-
Notifications
You must be signed in to change notification settings - Fork 187
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kie-issues#1352: Enforce reproducible build on kie-tools #2455
Changes from 3 commits
493ddd0
76a6317
beb770e
8cd8d41
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,91 @@ | ||
# Licensed to the Apache Software Foundation (ASF) under one | ||
# or more contributor license agreements. See the NOTICE file | ||
# distributed with this work for additional information | ||
# regarding copyright ownership. The ASF licenses this file | ||
# to you under the Apache License, Version 2.0 (the | ||
# "License"); you may not use this file except in compliance | ||
# with the License. You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, | ||
# software distributed under the License is distributed on an | ||
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
# KIND, either express or implied. See the License for the | ||
# specific language governing permissions and limitations | ||
# under the License. | ||
|
||
|
||
# KIE-TOOLS DISCLAIMER: | ||
# This file has been copied from the "maven-artifact-plugin" github repo (https://github.com/apache/maven-artifact-plugin/tree/maven-artifact-plugin-3.4.1/) | ||
# with the unique goal of enabling then "maven-flatten-plugin" in the "kie-tools" reproducible builds. | ||
# We are re-enabling the "maven-flatten-plugin" because the issue that caused the inclusion of plugin in this file (https://github.com/mojohaus/flatten-maven-plugin/issues/256) | ||
# won't have any effect in our builds. The issue was reported due to a change in "maven" behaviour between v3.8.1 & v3.8.2 | ||
# and "kie-tools" require newer "maven" versions. | ||
# This file will be removed as a part of: https://github.com/apache/incubator-kie-issues/issues/1371 | ||
|
||
|
||
# list of plugins that did not produce reproducible output in the past, with minimum reproducible version | ||
|
||
# default org.apache.maven.plugins groupId | ||
maven-archetype-plugin=3.2.0 | ||
# https://issues.apache.org/jira/browse/ARCHETYPE-590 | ||
maven-assembly-plugin=3.2.0 | ||
# https://issues.apache.org/jira/browse/MASSEMBLY-921 | ||
maven-jar-plugin=3.2.0 | ||
# https://issues.apache.org/jira/browse/MJAR-263 | ||
# https://issues.apache.org/jira/browse/MJAR-275 | ||
maven-ejb-plugin=3.1.0 | ||
# https://issues.apache.org/jira/browse/MEJB-128 | ||
maven-plugin-plugin=3.5.1 | ||
# https://issues.apache.org/jira/browse/MPLUGIN-326 | ||
maven-remote-resources-plugin=1.7.0 | ||
# https://issues.apache.org/jira/browse/MRRESOURCES-114 | ||
maven-shade-plugin=3.2.3 | ||
# https://issues.apache.org/jira/browse/MSHADE-352 | ||
# https://issues.apache.org/jira/browse/MSHADE-420 for some shaded jars, timezone counts: does not really make the build not reproducible, just harder | ||
maven-source-plugin=3.2.1 | ||
# https://issues.apache.org/jira/browse/MSOURCES-123 | ||
maven-war-plugin=3.3.1 | ||
# https://issues.apache.org/jira/browse/MWAR-432 | ||
maven-ear-plugin=3.1.0 | ||
# https://issues.apache.org/jira/browse/MEAR-280 | ||
maven-rar-plugin=3.0.0 | ||
# https://issues.apache.org/jira/browse/MRAR-86 | ||
maven-acr-plugin=3.2.0 | ||
# https://issues.apache.org/jira/browse/MACR-53 | ||
|
||
# plugin-specific groupId | ||
|
||
org.antlr+antlr3-maven-plugin=fail:https://github.com/antlr/antlr3/pull/195 | ||
|
||
org.apache.felix+maven-bundle-plugin=5.1.5 | ||
# https://issues.apache.org/jira/browse/FELIX-6495 | ||
# https://issues.apache.org/jira/browse/FELIX-6496 | ||
org.apache.karaf.tooling+karaf-maven-plugin=4.3.7 | ||
# https://issues.apache.org/jira/browse/KARAF-7367 | ||
org.apache.nifi+nifi-nar-maven-plugin=1.3.4 | ||
# https://issues.apache.org/jira/browse/NIFI-9857 | ||
org.apache.servicemix.tooling+depends-maven-plugin=fail:https://issues.apache.org/jira/browse/SM-5021 | ||
|
||
org.codehaus.plexus+plexus-component-metadata=2.1.0 | ||
# https://github.com/codehaus-plexus/plexus-containers/issues/27 | ||
org.codehaus.mojo+jaxb2-maven-plugin=fail:https://github.com/mojohaus/jaxb2-maven-plugin | ||
