Uploaded image for project: 'Build'
  1. Build
  2. BUILD-818

Store suppressions on S3 to avoid frequent releases of poms

    XMLWordPrintable

Details

    • Task
    • Resolution: Fixed
    • Neutral
    • POMs 47
    • None
    • None
    • None

    Description

      Although poms currently have a release process that's different from the rest of other modules, they are a dependency that often prevents us from staging a full release on any given day. If any module depends on the newer poms SNAPSHOT and it's not been manually released, we are blocked.

      We should therefore adapt poms so the project adopts the same release process as the rest of other modules.

      I guess that, as long as all modules in the reactor have the same version, one could release the whole thing, regardless of which modules have actual changes.
      However, atm, build-resources, maven-bundle-assemblies, maven-plugins, maven-site-skin and  poms all have different versions.

      Implementation suggestion #1

      • keep the same structure but use Groovy linters to make sure submodule versions are appropriate
        • prompting somebody making a change to one of them to update the version accordingly
          • and also cut a release?
      • when performing, release the parent exclusively (is that even doable?)
      • discard Wiki release notes and let people browse the CHANGELOG?

      Implementation suggestion #2

      Implementation suggestion #3

      <plugin>
        <groupId>org.owasp</groupId>
        <artifactId>dependency-check-maven</artifactId>
        <version>7.1.0</version>
        <configuration>
          <suppressionFiles>
            <suppressionFile>http://example.org/suppression.xml</suppressionFile>
            <suppressionFile>project-suppression.xml</suppressionFile>
          </suppressionFiles> 

      https://jeremylong.github.io/DependencyCheck/dependency-check-maven/

      Checklists

        Acceptance criteria

        Attachments

          Activity

            People

              mmichel Maxime Michel
              mmichel Maxime Michel
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Checklists

                  Task DoR