Am 2020-03-07 um 11:36 schrieb Hervé BOUTEMY:
Hi,
Yesterday, I made a key step forward for Reproducible Builds with Maven: I
wrote code to easily check that your local build produces the same binaries as
the reference binaries published either to staging or to Central repository.
For a live example, see the last paragraph of Maven Site Plugin vote that just
started [1].
Process to check build output is based on a single plugin goal, currently named
buildinfo:save [2]:
1. it creates a buildinfo file during build recording output fingerprints, that
will eventually in the future be published to Central repository
2. it downloads reference artifacts and/or reference buildinfo and checks that
the output of the local build is the same as the reference.
Now I want to discuss: is it clear? can you test and report, please?
If the feedback is positive, the next question will be: in which plugin should
we put this goal to make a release and add it to our parent pom during release,
so we publish reference buildinfo along our reference binaries to Central
repository.
Thanks for your feedback
Regards,
Hervé
[1]
https://lists.apache.org/thread.html/rd3af15d383ddceeb950cd90569e3dcdd6e5a0f5d3cd653ec534b0609%40%3Cdev.maven.apache.org%3E
[2] https://github.com/apache/maven-studies/tree/maven-buildinfo-plugin
I have now installed latest OpenJDK 7 from AdoptOpenJDK source.
[INFO] --- maven-buildinfo-plugin:1.0-SNAPSHOT:save (default-cli) @
maven-site-plugin ---
[INFO] Saved info on build to
/usr/home/mosipov/Projekte/maven-site-plugin/target/maven-site-plugin-3.9.0.buildinfo
[INFO] Checking against reference build from
https://repository.apache.org/content/repositories/maven-1554/...
[WARNING] Reference buildinfo file not found: it will be generated from
downloaded reference artifacts
[INFO] Minimal buildinfo generated from downloaded artifacts:
/usr/home/mosipov/Projekte/maven-site-plugin/target/reference/maven-site-plugin-3.9.0.buildinfo
[WARNING] size mismatch maven-site-plugin-3.9.0-source-release.zip: diffoscope
target/reference/maven-site-plugin-3.9.0-source-release.zip
target/maven-site-plugin-3.9.0-source-release.zip
[WARNING] size mismatch maven-site-plugin-3.9.0-sources.jar: diffoscope
target/reference/maven-site-plugin-3.9.0-sources.jar
target/maven-site-plugin-3.9.0-sources.jar
[WARNING] Reproducible Build output summary: 1 files ok, 2 different, 0 missing
[WARNING] diff target/reference/maven-site-plugin-3.9.0.buildinfo
target/maven-site-plugin-3.9.0.buildinfo
on
Apache Maven 3.6.3 (cecedd343002696d0abb50b32b541b8a6ba2883f)
Maven home: /usr/local/share/java/maven
Java version: 1.7.0_251, vendor: Oracle Corporation, runtime:
/usr/local/openjdk7/jre
Default locale: de_DE, platform encoding: UTF-8
OS name: "freebsd", version: "11.3-release-p6", arch: "i386", family: "unix"
and
$ git branch
* (HEAD losgelöst bei maven-site-plugin-3.9.0)
diffoscope target/reference/maven-site-plugin-3.9.0-source-release.zip
target/maven-site-plugin-3.9.0-source-release.zip
There is a diff in maven-site-plugin-3.9.0/dependency-reduced-pom.xml
diffoscope target/reference/maven-site-plugin-3.9.0-sources.jar
target/maven-site-plugin-3.9.0-sources.jar
So is here diff in the pom.xml which is actually dependency-reduced-pom.xml.