# | ||
org.codehaus.mojo+properties-maven-plugin=1.1.0 | ||
# https://github.com/mojohaus/properties-maven-plugin/pull/75 | ||
|
||
# Commenting to enable the "flatten-maven-plugin" for "kie-tools", please refer to the DISCLAIMER for more info. | ||
# org.codehaus.mojo+flatten-maven-plugin=fail:https://github.com/mojohaus/flatten-maven-plugin/issues/256 | ||
|
||
org.eclipse.sisu+sisu-maven-plugin=0.3.4 | ||
# https://github.com/eclipse/sisu.inject/pull/5 | ||
org.eclipse.jetty+jetty-jspc-maven-plugin=fail:https://github.com/eclipse/jetty.project/ | ||
|
||
org.jboss.jandex+jandex-maven-plugin=fail:https://github.com/wildfly/jandex-maven-plugin/pull/35 | ||
|
||
org.springframework.boot+spring-boot-maven-plugin=2.7.1 | ||
# https://github.com/spring-projects/spring-boot/issues/21005 | ||
|
||
org.vafer+jdeb=1.10 | ||
# https://github.com/tcurdt/jdeb/pull/363 |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -169,6 +169,12 @@ | |
<version>${version.maven.artifact.plugin}</version> | ||
<configuration> | ||
<outputTimestamp>${project.build.outputTimestamp}</outputTimestamp> | ||
<!-- | ||
This configuration overrides the list of issues registered in the plugin to enable the `maven-flatten-plugin` | ||
TODO: remove as a part of: https://github.com/apache/incubator-kie-issues/issues/1371 | ||
--> | ||
<pluginIssues | ||
>${session.executionRootDirectory}/node_modules/@kie-tools/maven-base/not-reproducible-plugins.properties</pluginIssues> | ||
</configuration> | ||
</plugin> | ||
</plugins> | ||
|
@@ -219,4 +225,44 @@ | |
</plugin> | ||
</plugins> | ||
</build> | ||
|
||
<profiles> | ||
<profile> | ||
<id>reproducible-build</id> | ||
<activation> | ||
<property> | ||
<name>reproducible</name> | ||
</property> | ||
Comment on lines
+234
to
+236
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Can we change the activation to
and use -P instead of -D to activate it on packages? I'm being extra careful here because managing profiles on a env-var-parameterized repo can become messy really quickly. I respect the extra care you had to only add it on There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @tiagobento about -P and -D: I personally have no strong opinion (TBH, I also prefer the -P approach), but, as we agreed upon about other topic, we must consider all our codebase as a single unit, and strive for consistency. For some reason, the There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. |
||
</activation> | ||
<build> | ||
<plugins> | ||
<plugin> | ||
<groupId>org.apache.maven.plugins</groupId> | ||
<artifactId>maven-artifact-plugin</artifactId> | ||
<configuration /> | ||
<executions> | ||
<execution> | ||
<id>check-buildplan</id> | ||
<goals> | ||
<goal>check-buildplan</goal> | ||
</goals> | ||
<!-- The execution's configuration is part of the pluginManagement. This piece here only makes sure the | ||
execution is enabled (by specifying a phase) for full profile builds. --> | ||
<phase>validate</phase> | ||
</execution> | ||
<execution> | ||
<id>compare</id> | ||
<goals> | ||
<goal>compare</goal> | ||
</goals> | ||
<!-- The execution's configuration is part of the pluginManagement. This piece here only makes sure the | ||
execution is enabled (by specifying a phase) for full profile builds. --> | ||
<phase>install</phase> | ||
</execution> | ||
</executions> | ||
</plugin> | ||
</plugins> | ||
</build> | ||
</profile> | ||
</profiles> | ||
</project> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See my other comment on this file...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@tiagobento this is exactly the same config used all over other repositories, included the
reproducible-build
id. Again, it is not important one way or the other, but it is important tha we have the same configurations all over our codebase: I already stumbled on the fact that thefull
flag has a slightly different meaning between some repository, and I want to avoid to increase such kind of entropy. Moreover, if, ever, we'll get to an easy and simple CI configuration, having the same profile named same way all over our code would be surely beneficial.