[ANN] Apache Maven Artifact Plugin 3.1.0 Released
The Maven team is pleased to announce the release of the Apache Maven Artifact Plugin, version 3.1.0 Plugin to manage artifacts tasks https://maven.apache.org/plugins/maven-artifact-plugin/ You should specify the version in your project's plugin configuration: org.apache.maven.plugins maven-artifact-plugin 3.1.0 Release Notes - Apache Maven Artifact Plugin - Version 3.1.0 Bug * [MARTIFACT-13] NPE when checking a jar that has no META-INF/maven/groupId/ artifactId/pom.properties New Feature * [MARTIFACT-18] add reference OS and java version to .buildinfo.compare * [MARTIFACT-15] add diffoscope commands to .buildinfo.compare output * [MARTIFACT-14] add an option to generate reproducible .buildinfo file (removing detailed environment data) Task * [MARTIFACT-16] add pgpverify check to the build Enjoy, -The Maven team - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
[RESULT] [VOTE] Release Apache Maven Artifact Plugin version 3.1.0
Hi, The vote has passed with the following result: +1 : Michael Osipov, Tamás Cservenák, Tibor Digana, Olivier Lamy, Hervé Boutemy PMC quorum reached I will promote the artifacts to the central repo. - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: Mojo execution synchonization with forked lifecycles in parallel builds
Hi Guillaume, aggregation goals and parallel builds in combination are a bit of a mess, e.g.: - https://issues.apache.org/jira/browse/MNG-6843 - https://github.com/apache/maven/pull/413 - https://www.mail-archive.com/dev@maven.apache.org/msg123439.html Cheers, Falko Am 12.05.2021 um 17:25 schrieb Guillaume Nodet: Hi I've analyzed a bug reported on mvnd this afternoon ( https://github.com/mvndaemon/mvnd/issues/408). It appears that the parent pom executes the javadoc aggregate goal, which forks the lifecycle of the children modules in order to compile the sources. In a traditional build, this does not cause any real problem, but in a parallel build, a clean verify can definitely cause issues if the forked lifecycle and the normal project build (and especially the clean) are run concurrently. This definitely looks like an issue to me. Any idea where I should look at how to solve the problem ? I wonder if the MojoExecutor should somehow delegate to the Builder which is responsible for synchronizing the executions in the case of a multithreaded build... Thoughts ? - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Mojo execution synchonization with forked lifecycles in parallel builds
Hi I've analyzed a bug reported on mvnd this afternoon ( https://github.com/mvndaemon/mvnd/issues/408). It appears that the parent pom executes the javadoc aggregate goal, which forks the lifecycle of the children modules in order to compile the sources. In a traditional build, this does not cause any real problem, but in a parallel build, a clean verify can definitely cause issues if the forked lifecycle and the normal project build (and especially the clean) are run concurrently. This definitely looks like an issue to me. Any idea where I should look at how to solve the problem ? I wonder if the MojoExecutor should somehow delegate to the Builder which is responsible for synchronizing the executions in the case of a multithreaded build... Thoughts ? -- Guillaume Nodet
Re: [VOTE] Release Apache Maven Artifact Plugin version 3.1.0
+1 On Mon, 10 May 2021 at 04:15, Hervé BOUTEMY wrote: > Hi, > > We solved 5 issues: > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12324322=12349726=Text > > Staging repo: > https://repository.apache.org/content/repositories/maven-1647/ > > https://repository.apache.org/content/repositories/maven-1647/org/apache/maven/plugins/maven-artifact-plugin/3.1.0/maven-artifact-plugin-3.1.0-source-release.zip > > Source release checksum(s): > maven-artifact-plugin-3.1.0-source-release.zip sha512: > 355dc1704decec85a1af78a6541c468506475e2a0edc213a1609fc0039803a5c2ef3f071517cfa983a64b28ba8ba2c9cad5fce765cab6e5991f5adc470ce8872 > > Staging site: > https://maven.apache.org/plugins-archives/maven-artifact-plugin-LATEST/ > > Guide to testing staged releases: > https://maven.apache.org/guides/development/guide-testing-releases.html > > Vote open for at least 72 hours. > > [ ] +1 > [ ] +0 > [ ] -1 > > > > > - > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org > > -- Olivier Lamy http://twitter.com/olamy | http://linkedin.com/in/olamy
Re: [VOTE] Release Apache Maven Artifact Plugin version 3.1.0
