[ee4j-build] Maven re-releases

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[ee4j-build] Maven re-releases

From: Romain Grecourt <romain.grecourt@xxxxxxxxxx>
Date: Tue, 18 Dec 2018 14:59:54 -0800
Delivered-to: ee4j-build@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/ee4j-build>
List-help: <mailto:ee4j-build-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/ee4j-build>, <mailto:ee4j-build-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/ee4j-build>, <mailto:ee4j-build-request@eclipse.org?subject=unsubscribe>
Organization: Oracle Coporation
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.3.3

Folks,

Re-releasing Maven artifacts (or overwrite) has been a common practicewithin EE4J projects.I believe this is mainly due to the release scripts and Jenkins jobsthat make it too easy to re-run the release for a particular version.

This is a bad Maven practice and should be avoided as much as possible.We should only do this for very specific use cases where a version gapis not acceptable.E.g. an API with a final version has a bug, we can re-release it whileit is still in OSSRH staging.

Releasing a project with a final version where a gap is not acceptableshould be done with extra caution. This means the integration has beentested before hand very carefully.If there is a development cycle, intermediate versions (e.g. 1.0-bXX orwhatever qualifier fits) can be used, in such case a version gap isacceptable and maven releases may be done carelessly.

Re-releasing something already integrated in other projects can createsissues that are not associated with a git commit. (i.e the build couldstart failing without a change).This is like having the drawbacks of external snapshots without thebenefits.Note that it also forces purging various Maven caches and mirrors whichcan be quite tricky.

There is also the issue of the retention period of OSSRH staging.Staging repositories will be automatically deleted after 1 month. Thisused to be 2 weeks but we got Sonatype to extend it to 1 month.This is unfortunately very impractical. IMO this calls for Eclipse toengage with Sonatype in order to have our own dedicated nexus gateway,similar to maven.java.net.

The retention period is also why some projects have been re-released.AFAIK the current workaround is to re-run the release job with the sameversion.If the release is triggered off of a development branch (e.g. EE4J_8)then the re-released artifacts may have different content.

Even if triggered from the release tag the artifacts will have adifferent fingerprints. While it's not as big of an issue, this may havebad side effects with things that are re-bundled (e.g. GlassFish zipdistributions).Instead of rebuilding the Maven artifacts that are missing, we shouldprovide a way to re-release existing artifacts. E.g. archive theartifacts on Jenkins and have a way to re-stage them to OSSRH.


Thanks,
Romain

Follow-Ups:
- Re: [ee4j-build] Maven re-releases
  - From: Tomas Kraus

Prev by Date: Re: [ee4j-build] docker error - exec user process caused "permission denied"
Next by Date: Re: [ee4j-build] Maven re-releases
Previous by thread: [ee4j-build] docker error - exec user process caused "permission denied"
Next by thread: Re: [ee4j-build] Maven re-releases
Index(es):
- Date
- Thread

Breadcrumbs