You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by GitBox <gi...@apache.org> on 2023/01/10 02:31:28 UTC
[GitHub] [hbase] dongjoon-hyun opened a new pull request, #4953: HBASE-27562 Publish SBOM artifacts
dongjoon-hyun opened a new pull request, #4953:
URL: https://github.com/apache/hbase/pull/4953
This PR aims to publish SBOM artifacts along with the other Apache projects.
- https://cwiki.apache.org/confluence/display/COMDEV/SBOM
Here is an article to give some context.
- https://www.activestate.com/blog/why-the-us-government-is-mandating-software-bill-of-materials-sbom/
Software Bill of Materials (SBOM) are additional artifacts containing the aggregate of all direct and transitive dependencies of a project. The US Government (based on NIST recommendations) currently accepts only the three most popular SBOM standards as valid, namely: [CycloneDX](https://cyclonedx.org/), [Software Identification (SWID) tag](https://csrc.nist.gov/projects/Software-Identification-SWID), [Software Package Data Exchange® (SPDX)](https://spdx.dev/).
We can use one of the Maven plugin, [CycloneDX maven plugin](https://github.com/CycloneDX/cyclonedx-maven-plugin), a lightweight software bill of materials (SBOM) standard designed for use in application security contexts and supply chain component analysis.
https://maven.apache.org/plugins/index.html#misc
**The expected results**
```
$ mvn install -DskipTests
...
$ ls -al ~/.m2/repository/org/apache/hbase/hbase-common/3.0.0-alpha-4-SNAPSHOT
total 5064
drwxr-xr-x 11 dongjoon staff 352 Jan 9 18:28 .
drwxr-xr-x 4 dongjoon staff 128 Jan 9 18:28 ..
-rw-r--r-- 1 dongjoon staff 482 Jan 9 18:28 _remote.repositories
-rw-r--r-- 1 dongjoon staff 159174 Jan 9 18:28 hbase-common-3.0.0-alpha-4-SNAPSHOT-cyclonedx.json
-rw-r--r-- 1 dongjoon staff 139170 Jan 9 18:28 hbase-common-3.0.0-alpha-4-SNAPSHOT-cyclonedx.xml
-rw-r--r-- 1 dongjoon staff 684842 Jan 9 18:28 hbase-common-3.0.0-alpha-4-SNAPSHOT-sources.jar
-rw-r--r-- 1 dongjoon staff 267751 Jan 9 18:28 hbase-common-3.0.0-alpha-4-SNAPSHOT-test-sources.jar
-rw-r--r-- 1 dongjoon staff 443154 Jan 9 18:28 hbase-common-3.0.0-alpha-4-SNAPSHOT-tests.jar
-rw-r--r-- 1 dongjoon staff 871542 Jan 9 18:28 hbase-common-3.0.0-alpha-4-SNAPSHOT.jar
-rw-r--r-- 1 dongjoon staff 6620 Jan 9 18:27 hbase-common-3.0.0-alpha-4-SNAPSHOT.pom
-rw-r--r-- 1 dongjoon staff 1811 Jan 9 18:28 maven-metadata-local.xml
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache-HBase commented on pull request #4953: HBASE-27562 Publish SBOM artifacts
Posted by GitBox <gi...@apache.org>.
