-
Task
-
Resolution: Done
-
Neutral
-
None
-
None
-
None
-
-
Empty show more show less
-
Empty show more show less
-
Nucleus 30
-
3
Context
Derived from https://jira.magnolia-cms.com/browse/BUILD-970 we contacted with the current apache commons-beanutils owner, in order to ask him about his current roadmap and some expectations about a potential 2.0 version (commons-collection 3.2 free)
https://markmail.org/message/jri4cplfgscc55aa#query:+page:1+mid:a2yv4nxm3lahorgl+state:results
Unfortunately, there is no planned 2.0.0 version in short term.
At the end of this slack conversation
https://magnolia-cms.slack.com/archives/CDF2T239Q/p1674112499760959
A fork-and-release-on-our-own is suggested
Expected result
- A forked/cloned internal repo from https://github.com/apache/commons-beanutils/ master branch
- With a corporate groupId in it's pom.xml (info.magnolia)
- Integrated with our CI/CD schema and capable of releasing artifacts in https://nexus.magnolia-cms.com/#view-repositories;thirdparty~browsestorage
- Release a 2.0.0 version
Side notes
After speaking with some pals from foundation team:
- The new repo will be created under the INTERNAL git category
- The groupId will be: info.magnolia.beanutils2
- The current common-beanutils pom will be modified, in order to adjust to something like this: https://git.magnolia-cms.com/projects/INTERNAL/repos/crawler4j/browse/pom.xml , with the following suggestions
<version>2.0.0-magnolia-SNAPSHOT</version> <name>${project.groupId}:${project.artifactId}</name>
<distributionManagement> <repository> <id>thirdparty</id> <url> https://nexus.magnolia-cms.com/content/repositories/thirdparty </url> </repository> <snapshotRepository> <id>thirdparty.snapshots</id> <url> https://nexus.magnolia-cms.com/content/repositories/thirdparty.snapshots </url> <uniqueVersion>true</uniqueVersion> </snapshotRepository> </distributionManagement> <scm> <connection>scm:git:ssh://git.magnolia-cms.com/internal/commons-beanutils.git</connection> <developerConnection>scm:git:ssh://git.magnolia-cms.com/internal/commons-beanutils.git</developerConnection> <url>https://git.magnolia-cms.com/projects/INTERNAL/repos/commons-beanutils</url> <tag>commons-beanutils-2.0.0-magnolia</tag> </scm>
also, with an explanatory description about why we are doing this fork:
<description>Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection. Magnolia's fork of beanutils2 master (see https://github.com/apache/commons-beanutils): Magnolia will release this and keep it until official Apache Commons BeanUtils 2.0 is released. The main reason for doing this is that version 2.0 finally gets rid of vulnerable commons-collections dependencies but still no ETA for release, although it seems to be close. </description>
- a Jenkinsfile with a content like this:
magnoliaDefaultPipeline()
- is related to
-
BUILD-1021 Keep our commons-beanutils fork in sync with upstream on GitHub
- Selected
1.
|
Implementation | Completed | Daniel Alonso | |
2.
|
Review | Completed | Daniel Alonso |