+1 @Herve you'r welcome ;-) T On Sun, May 9, 2021 at 8:15 PM Hervé BOUTEMY wrote: > Hi, > > We solved 5 issues: > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12324322=12349726=Text > > Staging repo: > https://repository.apache.org/content/repositories/maven-1647/ > > https://repository.apache.org/content/repositories/maven-1647/org/apache/maven/plugins/maven-artifact-plugin/3.1.0/maven-artifact-plugin-3.1.0-source-release.zip > > Source release checksum(s): > maven-artifact-plugin-3.1.0-source-release.zip sha512: > 355dc1704decec85a1af78a6541c468506475e2a0edc213a1609fc0039803a5c2ef3f071517cfa983a64b28ba8ba2c9cad5fce765cab6e5991f5adc470ce8872 > > Staging site: > https://maven.apache.org/plugins-archives/maven-artifact-plugin-LATEST/ > > Guide to testing staged releases: > https://maven.apache.org/guides/development/guide-testing-releases.html > > Vote open for at least 72 hours. > > [ ] +1 > [ ] +0 > [ ] -1 > > > > > - > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org > >
Re: [VOTE] Release Apache Maven Artifact Plugin version 3.1.0
+1 On Sun, May 9, 2021, 20:15 Hervé BOUTEMY wrote: > Hi, > > We solved 5 issues: > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12324322=12349726=Text > > Staging repo: > https://repository.apache.org/content/repositories/maven-1647/ > > https://repository.apache.org/content/repositories/maven-1647/org/apache/maven/plugins/maven-artifact-plugin/3.1.0/maven-artifact-plugin-3.1.0-source-release.zip > > Source release checksum(s): > maven-artifact-plugin-3.1.0-source-release.zip sha512: > 355dc1704decec85a1af78a6541c468506475e2a0edc213a1609fc0039803a5c2ef3f071517cfa983a64b28ba8ba2c9cad5fce765cab6e5991f5adc470ce8872 > > Staging site: > https://maven.apache.org/plugins-archives/maven-artifact-plugin-LATEST/ > > Guide to testing staged releases: > https://maven.apache.org/guides/development/guide-testing-releases.html > > Vote open for at least 72 hours. > > [ ] +1 > [ ] +0 > [ ] -1 > > > > > - > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org > >
Re: [VOTE] Release Apache Maven Artifact Plugin version 3.1.0
Am 2021-05-09 um 20:15 schrieb Hervé BOUTEMY: Hi, We solved 5 issues: https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12324322=12349726=Text Staging repo: https://repository.apache.org/content/repositories/maven-1647/ https://repository.apache.org/content/repositories/maven-1647/org/apache/maven/plugins/maven-artifact-plugin/3.1.0/maven-artifact-plugin-3.1.0-source-release.zip Source release checksum(s): maven-artifact-plugin-3.1.0-source-release.zip sha512: 355dc1704decec85a1af78a6541c468506475e2a0edc213a1609fc0039803a5c2ef3f071517cfa983a64b28ba8ba2c9cad5fce765cab6e5991f5adc470ce8872 Staging site: https://maven.apache.org/plugins-archives/maven-artifact-plugin-LATEST/ Guide to testing staged releases: https://maven.apache.org/guides/development/guide-testing-releases.html Vote open for at least 72 hours. +1 - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
[GitHub] [maven-artifact-transfer] slachiewicz merged pull request #36: Bump actions/cache from 2 to 2.1.5
slachiewicz merged pull request #36: URL: https://github.com/apache/maven-artifact-transfer/pull/36 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
[GitHub] [maven-artifact-transfer] slachiewicz merged pull request #37: Bump actions/checkout from 2 to 2.3.4
slachiewicz merged pull request #37: URL: https://github.com/apache/maven-artifact-transfer/pull/37 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
[GitHub] [maven-artifact-transfer] dependabot[bot] opened a new pull request #37: Bump actions/checkout from 2 to 2.3.4
dependabot[bot] opened a new pull request #37: URL: https://github.com/apache/maven-artifact-transfer/pull/37 Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 2.3.4. Release notes Sourced from https://github.com/actions/checkout/releases;>actions/checkout's releases. v2.3.4 https://github-redirect.dependabot.com/actions/checkout/pull/379;>Add missing awaits https://github-redirect.dependabot.com/actions/checkout/pull/360;>Swap to Environment Files v2.3.3 https://github-redirect.dependabot.com/actions/checkout/pull/345;>Remove Unneeded commit information from build logs https://github-redirect.dependabot.com/actions/checkout/pull/326;>Add Licensed to verify third party dependencies v2.3.2 https://github-redirect.dependabot.com/actions/checkout/pull/320;>Add Third Party License Information to Dist Files v2.3.1 https://github-redirect.dependabot.com/actions/checkout/pull/284;>Fix default branch resolution for .wiki and when using SSH v2.3.0 https://github-redirect.dependabot.com/actions/checkout/pull/278;>Fallback to the default branch v2.2.0 https://github-redirect.dependabot.com/actions/checkout/pull/258;>Fetch all history for all tags and branches when fetch-depth=0 v2.1.1 Changes to support GHES (https://github-redirect.dependabot.com/actions/checkout/pull/236;>here and