Apache-HBase commented on PR #4953:
URL: https://github.com/apache/hbase/pull/4953#issuecomment-1377163545
:confetti_ball: **+1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 0m 54s | Docker mode activated. |
||| _ Prechecks _ |
| +1 :green_heart: | dupname | 0m 0s | No case conflicting files found. |
| +1 :green_heart: | @author | 0m 0s | The patch does not contain any @author tags. |
||| _ master Compile Tests _ |
| +1 :green_heart: | mvninstall | 4m 19s | master passed |
| +1 :green_heart: | compile | 6m 7s | master passed |
| +1 :green_heart: | spotless | 0m 50s | branch has no errors when running spotless:check. |
||| _ Patch Compile Tests _ |
| +1 :green_heart: | mvninstall | 5m 49s | the patch passed |
| +1 :green_heart: | compile | 6m 12s | the patch passed |
| +1 :green_heart: | javac | 6m 12s | the patch passed |
| +1 :green_heart: | whitespace | 0m 0s | The patch has no whitespace issues. |
| +1 :green_heart: | xml | 0m 1s | The patch has no ill-formed XML file. |
| +1 :green_heart: | hadoopcheck | 19m 58s | Patch does not cause any errors with Hadoop 3.2.4 3.3.4. |
| +1 :green_heart: | spotless | 1m 5s | patch has no errors when running spotless:check. |
||| _ Other Tests _ |
| +1 :green_heart: | asflicense | 0m 19s | The patch does not generate ASF License warnings. |
| | | 57m 19s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4953/2/artifact/yetus-general-check/output/Dockerfile |
| GITHUB PR | https://github.com/apache/hbase/pull/4953 |
| Optional Tests | dupname asflicense javac hadoopcheck spotless xml compile |
| uname | Linux 0fc75f598802 5.4.0-1088-aws #96~18.04.1-Ubuntu SMP Mon Oct 17 02:57:48 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev-support/hbase-personality.sh |
| git revision | master / 4add5250ed |
| Default Java | Eclipse Adoptium-11.0.17+8 |
| Max. process+thread count | 82 (vs. ulimit of 30000) |
| modules | C: . U: . |
| Console output | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4953/2/console |
| versions | git=2.34.1 maven=3.8.6 |
| Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |
This message was automatically generated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] ndimiduk commented on pull request #4953: HBASE-27562 Publish SBOM artifacts
Posted by GitBox <gi...@apache.org>.
ndimiduk commented on PR #4953:
URL: https://github.com/apache/hbase/pull/4953#issuecomment-1377221016
Looks like not yet, CycloneDX/cyclonedx-maven-plugin#77, CycloneDX/cyclonedx-maven-plugin#209
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache-HBase commented on pull request #4953: HBASE-27562 Publish SBOM artifacts
Posted by GitBox <gi...@apache.org>.
Apache-HBase commented on PR #4953:
URL: https://github.com/apache/hbase/pull/4953#issuecomment-1377563665
:confetti_ball: **+1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 0m 28s | Docker mode activated. |
| -0 :warning: | yetus | 0m 3s | Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck |
||| _ Prechecks _ |
||| _ master Compile Tests _ |
| +1 :green_heart: | mvninstall | 3m 19s | master passed |
| +1 :green_heart: | compile | 2m 20s | master passed |
| +1 :green_heart: | shadedjars | 4m 30s | branch has no errors when building our shaded downstream artifacts. |
| +1 :green_heart: | javadoc | 2m 12s | master passed |
||| _ Patch Compile Tests _ |
| +1 :green_heart: | mvninstall | 4m 1s | the patch passed |
| +1 :green_heart: | compile | 2m 14s | the patch passed |
| +1 :green_heart: | javac | 2m 14s | the patch passed |
| +1 :green_heart: | shadedjars | 5m 6s | patch has no errors when building our shaded downstream artifacts. |
| +1 :green_heart: | javadoc | 2m 24s | the patch passed |
||| _ Other Tests _ |
| +1 :green_heart: | unit | 311m 10s | root in the patch passed. |
| | | 343m 50s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4953/2/artifact/yetus-jdk11-hadoop3-check/output/Dockerfile |
| GITHUB PR | https://github.com/apache/hbase/pull/4953 |
| Optional Tests | javac javadoc unit shadedjars compile |
| uname | Linux c44657c7ea78 5.4.0-131-generic #147-Ubuntu SMP Fri Oct 14 17:07:22 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev-support/hbase-personality.sh |
| git revision | master / 4add5250ed |
| Default Java | Eclipse Adoptium-11.0.17+8 |
| Test Results | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4953/2/testReport/ |
| Max. process+thread count | 4866 (vs. ulimit of 30000) |
| modules | C: . U: . |
| Console output | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4953/2/console |
| versions | git=2.34.1 maven=3.8.6 |
| Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |
This message was automatically generated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache-HBase commented on pull request #4953: HBASE-27562 Publish SBOM artifacts
Posted by GitBox <gi...@apache.org>.
