hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Loughran <ste...@hortonworks.com>
Subject Why are some Jenkins builds failing in Yarn-UI
Date Thu, 05 Jul 2018 11:45:18 GMT


The HADOOP-15407 "abfs" branch has started failing


[INFO] --- frontend-maven-plugin:1.5:bower (bower install) @ hadoop-yarn-ui ---
[INFO] Running 'bower install' in /testptch/hadoop/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-ui/target/webapp
[ERROR] bower ember-cli-test-loader#0.2.1          EINVRES Request to https://bower.herokuapp.com/packages/ember-cli-test-loader
failed with 502
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:

And the namedc web page returns : This Bower version is deprecated. Please update it: npm
install -g bower. The new registry address is https://registry.bower.io

We haven't gone near the YARN code, and yet a branch which is only a few weeks old is now
failing to build on Jenkins systems

I have a few questions for the Yarn team

  1.  What is Bower?
  2.  Why is it breaking Jenkins builds
  3.  Can you nominate someone to provide the patch to fix this?
  4.  Will every active branch need a similar patch?
  5.  Have any releases stopped building (3.1.0?)
  6.  Do we have any stability guarantees about Bower's build process in future?

Given a fork I'm worried about the long-term reproducibility of builds. Is this just a one
off move of some build artifact repository, or is this a moving target which will stop source
code releases from working. I can deal with cherry picking patches to WiP branches, tuning
Jenkins, etc, but if we lose the ability to rebuild releases, the whole notion of "stable
release" is dead. I know Maven exposes us to similar risks, but the maven central repo is
stabile and available, so hasn't forced us into building an SCM-msnaged artifact tree the
way I've done elsewhere (Ivy makes that straightforward; maven less so as you need to be online
to boot). And we are now relying on docker for release builds. So we are already vulnerable...I'm
just worried that Bower is making things worse.


(ps: Sides from Olaf Febbe on the bigtop team on attacking builds through mavan https://oflebbe.de/presentations/2018/attackingiotdev.pdf)

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message