.com/apache/maven-dependency-plugin/pull/133#issuecomment-852733566


   @slachiewicz Thanks for your help.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [maven-dependency-plugin] van-vliet closed pull request #133: [MDEP-739] Dependency Plugin go-offline doesn't respect artifact classifier

Posted by GitBox <gi...@apache.org>.
van-vliet closed pull request #133:
URL: https://github.com/apache/maven-dependency-plugin/pull/133


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [maven-dependency-plugin] slachiewicz edited a comment on pull request #133: [MDEP-739] Dependency Plugin go-offline doesn't respect artifact classifier

Posted by GitBox <gi...@apache.org>.
slachiewicz edited a comment on pull request #133:
URL: https://github.com/apache/maven-dependency-plugin/pull/133#issuecomment-852163948


   I'll do the release and prepare the vote by end of this week.
   https://maven.apache.org/developers/release/maven-project-release-procedure.html


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [maven-dependency-plugin] van-vliet edited a comment on pull request #133: [MDEP-739] Dependency Plugin go-offline doesn't respect artifact classifier

Posted by GitBox <gi...@apache.org>.
van-vliet edited a comment on pull request #133:
URL: https://github.com/apache/maven-dependency-plugin/pull/133#issuecomment-852120535


   I assume that I cannot volunteer to do a release, since I am not a committer. Please let me know if this is not correct.
   
   How does the "pay someone else to do it" option work? Where do I connect with someone that can do it? How much work goes into a release?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [maven-dependency-plugin] van-vliet commented on a change in pull request #133: [MDEP-739] Dependency Plugin go-offline doesn't respect artifact classifier

Posted by GitBox <gi...@apache.org>.
van-vliet commented on a change in pull request #133:
URL: https://github.com/apache/maven-dependency-plugin/pull/133#discussion_r640303683



##########
File path: src/it/projects/mdep-739-go-offline-respect-classifiers/invoker.properties
##########
@@ -0,0 +1,19 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+# 
+#   http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+invoker.java.version = 1.9+

Review comment:
       MDEP-739 is not caused by a specific Java version, so any version should work. 
   I just tried removing this line from the code and the test still passes.
   
   This line is here because I copied one of the other integration tests. I tried creating a test for the go-offline mojo using AbstractMojoTestCase included in org.apache.maven.plugin-testing:maven-plugin-testing-harness:3.1.0, but I ran into issues with fields that the testing harness did not set.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [maven-dependency-plugin] asfgit closed pull request #133: [MDEP-739] Dependency Plugin go-offline doesn't respect artifact classifier

Posted by GitBox <gi...@apache.org>.
asfgit closed pull request #133:
URL: https://github.com/apache/maven-dependency-plugin/pull/133


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [maven-dependency-plugin] van-vliet commented on a change in pull request #133: [MDEP-739] Dependency Plugin go-offline doesn't respect artifact classifier

Posted by GitBox <gi...@apache.org>.
van-vliet commented on a change in pull request #133:
URL: https://github.com/apache/maven-dependency-plugin/pull/133#discussion_r640305440



##########
File path: src/it/projects/mdep-739-go-offline-respect-classifiers/invoker.properties
##########
@@ -0,0 +1,19 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+# 
+#   http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+invoker.java.version = 1.9+

Review comment:
       I just committed the removal of the line above. I amended the change to the current commit since I noticed the project usually ask people to squash their changes.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [maven-dependency-plugin] elharo commented on pull request #133: [MDEP-739] Dependency Plugin go-offline doesn't respect artifact classifier

Posted by GitBox <gi...@apache.org>.
elharo commented on pull request #133:
URL: https://github.com/apache/maven-dependency-plugin/pull/133#issuecomment-852048059


   3.1.3 has not been released. The next release should be 3.1.3. It will happen when someone volunteers to do it or pays someone else to do it. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [maven-dependency-plugin] van-vliet commented on pull request #133: [MDEP-739] Dependency Plugin go-offline doesn't respect artifact classifier

Posted by GitBox <gi...@apache.org>.
van-vliet commented on pull request #133:
URL: https://github.com/apache/maven-dependency-plugin/pull/133#issuecomment-852120535


   I assume that I cannot volunteer to do a release, since I am not a committer. Please let me know if this is not correct.
   
   How does the "pay someone else to do it" work? Where do I connect with someone that can do it? How much work goes into a release?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [maven-dependency-plugin] elharo commented on pull request #133: [MDEP-739] Dependency Plugin go-offline doesn't respect artifact classifier

Posted by GitBox <gi...@apache.org>.
elharo commented on pull request #133:
URL: https://github.com/apache/maven-dependency-plugin/pull/133#issuecomment-852210165


   Also a **lot** of work goes into pushing a new release. It is not a trivial process. When I had employer support for some of this work a year ago, it took multiple hours of work, and days of calendar time per release. It's probably easier for a PMC member since there are fewer steps where you'd have to wait for the PMC member to respond. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [maven-dependency-plugin] van-vliet commented on pull request #133: [MDEP-739] Dependency Plugin go-offline doesn't respect artifact classifier

Posted by GitBox <gi...@apache.org>.
van-vliet commented on pull request #133:
URL: https://github.com/apache/maven-dependency-plugin/pull/133#issuecomment-852738344


   @elharo Thanks for the insight into the release process - the effort that goes into a release is often invisible to the outside. I'll keep this in mind for future pull request.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [maven-dependency-plugin] michael-o commented on pull request #133: MDEP-739 Dependency Plugin go-offline doesn't respect artifact classifier

Posted by GitBox <gi...@apache.org>.
michael-o commented on pull request #133:
URL: https://github.com/apache/maven-dependency-plugin/pull/133#issuecomment-848538556


   Wow, this seems like an obvious one...


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [maven-dependency-plugin] elharo edited a comment on pull request #133: [MDEP-739] Dependency Plugin go-offline doesn't respect artifact classifier

Posted by GitBox <gi...@apache.org>.
elharo edited a comment on pull request #133:
URL: https://github.com/apache/maven-dependency-plugin/pull/133#issuecomment-852208140


   Practically committer access is not enough. It really requires a PMC member for several steps. (I am not one.)
   
   There's no formal process or schedule for deciding to release. You just need to convince a PMC member to call a vote and release it if the vote passes. Non-PMC committers can do some of this, but I don't recommend it.  


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [maven-dependency-plugin] slachiewicz commented on pull request #133: [MDEP-739] Dependency Plugin go-offline doesn't respect artifact classifier

Posted by GitBox <gi...@apache.org>.
slachiewicz commented on pull request #133:
URL: https://github.com/apache/maven-dependency-plugin/pull/133#issuecomment-852163948


   I'll do the release and prepare the vote by end of this week.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org