Apache-HBase commented on PR #4953:
URL: https://github.com/apache/hbase/pull/4953#issuecomment-1376993200
:confetti_ball: **+1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 5m 14s | Docker mode activated. |
| -0 :warning: | yetus | 0m 3s | Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck |
||| _ Prechecks _ |
||| _ master Compile Tests _ |
| +1 :green_heart: | mvninstall | 3m 37s | master passed |
| +1 :green_heart: | compile | 2m 3s | master passed |
| +1 :green_heart: | shadedjars | 4m 54s | branch has no errors when building our shaded downstream artifacts. |
| +1 :green_heart: | javadoc | 2m 1s | master passed |
||| _ Patch Compile Tests _ |
| +1 :green_heart: | mvninstall | 4m 16s | the patch passed |
| +1 :green_heart: | compile | 2m 12s | the patch passed |
| +1 :green_heart: | javac | 2m 12s | the patch passed |
| +1 :green_heart: | shadedjars | 5m 27s | patch has no errors when building our shaded downstream artifacts. |
| +1 :green_heart: | javadoc | 1m 38s | the patch passed |
||| _ Other Tests _ |
| +1 :green_heart: | unit | 388m 9s | root in the patch passed. |
| | | 426m 2s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4953/1/artifact/yetus-jdk8-hadoop3-check/output/Dockerfile |
| GITHUB PR | https://github.com/apache/hbase/pull/4953 |
| Optional Tests | javac javadoc unit shadedjars compile |
| uname | Linux 9df1f3b4c312 5.4.0-1088-aws #96~18.04.1-Ubuntu SMP Mon Oct 17 02:57:48 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev-support/hbase-personality.sh |
| git revision | master / 3f1087fe82 |
| Default Java | Temurin-1.8.0_352-b08 |
| Test Results | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4953/1/testReport/ |
| Max. process+thread count | 4761 (vs. ulimit of 30000) |
| modules | C: . U: . |
| Console output | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4953/1/console |
| versions | git=2.34.1 maven=3.8.6 |
| Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |
This message was automatically generated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] dongjoon-hyun commented on pull request #4953: HBASE-27562 Publish SBOM artifacts
Posted by GitBox <gi...@apache.org>.
dongjoon-hyun commented on PR #4953:
URL: https://github.com/apache/hbase/pull/4953#issuecomment-1377564477
Thank you for review, @ndimiduk . This activity focuses on publishing on SBOM on the Maven Central jars.
So, the SBOM is also published into Maven Central and signed according to the ASF signer in the same way with `jars`.
FYI, here is Apache ORC 1.8.2 RC1 vote artifact which is I'm leading now, @ndimiduk .
- https://repository.apache.org/content/repositories/orgapacheorc-1064/org/apache/orc/orc-core/1.8.2/
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] dongjoon-hyun commented on pull request #4953: HBASE-27562 Publish SBOM artifacts
Posted by GitBox <gi...@apache.org>.
dongjoon-hyun commented on PR #4953:
URL: https://github.com/apache/hbase/pull/4953#issuecomment-1387424779
Thank you so much, @Apache9!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] ndimiduk commented on pull request #4953: HBASE-27562 Publish SBOM artifacts
Posted by GitBox <gi...@apache.org>.
ndimiduk commented on PR #4953:
URL: https://github.com/apache/hbase/pull/4953#issuecomment-1377209180
FYI @dongjoon-hyun most of HBase's dependencies are masked behind the [hbase-thirdparty](https://github.com/apache/hbase-thirdparty) libraries. For full utility, I suspect that we'll need that project to also publish sbom.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache9 commented on pull request #4953: HBASE-27562 Publish SBOM artifacts
Posted by GitBox <gi...@apache.org>.