├── META-INF/maven/org.apache.maven.plugins/maven-site-plugin/pom.xml
│ ├── META-INF/maven/org.apache.maven.plugins/maven-site-plugin/pom.xml
│ │ @@ -243,100 +243,40 @@
│ │ <profiles>
│ │ <profile>
│ │ <id>run-its</id>
│ │ <build>
│ │ <plugins>
│ │ <plugin>
│ │ <artifactId>maven-invoker-plugin</artifactId>
│ │ - <version>3.2.1</version>
│ │ - <executions>
│ │ - <execution>
│ │ - <id>integration-test</id>
│ │ - <goals>
│ │ - <goal>install</goal>
│ │ - <goal>integration-test</goal>
│ │ - <goal>verify</goal>
│ │ - </goals>
│ │ - <configuration>
│ │ - <projectsDirectory>src/it/projects</projectsDirectory>
│ │ - <settingsFile>src/it/mrm/settings.xml</settingsFile>
│ │ - <filterProperties>
│ │ -
<mrm.repository.url>${mrm.repository.url}</mrm.repository.url>
│ │ - </filterProperties>
│ │ - <goals>
│ │ - <goal>clean</goal>
│ │ -
<goal>org.apache.maven.plugins:maven-site-plugin:3.9.0:site</goal>
│ │ - </goals>
│ │ - <properties>
│ │ - <maven.compiler.source>1.7</maven.compiler.source>
│ │ - <maven.compiler.target>1.7</maven.compiler.target>
│ │ -
<https.protocols>TLSv1,TLSv1.1,TLSv1.2</https.protocols>
│ │ - </properties>
│ │ - <debug>true</debug>
│ │ -
<cloneProjectsTo>/home/herve/projets/maven/sources/plugins/core/maven-site-plugin/target/checkout/target/it</cloneProjectsTo>
│ │ - <preBuildHookScript>setup</preBuildHookScript>
│ │ - <postBuildHookScript>verify</postBuildHookScript>
│ │ -
<localRepositoryPath>/home/herve/projets/maven/sources/plugins/core/maven-site-plugin/target/checkout/target/local-repo</localRepositoryPath>
│ │ - <pomIncludes>
│ │ - <pomInclude>*/pom.xml</pomInclude>
│ │ - </pomIncludes>
│ │ - <ignoreFailures>false</ignoreFailures>
│ │ - <environmentVariables>
│ │ -
<JENKINS_MAVEN_AGENT_DISABLED>true</JENKINS_MAVEN_AGENT_DISABLED>
│ │ - </environmentVariables>
│ │ - </configuration>
│ │ - </execution>
│ │ - </executions>
│ │ <configuration>
│ │ <projectsDirectory>src/it/projects</projectsDirectory>
│ │ <settingsFile>src/it/mrm/settings.xml</settingsFile>
│ │ <filterProperties>
│ │
<mrm.repository.url>${mrm.repository.url}</mrm.repository.url>
│ │ </filterProperties>
│ │ <goals>
│ │ <goal>clean</goal>
│ │ -
<goal>org.apache.maven.plugins:maven-site-plugin:3.9.0:site</goal>
│ │ +
<goal>${project.groupId}:${project.artifactId}:${project.version}:site</goal>
│ │ </goals>
│ │ <properties>
│ │ - <maven.compiler.source>1.7</maven.compiler.source>
│ │ - <maven.compiler.target>1.7</maven.compiler.target>
│ │ - <https.protocols>TLSv1,TLSv1.1,TLSv1.2</https.protocols>
│ │ +
<maven.compiler.source>${maven.compiler.source}</maven.compiler.source>
│ │ +
<maven.compiler.target>${maven.compiler.target}</maven.compiler.target>
│ │ </properties>
│ │ - <debug>true</debug>
│ │ -
<cloneProjectsTo>/home/herve/projets/maven/sources/plugins/core/maven-site-plugin/target/checkout/target/it</cloneProjectsTo>
│ │ - <preBuildHookScript>setup</preBuildHookScript>
│ │ - <postBuildHookScript>verify</postBuildHookScript>
│ │ -
<localRepositoryPath>/home/herve/projets/maven/sources/plugins/core/maven-site-plugin/target/checkout/target/local-repo</localRepositoryPath>
│ │ - <pomIncludes>
│ │ - <pomInclude>*/pom.xml</pomInclude>
│ │ - </pomIncludes>
│ │ - <ignoreFailures>false</ignoreFailures>
│ │ - <environmentVariables>
│ │ -
<JENKINS_MAVEN_AGENT_DISABLED>true</JENKINS_MAVEN_AGENT_DISABLED>
│ │ - </environmentVariables>
│ │ </configuration>
│ │ </plugin>
│ │ <plugin>
│ │ <groupId>org.codehaus.mojo</groupId>
│ │ <artifactId>mrm-maven-plugin</artifactId>
│ │ <version>1.2.0</version>
│ │ <executions>
│ │ <execution>
│ │ <goals>
│ │ <goal>start</goal>
│ │ <goal>stop</goal>
│ │ </goals>
│ │ - <configuration>
│ │ - <repositories>
│ │ - <mockRepo>
│ │ - <source>src/it/mrm/repository</source>
│ │ - </mockRepo>
│ │ - <proxyRepo/>
│ │ - </repositories>
│ │ - </configuration>
│ │ </execution>
│ │ </executions>
│ │ <configuration>
│ │ <repositories>
│ │ <mockRepo>
│ │ <source>src/it/mrm/repository</source>
│ │ </mockRepo>
Any idea why my POM differs from your one?
Michael
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
