Re: release of maven-source-plugin

2024-03-27 Thread Herve Boutemy 
https://github.com/apache/maven-source-plugin/pull/24 does not seem to get any 
positive traction: be it

MSOURCE-140 and MSOURCE-141 are assigned to 3.3.1 release but nobody wants to 
work with me on it to solve something: it seems they are not a real problem

I won't hold the 3.3.1 release forever, I'll do it without them fixed to 
benefit from other fixes: if someone wants to work on it for future releases, 
I'll let them do
release early, release often, one step at a time

On 2024/03/25 07:10:22 Hervé Boutemy wrote:
> PR ready for review:
> https://github.com/apache/maven-source-plugin/pull/24
> 
> I think it does the right job at differentiating 2 cases that the initial 
> MSOURCES-121 merged too aggressively:
> 1. do not fail when executed twice with the same output file
> 2. but fail when re-attach happens to another output file = another 
> classifier 
> has to be configured
> 
> Regards,
> 
> Hervé
> 
> Le lundi 25 mars 2024, 07:31:53 CET Hervé Boutemy a écrit :
> > IIUC, this is an explanation of the mystery failure that started the
> > MSOURCE-121 update
> > 
> > but after MSOURCE-121, the plugin itself stops with a failure when detecting
> > re-addition: that's why Gary can't upgrade, the failure is now happening at
> > plugin level, and always
> > "mvn install deploy" (with source enabled) is a simple test to see the
> > failure introduced by MSOURCE-121
> > 
> > I'm starting to understand the many aspects of this issue: I think I know
> > how to update the goal to be more tolerant
> > 
> > Thanks for the help
> > 
> > Hervé
> > 
> > Le dimanche 24 mars 2024, 20:39:55 CET Romain Manni-Bucau a écrit :
> > > Hi,
> > > 
> > > I think it is fixed for v4 serie.
> > > Main issue comes from the default v3 pom (
> > > https://github.com/apache/maven/blob/maven-3.9.2/maven-model-builder/src/m
> > > ai n/resources/org/apache/maven/model/pom-4.0.0.xml#L113) which is no more
> > > a thing in v4 so the merge of the plugin executions does not happen the
> > > same and the issue disappeared.
> > > The easiest is likely to either let the default be merged and not use
> > > "jar"
> > > (implicit jar-no-fork instead) or just not use the default id
> > > (attach-sources) and skip the default one.
> > > 
> > > So there is no source plugin issue (as the plugin will never fix it by
> > > "bug
> > > design") so no reason to hold a release IMHO.
> > > 
> > > Guess it silently overrided the already built artifact for years - until
> > > we
> > > just fail cause it is a broken design - after this change of goal
> > > https://issues.apache.org/jira/browse/MNG-5940.
> > > 
> > > So long story short: we are on track and release can be done I think.
> > > 
> > > Romain Manni-Bucau
> > > @rmannibucau  |  Blog
> > >  | Old Blog
> > >  | Github
> > > > 
> > > | LinkedIn  | Book
> > > 
> > >  > > ce
> > > 
> > > 
> > > 
> > > Le dim. 24 mars 2024 à 18:44, Gary Gregory  a
> > > 
> > > écrit :
> > > > Hi All,
> > > > 
> > > > As long as https://issues.apache.org/jira/browse/MSOURCES-143 is in
> > > > play, Commons will stay on a pre-3.3.0 version.
> > > > 
> > > > I re-read the comments, I still don't know what we can do in Commons
> > > > to address this as this feels like some deep Maven Magic.
> > > > 
> > > > Gary
> > > > 
> > > > On Sun, Mar 24, 2024 at 11:48 AM Hervé Boutemy 
> > > > 
> > > > wrote:
> > > > > I'd like to release maven-source-plugin 3.3.1 to drop the umask
> > > > 
> > > > sensitivity
> > > > 
> > > > > during Reproducible Builds :)1
> > > > > 
> > > > > but there are a few issues open
> > > > > 
> > > > >  https://issues.apache.org/jira/projects/MSOURCES/versions/12353471
> > > > > 
> > > > > they are related to https://issues.apache.org/jira/browse/
> MSOURCES-121:
> > > > I
> > > > 
> > > > > don't get what conditions made the build fail previously, but
> > > > 
> > > > MSOURCES-121
> > > > 
> > > > > make it fail now always.
> > > > > Should we just change the ERROR into WARNING?
> > > > > Should we do something smarter, for example not re-add if it's the
> > > > > same
> > > > 
> > > > file?
> > > > 
> > > > > Or warn only if the second file addition is different from the first?
> > > > 
> > > > Then
> > > > 
> > > > > replace instead of add?
> > > > > 
> > > > > Please help clarifying and fixing this issue that seems ignored for a
> > > > 
> > > > long time
> > > > 
> > > > > Regards,
> > > > > 
> > > > > Hervé
> > > > > 
> > > > > 
> > > > > 
> > > > > -
> > > > > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
> > > > > For additional commands, e-mail: dev-h...@maven.apache.org
> > > > 
> > > > -
> > > > To

