Details
-
Task
-
Resolution: Fixed
-
Neutral
-
None
-
None
-
None
-
-
Empty show more show less
-
Empty show more show less
Description
Although poms currently have a release process that's different from the rest of other modules, they are a dependency that often prevents us from staging a full release on any given day. If any module depends on the newer poms SNAPSHOT and it's not been manually released, we are blocked.
We should therefore adapt poms so the project adopts the same release process as the rest of other modules.
I guess that, as long as all modules in the reactor have the same version, one could release the whole thing, regardless of which modules have actual changes.
However, atm, build-resources, maven-bundle-assemblies, maven-plugins, maven-site-skin and poms all have different versions.
Implementation suggestion #1
keep the same structure but use Groovy linters to make sure submodule versions are appropriateprompting somebody making a change to one of them to update the version accordinglyand also cut a release?
when performing, release the parent exclusively (is that even doable?)discard Wiki release notes and let people browse the CHANGELOG?
Implementation suggestion #2
extract submodules to other repositoriesmight as well switch to SemVer versions for further standardization, this is for instance done by Spring: https://github.com/spring-projects/spring-boot/wiki/Maven-POM-Files#pom-structurediscard Wiki release notes and let people browse the CHANGELOG?
Implementation suggestion #3
- leave poms alone
- manage suppressions in a distinct location such as S3
- have an internal repository that pushes to S3 such as: https://git.magnolia-cms.com/projects/INTERNAL/repos/files.magnolia-cms.com/browse/Jenkinsfile (for the follow-up)
- have a Puppet microsite for the subdomain: https://git.magnolia-cms.com/projects/SYS/repos/puppet/commits/6797a5bad17b820370f2fc88faa1bc7c8d2aaf85
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>7.1.0</version>
<configuration>
<suppressionFiles>
<suppressionFile>http://example.org/suppression.xml</suppressionFile>
<suppressionFile>project-suppression.xml</suppressionFile>
</suppressionFiles>
https://jeremylong.github.io/DependencyCheck/dependency-check-maven/
Checklists
Acceptance criteria