Apache9 commented on PR #4953:
URL: https://github.com/apache/hbase/pull/4953#issuecomment-1396535648
Going to merge this later unless objections.
Thanks.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] dongjoon-hyun commented on pull request #4953: HBASE-27562 Publish SBOM artifacts
Posted by GitBox <gi...@apache.org>.
dongjoon-hyun commented on PR #4953:
URL: https://github.com/apache/hbase/pull/4953#issuecomment-1376642686
Could you review this, @ndimiduk ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] ndimiduk commented on pull request #4953: HBASE-27562 Publish SBOM artifacts
Posted by GitBox <gi...@apache.org>.
ndimiduk commented on PR #4953:
URL: https://github.com/apache/hbase/pull/4953#issuecomment-1377219446
Okay this is a problem.
```
[WARNING] The following plugins are not marked as thread-safe in Apache HBase:
[WARNING] org.cyclonedx:cyclonedx-maven-plugin:2.7.3
[WARNING]
[WARNING] Enable debug to see precisely which goals are not marked as thread-safe.
```
Is there a newer version of this plugin that supports multi-threaded builds?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache9 commented on pull request #4953: HBASE-27562 Publish SBOM artifacts
Posted by GitBox <gi...@apache.org>.
Apache9 commented on PR #4953:
URL: https://github.com/apache/hbase/pull/4953#issuecomment-1376839227
Please run `mvn spotless:apply` to fix the format error?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] ndimiduk commented on pull request #4953: HBASE-27562 Publish SBOM artifacts
Posted by GitBox <gi...@apache.org>.
ndimiduk commented on PR #4953:
URL: https://github.com/apache/hbase/pull/4953#issuecomment-1377241418
Have you explored the Apache release process for the resulting artifacts. Does the release manager need to do anything special with the attached artifacts in order to publish them properly?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] dongjoon-hyun commented on pull request #4953: HBASE-27562 Publish SBOM artifacts
Posted by GitBox <gi...@apache.org>.
dongjoon-hyun commented on PR #4953:
URL: https://github.com/apache/hbase/pull/4953#issuecomment-1398148088
Thank you all!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] dongjoon-hyun commented on pull request #4953: HBASE-27562 Publish SBOM artifacts
Posted by GitBox <gi...@apache.org>.
dongjoon-hyun commented on PR #4953:
URL: https://github.com/apache/hbase/pull/4953#issuecomment-1376996187
Thank you, @Apache9 . I did `mvn spotless:apply` and applied it now.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache-HBase commented on pull request #4953: HBASE-27562 Publish SBOM artifacts
Posted by GitBox <gi...@apache.org>.
Apache-HBase commented on PR #4953:
URL: https://github.com/apache/hbase/pull/4953#issuecomment-1376689380
:broken_heart: **-1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 5m 20s | Docker mode activated. |
||| _ Prechecks _ |
| +1 :green_heart: | dupname | 0m 0s | No case conflicting files found. |
| +1 :green_heart: | @author | 0m 0s | The patch does not contain any @author tags. |
||| _ master Compile Tests _ |
| +1 :green_heart: | mvninstall | 4m 5s | master passed |
| +1 :green_heart: | compile | 5m 55s | master passed |
| +1 :green_heart: | spotless | 0m 59s | branch has no errors when running spotless:check. |
||| _ Patch Compile Tests _ |
| +1 :green_heart: | mvninstall | 5m 20s | the patch passed |
| +1 :green_heart: | compile | 5m 53s | the patch passed |
| +1 :green_heart: | javac | 5m 53s | the patch passed |
| +1 :green_heart: | whitespace | 0m 0s | The patch has no whitespace issues. |