Re: Relax resolver for snapshots in offline mode

2024-03-27 Thread Tamás Cservenák 
Delany,

tried to recreate:
https://github.com/cstamas/delany-ml-repro

And I may miss something, but it works for me?

T

On Wed, Mar 27, 2024 at 1:31 PM Tamás Cservenák  wrote:

> Delany,
>
> What goal do you invoke to get this? "mvn validate"?
> Do you have any plugin bound to this phase?
>
> T
>
> On Tue, Mar 26, 2024 at 3:54 PM Delany  wrote:
>
>> If a pom says it has a dependency "2.4.1-SNAPSHOT" then
>> I don't want the validation failing in offline mode because
>> "2.4.1-20240322.141808-12 has not been downloaded".
>> Delany
>>
>>
>> On Tue, 26 Mar 2024 at 16:15, Tamás Cservenák 
>> wrote:
>>
>> > Delany,
>> >
>> > What do you mean by "All SNAPSHOT versions are equal"?
>> >
>> > T
>> >
>> > On Tue, Mar 26, 2024 at 10:33 AM Delany 
>> > wrote:
>> >
>> > > Ok, I want to validate various aspects of the project without going
>> > network
>> > > since there are a lot of modules, some of them quite big, and they get
>> > > rebuilt every day, so its hundreds of Mb that get updated.
>> > > I want to check the well-formedness of the pom.xml files, sort them,
>> also
>> > > run a yak4j-filename-conventions-maven-plugin, etc.
>> > > All things to do with the integrity of the files and the configuration
>> > > model that's unrelated to classes and dependencies.
>> > > Probably a lot of these should actually be handled with git hooks, but
>> > for
>> > > various reasons that's not currently an option.
>> > > I'm looking for a button to push that will say "All SNAPSHOT versions
>> are
>> > > equal". And you can add to that "from any repository".
>> > > I get why you wouldn't want to introduce that though. Thanks for
>> > answering.
>> > > Delany
>> > >
>> > >
>> > > On Tue, 26 Mar 2024 at 10:49, Tamás Cservenák 
>> > wrote:
>> > >
>> > > > Howdy,
>> > > >
>> > > > you are conflating several things here:
>> > > > - timestamped snapshots are coming from remote (as locally installed
>> > ones
>> > > > are NOT timestamped), these snapshots can be resolved ONLY via
>> metadata
>> > > > - artifact origin tracking: if artifact A was downloaded from
>> > repository
>> > > > R1, a subsequent build run on same local repo that does not have R1
>> > > defined
>> > > > (obviously, R1 cannot be central) will NOT have A reported as
>> > "available"
>> > > > only as it is present on disk (Maven2 did this, Maven3 fixed did
>> this).
>> > > > - update policy is unrelated to both above
>> > > >
>> > > > Hence, to me your question does not make sense.
>> > > > Let me reverse: what is your goal you want to achieve?
>> > > >
>> > > > T
>> > > >
>> > > > On Mon, Mar 25, 2024 at 9:21 AM Delany 
>> > > wrote:
>> > > >
>> > > > > Hi,
>> > > > >
>> > > > > I have a bunch of plugins like enforcer that I want to run with
>> `mvn
>> > > > > validate -o` but I get
>> > > > > Cannot access *repo* in offline mode and the artifact
>> > > > > *artifact*:jar:2.4.1-20240322.141808-12 has not been downloaded
>> from
>> > it
>> > > > > before
>> > > > >
>> > > > > There are snapshots of that artifact available in local maven
>> repo,
>> > > just
>> > > > > not that specific one.
>> > > > > I thought changing the updatePolicy to NEVER would solve this, but
>> > the
>> > > > new
>> > > > > enforcer (which now uses resolver) fails nonetheless.
>> > > > >
>> > > > > Is there a way to get resolver to treat all snapshots as equal in
>> > > offline
>> > > > > mode? Is there a reason this isn't the default?
>> > > > >
>> > > > > Thanks,
>> > > > > Delany
>> > > > >
>> > > >
>> > >
>> >
>>
>

Re: Relax resolver for snapshots in offline mode

2024-03-27 Thread Tamás Cservenák 
Delany,

What goal do you invoke to get this? "mvn validate"?
Do you have any plugin bound to this phase?