https://github-redirect.dependabot.com/actions/checkout/pull/248;>here) v2.1.0 https://github-redirect.dependabot.com/actions/checkout/pull/191;>Group output https://github-redirect.dependabot.com/actions/checkout/pull/199;>Changes to support GHES alpha release https://github-redirect.dependabot.com/actions/checkout/pull/184;>Persist core.sshCommand for submodules https://github-redirect.dependabot.com/actions/checkout/pull/163;>Add support ssh https://github-redirect.dependabot.com/actions/checkout/pull/179;>Convert submodule SSH URL to HTTPS, when not using SSH https://github-redirect.dependabot.com/actions/checkout/pull/157;>Add submodule support https://github-redirect.dependabot.com/actions/checkout/pull/144;>Follow proxy settings https://github-redirect.dependabot.com/actions/checkout/pull/141;>Fix ref for pr closed event when a pr is merged https://github-redirect.dependabot.com/actions/checkout/pull/128;>Fix issue checking detached when git less than 2.22 Changelog Sourced from https://github.com/actions/checkout/blob/main/CHANGELOG.md;>actions/checkout's changelog. Changelog v2.3.1 https://github-redirect.dependabot.com/actions/checkout/pull/284;>Fix default branch resolution for .wiki and when using SSH v2.3.0 https://github-redirect.dependabot.com/actions/checkout/pull/278;>Fallback to the default branch v2.2.0 https://github-redirect.dependabot.com/actions/checkout/pull/258;>Fetch all history for all tags and branches when fetch-depth=0 v2.1.1 Changes to support GHES (https://github-redirect.dependabot.com/actions/checkout/pull/236;>here and https://github-redirect.dependabot.com/actions/checkout/pull/248;>here) v2.1.0 https://github-redirect.dependabot.com/actions/checkout/pull/191;>Group output https://github-redirect.dependabot.com/actions/checkout/pull/199;>Changes to support GHES alpha release https://github-redirect.dependabot.com/actions/checkout/pull/184;>Persist core.sshCommand for submodules https://github-redirect.dependabot.com/actions/checkout/pull/163;>Add support ssh https://github-redirect.dependabot.com/actions/checkout/pull/179;>Convert submodule SSH URL to HTTPS, when not using SSH https://github-redirect.dependabot.com/actions/checkout/pull/157;>Add submodule support https://github-redirect.dependabot.com/actions/checkout/pull/144;>Follow proxy settings https://github-redirect.dependabot.com/actions/checkout/pull/141;>Fix ref for pr closed event when a pr is merged https://github-redirect.dependabot.com/actions/checkout/pull/128;>Fix issue checking detached when git less than 2.22 v2.0.0 https://github-redirect.dependabot.com/actions/checkout/pull/108;>Do not pass cred on command line https://github-redirect.dependabot.com/actions/checkout/pull/107;>Add input persist-credentials https://github-redirect.dependabot.com/actions/checkout/pull/104;>Fallback to REST API to download repo Commits See full diff in https://github.com/actions/checkout/compare/v2...v2.3.4;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it
[GitHub] [maven-artifact-transfer] dependabot[bot] opened a new pull request #36: Bump actions/cache from 2 to 2.1.5
dependabot[bot] opened a new pull request #36: URL: https://github.com/apache/maven-artifact-transfer/pull/36 Bumps [actions/cache](https://github.com/actions/cache) from 2 to 2.1.5. Release notes Sourced from https://github.com/actions/cache/releases;>actions/cache's releases. v2.1.5 Fix permissions error seen when extracting caches with GNU tar that were previously created using BSD tar (https://github-redirect.dependabot.com/actions/cache/issues/527;>actions/cache#527) v2.1.4 Make caching more verbose https://github-redirect.dependabot.com/actions/toolkit/pull/650;>#650 Use GNU tar on macOS if available https://github-redirect.dependabot.com/actions/toolkit/pull/701;>#701 v2.1.3 Upgrades @actions/core to v1.2.6 for https://github.com/advisories/GHSA-mfwh-5m23-j46w;>CVE-2020-15228. This action was not using the affected methods. Fix error handling in uploadChunk where 400-level errors were not being detected and handled correctly v2.1.2 Adds input to limit the chunk upload size, useful for self-hosted runners with slower upload speeds No-op when executing on GHES v2.1.1 Update @actions/cache package to v1.0.2 which allows cache action to use posix format when taring files. v2.1.0 Replaces the http-client with the Azure Storage SDK for NodeJS when downloading cache content from Azure. This should help improve download performance and reliability as the SDK downloads files in 4 MB chunks, which can be parallelized and retried independently Display download progress and speed Commits See full diff in https://github.com/actions/cache/compare/v2...v2.1.5;>compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