| +1 :green_heart: | xml | 0m 2s | The patch has no ill-formed XML file. |
| +1 :green_heart: | hadoopcheck | 19m 57s | Patch does not cause any errors with Hadoop 3.2.4 3.3.4. |
| -1 :x: | spotless | 0m 13s | patch has 22 errors when running spotless:check, run spotless:apply to fix. |
||| _ Other Tests _ |
| +1 :green_heart: | asflicense | 0m 20s | The patch does not generate ASF License warnings. |
| | | 59m 47s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4953/1/artifact/yetus-general-check/output/Dockerfile |
| GITHUB PR | https://github.com/apache/hbase/pull/4953 |
| Optional Tests | dupname asflicense javac hadoopcheck spotless xml compile |
| uname | Linux d4c7d0da981e 5.4.0-1088-aws #96~18.04.1-Ubuntu SMP Mon Oct 17 02:57:48 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev-support/hbase-personality.sh |
| git revision | master / 3f1087fe82 |
| Default Java | Eclipse Adoptium-11.0.17+8 |
| spotless | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4953/1/artifact/yetus-general-check/output/patch-spotless.txt |
| Max. process+thread count | 81 (vs. ulimit of 30000) |
| modules | C: . U: . |
| Console output | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4953/1/console |
| versions | git=2.34.1 maven=3.8.6 |
| Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |
This message was automatically generated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache9 commented on pull request #4953: HBASE-27562 Publish SBOM artifacts
Posted by GitBox <gi...@apache.org>.
Apache9 commented on PR #4953:
URL: https://github.com/apache/hbase/pull/4953#issuecomment-1387092813
> Have you explored the Apache release process for the resulting artifacts. Does the release manager need to do anything special with the attached artifacts in order to publish them properly?
Let me test locally.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache9 merged pull request #4953: HBASE-27562 Publish SBOM artifacts
Posted by GitBox <gi...@apache.org>.
Apache9 merged PR #4953:
URL: https://github.com/apache/hbase/pull/4953
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache9 commented on pull request #4953: HBASE-27562 Publish SBOM artifacts
Posted by GitBox <gi...@apache.org>.
Apache9 commented on PR #4953:
URL: https://github.com/apache/hbase/pull/4953#issuecomment-1387151491
This is what I've gotten in the local staging dir by running command
`mvn clean deploy -DskipTests -Dcheckstyle.skip=true -DaltStagingDirectory=/home/zhangduo/sbom-staged -P apache-release,release -DskipRemoteStaging`
```
zhangduo@zhangduo-VirtualBox:~/sbom-staged/deferred/org/apache/hbase/hbase-client/3.0.0-alpha-4-SNAPSHOT$ ll -h hbase-client-3.0.0-alpha-4-SNAPSHOT-cyclonedx.*
-rw-rw-r-- 1 zhangduo zhangduo 229K 1月 18 21:53 hbase-client-3.0.0-alpha-4-SNAPSHOT-cyclonedx.json
-rw-rw-r-- 1 zhangduo zhangduo 833 1月 18 21:53 hbase-client-3.0.0-alpha-4-SNAPSHOT-cyclonedx.json.asc
-rw-rw-r-- 1 zhangduo zhangduo 196K 1月 18 21:53 hbase-client-3.0.0-alpha-4-SNAPSHOT-cyclonedx.xml
-rw-rw-r-- 1 zhangduo zhangduo 833 1月 18 21:53 hbase-client-3.0.0-alpha-4-SNAPSHOT-cyclonedx.xml.asc
```
Seems fine, we will publish the sbom files along with other files, no more works needed.
And as @ndimiduk have already pointed out, for hbase-thirdparty there is a problem that, we shade and relocate other libraries so we will miss the information when others depend on hbase-thirdparty. But anyway, I think this can be improved later.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache-HBase commented on pull request #4953: HBASE-27562 Publish SBOM artifacts
Posted by GitBox <gi...@apache.org>.
