That's how the website build works. It's kinda funny watching Docker build
fire up when you need to publish a web page, but it separates things
nicely.

I don't think it's a huge declaration, but there is definitely a case for
doing a "year of efficiency" type effort with the builds. It's got a lot of
tech debt built up as witnessed by "ant clean" "ant realclean" and "ant
nuke_it_from_space." Not looking forward to the religious wars this will
spark, but needs to be done. I would be happy to organize some scoping
documentation in Confluent to start.

Patrick

On Wed, Apr 30, 2025 at 7:20 AM Joseph Lynch <joe.e.ly...@gmail.com> wrote:

> I also feel like this is what docker is for? It should be relatively
> straightforward to start from a golang Dockerfile, add the files you need,
> generate the docs and copy the result back out?
>
> -Joey
>
> On Wed, Apr 30, 2025 at 10:14 AM Chris Lohfink <clohfin...@gmail.com>
> wrote:
>
>> Cassandra's rube goldberg build system is so incredibly painful to
>> integrate inside corporate CI environments already... maybe docker
>> containers so you dont actually install random tools on the host computer
>> it might not have privileges to do?
>>
>> On Wed, Apr 30, 2025 at 6:13 AM Josh McKenzie <jmcken...@apache.org>
>> wrote:
>>
>>> So while it would be nice to keep things such that someone just runs ant
>>> and gets everything built, given this does not seem to be a standard method
>>> of dealing with a go install in build scripts, I would suggest we stop
>>> doing it.  It looks to be very simple to install  Go, so maybe switch to
>>> telling someone how to install it if it is not found, as well as giving
>>> them the setting to disable that artifact.
>>>
>>> +1 to Jeremiah's thoughts here.
>>>
>>> Passing thought - maybe introduce an "ant install-deps" target that'll
>>> install deps if not found?
>>>
>>> On Tue, Apr 29, 2025, at 7:30 AM, Maxim Muzafarov wrote:
>>>
>>> Hey,
>>>
>>> I've prepared a python script that generates the same docs (no go
>>> dependency). I use the jinja2 dependency, not sure if it's optimal
>>> because I had to google how to use it though (also not sure if it has
>>> to be run in docker).
>>> I haven't tested the generated files with the website, but I've
>>> compared the results with the same files in the trunk, and they look
>>> similar (almost).
>>>
>>>
>>> https://github.com/apache/cassandra/compare/trunk...Mmuzaf:cassandra:generate-cqlprotodocs-python
>>>
>>> On Tue, 29 Apr 2025 at 10:10, Benedict <bened...@apache.org> wrote:
>>> >
>>> > We should never download and install software via adhoc scripts
>>> without user consent. Was this ever discussed on this mailing list? If not,
>>> it’s a clear breach of policy (introducing a new dependency) and a severe
>>> one in my opinion, as it seems to introduce a new supply chain attack
>>> vector for all developers of Cassandra.
>>> >
>>> >
>>> >
>>> > On 29 Apr 2025, at 08:17, Mick Semb Wever <m...@apache.org> wrote:
>>> >
>>> > 
>>> >
>>> >   .
>>> >
>>> >
>>> >>
>>> >> But that doesn’t seem to be the case here, the script checks for arm
>>> vs amd64, Linux vs Mac, and then fetches and untars the go distro into tmp.
>>> There is no verification of the download.  The only check is if curl
>>> returned non 0.
>>> >
>>> >
>>> >
>>> > Thanks for catching this, the sha256 check should always have been in
>>> place.  Adding this is just a one-liner, so that alone shouldn't force the
>>> decision.
>>> >
>>> >
>>> >
>>> >> It looks to be very simple to install  Go
>>> >
>>> >
>>> >
>>> > It takes a bit to ensure all build and CI systems are updated, and we
>>> never catch everything (esp what's downstream).
>>> >
>>> >
>>> > While it's "simple", multiplied by everyone (and every system) it adds
>>> up to be a significant time demand.
>>> >
>>> > Again, this too shouldn't be forcing the decision either way on what
>>> we want to do.
>>> >
>>> >
>>> >
>>>
>>>
>>>

Reply via email to