maven-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher <ctubb...@apache.org>
Subject Re: Surprise DEPENDENCIES file from a maven plugin
Date Tue, 12 May 2015 16:46:22 GMT
For what it's worth, I found a workaround: add my own DEPENDENCIES
file to SCM. The remote-resources plugin doesn't appear to clobber
existing files.

--
Christopher L Tubbs II
http://gravatar.com/ctubbsii


On Tue, May 12, 2015 at 11:04 AM, Christopher <ctubbsii@apache.org> wrote:
> On Tue, May 12, 2015 at 1:38 AM, Karl Heinz Marbaise <khmarbaise@gmx.de> wrote:
>> Hi Christopher,
>>
>> the DEPENDENCIES file is generated by the maven-remote-resources-plugin
>>
>> http://svn.apache.org/viewvc/maven/pom/tags/apache-17/pom.xml?view=markup
>>
>> Lines 308-323 ...
>>
>
> Thanks. It seems (to me) like this might be a bug with
> maven-remote-resources-plugin... this file seems to only exist in the
> root of the project (which is our  intermediate parent POM), and seems
> to generate an empty file (except for the header), because our
> project's parent POM has no dependencies. It's a completely worthless
> file. It does not get added to any of the child modules, where it
> might actually be useful (because they actually have dependencies).
>
> Further, it seems like a bug because plugins shouldn't really be
> modifying stuff outside of ${project.build.directory} usually. Does
> anybody know the history of this behavior, and what this file's
> purpose is?
>
> [snip]
>> On 5/11/15 11:35 PM, Christopher wrote:
> [snip]
>>> This file seems to fail the apache-rat check, and makes the
>>> -source-release.tar.gz fail to match the SHA-1 git commit.
>>
>>
>> I see fialing the apache-rat check but the SHA-1 git commit i don't
>> understand ?
>>
> [snip]
>
> I mean: the -source-release.tar.gz includes this file, but the release
> tag in git does not. Thus, our official source release tarball does
> not match any actual tag in SCM, which is unexpected.
>
> Another problem is that adding this file "dirties" the clean checkout
> of the tag during "release:perform", and as a result, a plugin we have
> configured to insert the git commit id (SHA-1) into the MANIFEST.MF
> files for the "Implementation Build" gets marked with a "-dirty"
> suffix, to indicate the release build was modified since checkout from
> the tag (which is normally a bad thing).

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org


Mime
View raw message