Re: Jenkins jobs: maven-3.8 as default


Anil Belur
 

+1 on moving to mvn38.

Cheers,
Anil

On Wed, Nov 24, 2021 at 10:43 PM Robert Varga <nite@...> wrote:
Hello TSC members,

during infrastructure-side preparation for odlparent-10's requirement of
maven-3.8+ in Sulfur, we have discovered an issue with our current JJB
setup.

It essentially means that attempts to override job group definitions'
use of maven-3.5 are fruitless.

After sparing a bit with Anil on Slack, we have concluded that the
cleanest solution is to:
- set our default to mvn38
- remove all current overrides of this default

This would result in all our jobs using maven-3.8, including Silicon and
Phosphorus.

This change is purely in our build infrastructure and nothing changes in
terms of the ability to build Silicon/Phosphorus projects with maven-3.5+.

In terms of compatibility, I have been using maven-3.8.2+ for all local
builds for a couple of months now and experienced no issues at all.

There is another angle to this, which is that maven-3.8.1 is a security,
as detailed here:
https://maven.apache.org/docs/3.8.1/release-notes.html#cve-2020-13956
https://maven.apache.org/docs/3.8.1/release-notes.html#cve-2021-26291

Hence we would like to merge
https://git.opendaylight.org/gerrit/c/releng/builder/+/98646 and follow
that up with a cleanup of superfluous mvn-version directives.

Are there any objections to this plan of action?

Thanks,
Robert





Join TSC@lists.opendaylight.org to automatically receive all group messages.