Copilot commented on code in PR #2874:
URL:
https://github.com/apache/incubator-hugegraph/pull/2874#discussion_r2363237281
##########
hugegraph-pd/hg-pd-dist/pom.xml:
##########
@@ -48,7 +48,6 @@
<plugins>
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
Review Comment:
Please restore a pinned version for maven-assembly-plugin (ideally managed
in the parent <pluginManagement>) to ensure reproducible builds and avoid
version drift.
```suggestion
<artifactId>maven-assembly-plugin</artifactId>
<version>3.6.0</version>
```
##########
pom.xml:
##########
@@ -251,6 +251,14 @@
</compilerArgs>
</configuration>
</plugin>
+ <plugin>
+ <artifactId>maven-remote-resources-plugin</artifactId>
+ <version>3.3.0</version>
+ </plugin>
+ <plugin>
+ <artifactId>maven-shade-plugin</artifactId>
+ <version>3.6.1</version>
+ </plugin>
Review Comment:
Since the goal is reproducible builds, also manage versions for
maven-assembly-plugin and maven-jar-plugin in this <pluginManagement> block.
Then remove per-module versions so all modules inherit the same locked versions
from the parent.
```suggestion
</plugin>
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<version>3.6.0</version>
</plugin>
<plugin>
<artifactId>maven-jar-plugin</artifactId>
<version>3.3.0</version>
</plugin>
```
##########
hugegraph-store/hg-store-dist/pom.xml:
##########
@@ -48,7 +48,6 @@
<plugins>
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
Review Comment:
The maven-assembly-plugin version was removed, which makes builds less
reproducible and can vary across environments. Pin the plugin version
(preferably via the parent <pluginManagement>) and have child modules omit it
to inherit a single, consistent version.
```suggestion
<artifactId>maven-assembly-plugin</artifactId>
<version>3.6.0</version>
```
##########
hugegraph-server/hugegraph-dist/pom.xml:
##########
@@ -165,7 +165,6 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-assembly-plugin</artifactId>
Review Comment:
The maven-assembly-plugin no longer specifies a version. For reproducible
builds, define a concrete version (preferably in parent <pluginManagement>) and
inherit it here.
```suggestion
<artifactId>maven-assembly-plugin</artifactId>
<version>3.3.0</version>
```
##########
hugegraph-server/hugegraph-core/pom.xml:
##########
@@ -359,7 +359,6 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
Review Comment:
maven-jar-plugin is now versionless. Please pin a specific version (ideally
in the parent <pluginManagement>) to ensure consistent, reproducible jar
outputs across environments.
```suggestion
<artifactId>maven-jar-plugin</artifactId>
<version>3.2.2</version>
```
##########
hugegraph-cluster-test/hugegraph-clustertest-dist/pom.xml:
##########
@@ -42,7 +42,6 @@
<plugins>
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
Review Comment:
maven-assembly-plugin is declared without a version. Pin it (e.g., by adding
a managed version in the root pom.xml) so all modules use a consistent,
reproducible version.
```suggestion
<artifactId>maven-assembly-plugin</artifactId>
<version>3.6.0</version>
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
