Hi The HADOOP-15407 "abfs" branch has started failing
https://builds.apache.org/job/PreCommit-HADOOP-Build/14861/artifact/out/patch-compile-root.txt [INFO] --- frontend-maven-plugin:1.5:bower (bower install) @ hadoop-yarn-ui --- [INFO] Running 'bower install' in /testptch/hadoop/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-ui/target/webapp [ERROR] bower ember-cli-test-loader#0.2.1 EINVRES Request to https://bower.herokuapp.com/packages/ember-cli-test-loader failed with 502 [INFO] ------------------------------------------------------------------------ [INFO] Reactor Summary: And the namedc web page returns : This Bower version is deprecated. Please update it: npm install -g bower. The new registry address is https://registry.bower.io We haven't gone near the YARN code, and yet a branch which is only a few weeks old is now failing to build on Jenkins systems I have a few questions for the Yarn team 1. What is Bower? 2. Why is it breaking Jenkins builds 3. Can you nominate someone to provide the patch to fix this? 4. Will every active branch need a similar patch? 5. Have any releases stopped building (3.1.0?) 6. Do we have any stability guarantees about Bower's build process in future? Given a fork I'm worried about the long-term reproducibility of builds. Is this just a one off move of some build artifact repository, or is this a moving target which will stop source code releases from working. I can deal with cherry picking patches to WiP branches, tuning Jenkins, etc, but if we lose the ability to rebuild releases, the whole notion of "stable release" is dead. I know Maven exposes us to similar risks, but the maven central repo is stabile and available, so hasn't forced us into building an SCM-msnaged artifact tree the way I've done elsewhere (Ivy makes that straightforward; maven less so as you need to be online to boot). And we are now relying on docker for release builds. So we are already vulnerable...I'm just worried that Bower is making things worse. -Steve (ps: Sides from Olaf Febbe on the bigtop team on attacking builds through mavan https://oflebbe.de/presentations/2018/attackingiotdev.pdf)