Apache-HBase commented on PR #4953:
URL: https://github.com/apache/hbase/pull/4953#issuecomment-1377671186
:confetti_ball: **+1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 1m 14s | Docker mode activated. |
| -0 :warning: | yetus | 0m 3s | Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck |
||| _ Prechecks _ |
||| _ master Compile Tests _ |
| +1 :green_heart: | mvninstall | 3m 32s | master passed |
| +1 :green_heart: | compile | 2m 16s | master passed |
| +1 :green_heart: | shadedjars | 4m 49s | branch has no errors when building our shaded downstream artifacts. |
| +1 :green_heart: | javadoc | 2m 20s | master passed |
||| _ Patch Compile Tests _ |
| +1 :green_heart: | mvninstall | 4m 21s | the patch passed |
| +1 :green_heart: | compile | 2m 5s | the patch passed |
| +1 :green_heart: | javac | 2m 5s | the patch passed |
| +1 :green_heart: | shadedjars | 5m 32s | patch has no errors when building our shaded downstream artifacts. |
| +1 :green_heart: | javadoc | 1m 40s | the patch passed |
||| _ Other Tests _ |
| +1 :green_heart: | unit | 397m 42s | root in the patch passed. |
| | | 431m 39s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4953/2/artifact/yetus-jdk8-hadoop3-check/output/Dockerfile |
| GITHUB PR | https://github.com/apache/hbase/pull/4953 |
| Optional Tests | javac javadoc unit shadedjars compile |
| uname | Linux b9a038f125a0 5.4.0-1088-aws #96~18.04.1-Ubuntu SMP Mon Oct 17 02:57:48 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev-support/hbase-personality.sh |
| git revision | master / 4add5250ed |
| Default Java | Temurin-1.8.0_352-b08 |
| Test Results | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4953/2/testReport/ |
| Max. process+thread count | 4788 (vs. ulimit of 30000) |
| modules | C: . U: . |
| Console output | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4953/2/console |
| versions | git=2.34.1 maven=3.8.6 |
| Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |
This message was automatically generated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache-HBase commented on pull request #4953: HBASE-27562 Publish SBOM artifacts
Posted by GitBox <gi...@apache.org>.
Apache-HBase commented on PR #4953:
URL: https://github.com/apache/hbase/pull/4953#issuecomment-1376912270
:broken_heart: **-1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 1m 23s | Docker mode activated. |
| -0 :warning: | yetus | 0m 3s | Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck |
||| _ Prechecks _ |
||| _ master Compile Tests _ |
| +1 :green_heart: | mvninstall | 3m 56s | master passed |
| +1 :green_heart: | compile | 2m 20s | master passed |
| +1 :green_heart: | shadedjars | 4m 34s | branch has no errors when building our shaded downstream artifacts. |
| +1 :green_heart: | javadoc | 2m 39s | master passed |
||| _ Patch Compile Tests _ |
| +1 :green_heart: | mvninstall | 3m 57s | the patch passed |
| +1 :green_heart: | compile | 2m 14s | the patch passed |
| +1 :green_heart: | javac | 2m 14s | the patch passed |
| +1 :green_heart: | shadedjars | 7m 4s | patch has no errors when building our shaded downstream artifacts. |
| +1 :green_heart: | javadoc | 3m 17s | the patch passed |
||| _ Other Tests _ |
| -1 :x: | unit | 322m 19s | root in the patch failed. |
| | | 358m 43s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4953/1/artifact/yetus-jdk11-hadoop3-check/output/Dockerfile |
| GITHUB PR | https://github.com/apache/hbase/pull/4953 |
| Optional Tests | javac javadoc unit shadedjars compile |
| uname | Linux 3087f985030f 5.4.0-135-generic #152-Ubuntu SMP Wed Nov 23 20:19:22 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev-support/hbase-personality.sh |
| git revision | master / 3f1087fe82 |
| Default Java | Eclipse Adoptium-11.0.17+8 |
| unit | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4953/1/artifact/yetus-jdk11-hadoop3-check/output/patch-unit-root.txt |
| Test Results | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4953/1/testReport/ |
| Max. process+thread count | 2434 (vs. ulimit of 30000) |
| modules | C: . U: . |
| Console output | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4953/1/console |
| versions | git=2.34.1 maven=3.8.6 |
| Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |
This message was automatically generated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org