T

On Tue, Mar 26, 2024 at 3:54 PM Delany  wrote:

> If a pom says it has a dependency "2.4.1-SNAPSHOT" then
> I don't want the validation failing in offline mode because
> "2.4.1-20240322.141808-12 has not been downloaded".
> Delany
>
>
> On Tue, 26 Mar 2024 at 16:15, Tamás Cservenák  wrote:
>
> > Delany,
> >
> > What do you mean by "All SNAPSHOT versions are equal"?
> >
> > T
> >
> > On Tue, Mar 26, 2024 at 10:33 AM Delany 
> > wrote:
> >
> > > Ok, I want to validate various aspects of the project without going
> > network
> > > since there are a lot of modules, some of them quite big, and they get
> > > rebuilt every day, so its hundreds of Mb that get updated.
> > > I want to check the well-formedness of the pom.xml files, sort them,
> also
> > > run a yak4j-filename-conventions-maven-plugin, etc.
> > > All things to do with the integrity of the files and the configuration
> > > model that's unrelated to classes and dependencies.
> > > Probably a lot of these should actually be handled with git hooks, but
> > for
> > > various reasons that's not currently an option.
> > > I'm looking for a button to push that will say "All SNAPSHOT versions
> are
> > > equal". And you can add to that "from any repository".
> > > I get why you wouldn't want to introduce that though. Thanks for
> > answering.
> > > Delany
> > >
> > >
> > > On Tue, 26 Mar 2024 at 10:49, Tamás Cservenák 
> > wrote:
> > >
> > > > Howdy,
> > > >
> > > > you are conflating several things here:
> > > > - timestamped snapshots are coming from remote (as locally installed
> > ones
> > > > are NOT timestamped), these snapshots can be resolved ONLY via
> metadata
> > > > - artifact origin tracking: if artifact A was downloaded from
> > repository
> > > > R1, a subsequent build run on same local repo that does not have R1
> > > defined
> > > > (obviously, R1 cannot be central) will NOT have A reported as
> > "available"
> > > > only as it is present on disk (Maven2 did this, Maven3 fixed did
> this).
> > > > - update policy is unrelated to both above
> > > >
> > > > Hence, to me your question does not make sense.
> > > > Let me reverse: what is your goal you want to achieve?
> > > >
> > > > T
> > > >
> > > > On Mon, Mar 25, 2024 at 9:21 AM Delany 
> > > wrote:
> > > >
> > > > > Hi,
> > > > >
> > > > > I have a bunch of plugins like enforcer that I want to run with
> `mvn
> > > > > validate -o` but I get
> > > > > Cannot access *repo* in offline mode and the artifact
> > > > > *artifact*:jar:2.4.1-20240322.141808-12 has not been downloaded
> from
> > it
> > > > > before
> > > > >
> > > > > There are snapshots of that artifact available in local maven repo,
> > > just
> > > > > not that specific one.
> > > > > I thought changing the updatePolicy to NEVER would solve this, but
> > the
> > > > new
> > > > > enforcer (which now uses resolver) fails nonetheless.
> > > > >
> > > > > Is there a way to get resolver to treat all snapshots as equal in
> > > offline
> > > > > mode? Is there a reason this isn't the default?
> > > > >
> > > > > Thanks,
> > > > > Delany
> > > > >
> > > >
> > >
> >
>

Re: [VOTE] Release Apache Maven Invoker Plugin version 3.6.1

2024-03-27 Thread Sylwester Lachiewicz 
+1
Sylwester

śr., 27 mar 2024, 09:35 użytkownik Olivier Lamy  napisał:

> Congratulations you’re the winner as you found the mystery ticket!!
> Thanks for reporting it, I will definitely update the title :)
>
>
> On Wed, 27 Mar 2024 at 6:23 PM, Gary Gregory 
> wrote:
>
> > The current title of the ticket
> > https://issues.apache.org/jira/browse/MINVOKER-355 does not mention what
> > is
> > being updated. Amusing to me :-p since you write about it here ;-)
> >
> > Gary
> >
> >
> > On Wed, Mar 27, 2024, 2:45 AM Olivier Lamy  wrote:
> >
> > > Hi,
> > > I'd like to release Apache Maven Invoker plugin version 3.6.1
> > > We solved 3 issues (well that's what Jira says):
> > >
> > >
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317525=12354446
> > >
> > > The main reason is an upgrade of Groovy, which have been done because
> > > of dependabot but helps to easily test projects with jdk22.
> > > So this one deserves a special hand-crafted Jira entry!
> > >
> > > Staging repo:
> > > https://repository.apache.org/content/repositories/maven-2077/
> > >
> > >
> >
> https://repository.apache.org/content/repositories/maven-2077/org/apache/maven/plugins/maven-invoker-plugin/3.6.1/maven-invoker-plugin-3.6.1-source-release.zip
> > >
> > > Source release checksum(s):
> > > maven-invoker-plugin-3.6.1-source-release.zip sha512:
> > >
> > >
> >
> 3fd036cbeb88125a791ff6e3c849de7322b8d8afa65e4b96646a0d7a959069df7bdfba41d83ffafa096811d4ec794659ef44c0508da47ae8f9cbaf6e1eb6
> > >
> > > Staging site:
> > > https://maven.apache.org/plugins-archives/maven-invoker-plugin-LATEST/
> > >
> > > Guide to testing staged releases:
> > >
> https://maven.apache.org/guides/development/guide-testing-releases.html
> > >
> > > Vote open for at least 72 hours.
> > >
> > > [ ] +1
> > > [ ] +0
> > > [ ] -1
> > >
> > > -
> > > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
> > > For additional commands, e-mail: dev-h...@maven.apache.org
> > >
> > >
> >
>

Community Over Code NA 2024 Travel Assistance Applications now open!

2024-03-27 Thread Gavin McDonald 
Hello to all users, contributors and Committers!

[ You are receiving this email as a subscriber to one or more ASF project
dev or user
  mailing lists and is not being sent to you directly. It is important that
we reach all of our
  users and contributors/committers so that they may get a chance to
benefit from this.
  We apologise in advance if this doesn't interest you but it is on topic
for the mailing
  lists of the Apache Software Foundation; and it is important please that
you do not
  mark this as spam in your email client. Thank You! ]

The Travel Assistance Committee (TAC) are pleased to announce that
travel assistance applications for Community over Code NA 2024 are now
open!

We will be supporting Community over Code NA, Denver Colorado in
October 7th to the 10th 2024.

TAC exists to help those that would like to attend Community over Code
events, but are unable to do so for financial reasons. For more info
on this years applications and qualifying criteria, please visit the
TAC website at < https://tac.apache.org/ >. Applications are already
open on https://tac-apply.apache.org/, so don't delay!

The Apache Travel Assistance Committee will only be accepting
applications from those people that are able to attend the full event.

Important: Applications close on Monday 6th May, 2024.

Applicants have until the the closing date above to submit their
applications (which should contain as much supporting material as
required to efficiently and accurately process their request), this
will enable TAC to announce successful applications shortly
afterwards.

As usual, TAC expects to deal with a range of applications from a
diverse range of backgrounds; therefore, we encourage (as always)
anyone thinking about sending in an application to do so ASAP.

For those that will need a Visa to enter the Country - we advise you apply
now so that you have enough time in case of interview delays. So do not
wait until you know if you have been accepted or not.

We look forward to greeting many of you in Denver, Colorado , October 2024!

Kind Regards,

Gavin

(On behalf of the Travel Assistance Committee)

Re: [VOTE] Release Apache Maven Invoker Plugin version 3.6.1

2024-03-27 Thread Olivier Lamy 
Congratulations you’re the winner as you found the mystery ticket!!
Thanks for reporting it, I will definitely update the title :)


On Wed, 27 Mar 2024 at 6:23 PM, Gary Gregory  wrote:

> The current title of the ticket
> https://issues.apache.org/jira/browse/MINVOKER-355 does not mention what
> is
> being updated. Amusing to me :-p since you write about it here ;-)
>
> Gary
>
>
> On Wed, Mar 27, 2024, 2:45 AM Olivier Lamy  wrote:
>
> > Hi,
> > I'd like to release Apache Maven Invoker plugin version 3.6.1
> > We solved 3 issues (well that's what Jira says):
> >
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317525=12354446
> >
> > The main reason is an upgrade of Groovy, which have been done because
> > of dependabot but helps to easily test projects with jdk22.
> > So this one deserves a special hand-crafted Jira entry!
> >
> > Staging repo:
> > https://repository.apache.org/content/repositories/maven-2077/
> >
> >
> https://repository.apache.org/content/repositories/maven-2077/org/apache/maven/plugins/maven-invoker-plugin/3.6.1/maven-invoker-plugin-3.6.1-source-release.zip
> >
> > Source release checksum(s):
> > maven-invoker-plugin-3.6.1-source-release.zip sha512:
> >
> >
> 3fd036cbeb88125a791ff6e3c849de7322b8d8afa65e4b96646a0d7a959069df7bdfba41d83ffafa096811d4ec794659ef44c0508da47ae8f9cbaf6e1eb6
> >
> > Staging site:
> > https://maven.apache.org/plugins-archives/maven-invoker-plugin-LATEST/
> >
> > Guide to testing staged releases:
> > https://maven.apache.org/guides/development/guide-testing-releases.html
> >
> > Vote open for at least 72 hours.
> >
> > [ ] +1
> > [ ] +0
> > [ ] -1
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
> > For additional commands, e-mail: dev-h...@maven.apache.org
> >
> >
>

Re: [VOTE] Release Apache Maven Invoker Plugin version 3.6.1

2024-03-27 Thread Gary Gregory 
The current title of the ticket
https://issues.apache.org/jira/browse/MINVOKER-355 does not mention what is
being updated. Amusing to me :-p since you write about it here ;-)

Gary


On Wed, Mar 27, 2024, 2:45 AM Olivier Lamy  wrote:

> Hi,
> I'd like to release Apache Maven Invoker plugin version 3.6.1
> We solved 3 issues (well that's what Jira says):
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317525=12354446
>
> The main reason is an upgrade of Groovy, which have been done because
> of dependabot but helps to easily test projects with jdk22.
> So this one deserves a special hand-crafted Jira entry!
>
> Staging repo:
> https://repository.apache.org/content/repositories/maven-2077/
>
> https://repository.apache.org/content/repositories/maven-2077/org/apache/maven/plugins/maven-invoker-plugin/3.6.1/maven-invoker-plugin-3.6.1-source-release.zip
>
> Source release checksum(s):
> maven-invoker-plugin-3.6.1-source-release.zip sha512:
>
> 3fd036cbeb88125a791ff6e3c849de7322b8d8afa65e4b96646a0d7a959069df7bdfba41d83ffafa096811d4ec794659ef44c0508da47ae8f9cbaf6e1eb6
>
> Staging site:
> https://maven.apache.org/plugins-archives/maven-invoker-plugin-LATEST/
>
> Guide to testing staged releases:
> https://maven.apache.org/guides/development/guide-testing-releases.html
>
> Vote open for at least 72 hours.
>
> [ ] +1
> [ ] +0
> [ ] -1
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
> For additional commands, e-mail: dev-h...@maven.apache.org
>
>

[VOTE] Release Apache Maven Invoker Plugin version 3.6.1

2024-03-27 Thread Olivier Lamy 
Hi,
I'd like to release Apache Maven Invoker plugin version 3.6.1
We solved 3 issues (well that's what Jira says):
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317525=12354446

The main reason is an upgrade of Groovy, which have been done because
of dependabot but helps to easily test projects with jdk22.
So this one deserves a special hand-crafted Jira entry!

Staging repo:
https://repository.apache.org/content/repositories/maven-2077/
https://repository.apache.org/content/repositories/maven-2077/org/apache/maven/plugins/maven-invoker-plugin/3.6.1/maven-invoker-plugin-3.6.1-source-release.zip

Source release checksum(s):
maven-invoker-plugin-3.6.1-source-release.zip sha512:
3fd036cbeb88125a791ff6e3c849de7322b8d8afa65e4b96646a0d7a959069df7bdfba41d83ffafa096811d4ec794659ef44c0508da47ae8f9cbaf6e1eb6

Staging site:
https://maven.apache.org/plugins-archives/maven-invoker-plugin-LATEST/

Guide to testing staged releases:
https://maven.apache.org/guides/development/guide-testing-releases.html

Vote open for at least 72 hours.

[ ] +1
[ ] +0
[ ] -1

-
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org