TSC@lists.opendaylight.org | Jenkins jobs: maven-3.8 as default

Home Messages Hashtags Subgroups

Date Date 1 - 3 of 3

Jenkins jobs: maven-3.8 as default

Robert Varga #13977 Hello TSC members, during infrastructure-side preparation for odlparent-10's requirement of maven-3.8+ in Sulfur, we have discovered an issue with our current JJB setup. It essentially means that attempts to override job group definitions' use of maven-3.5 are fruitless. After sparing a bit with Anil on Slack, we have concluded that the cleanest solution is to: - set our default to mvn38 - remove all current overrides of this default This would result in all our jobs using maven-3.8, including Silicon and Phosphorus. This change is purely in our build infrastructure and nothing changes in terms of the ability to build Silicon/Phosphorus projects with maven-3.5+. In terms of compatibility, I have been using maven-3.8.2+ for all local builds for a couple of months now and experienced no issues at all. There is another angle to this, which is that maven-3.8.1 is a security, as detailed here: https://maven.apache.org/docs/3.8.1/release-notes.html#cve-2020-13956 https://maven.apache.org/docs/3.8.1/release-notes.html#cve-2021-26291 Hence we would like to merge https://git.opendaylight.org/gerrit/c/releng/builder/+/98646 and follow that up with a cleanup of superfluous mvn-version directives. Are there any objections to this plan of action? Thanks, Robert OpenPGP_signature OpenPGP_signature
More All Messages By This Member
Anil Belur #13986 +1 on moving to mvn38. Cheers, Anil toggle quoted message Show quoted text On Wed, Nov 24, 2021 at 10:43 PM Robert Varga <nite@...> wrote: Hello TSC members, during infrastructure-side preparation for odlparent-10's requirement of maven-3.8+ in Sulfur, we have discovered an issue with our current JJB setup. It essentially means that attempts to override job group definitions' use of maven-3.5 are fruitless. After sparing a bit with Anil on Slack, we have concluded that the cleanest solution is to: - set our default to mvn38 - remove all current overrides of this default This would result in all our jobs using maven-3.8, including Silicon and Phosphorus. This change is purely in our build infrastructure and nothing changes in terms of the ability to build Silicon/Phosphorus projects with maven-3.5+. In terms of compatibility, I have been using maven-3.8.2+ for all local builds for a couple of months now and experienced no issues at all. There is another angle to this, which is that maven-3.8.1 is a security, as detailed here: https://maven.apache.org/docs/3.8.1/release-notes.html#cve-2020-13956 https://maven.apache.org/docs/3.8.1/release-notes.html#cve-2021-26291 Hence we would like to merge https://git.opendaylight.org/gerrit/c/releng/builder/+/98646 and follow that up with a cleanup of superfluous mvn-version directives. Are there any objections to this plan of action? Thanks, Robert
More All Messages By This Member
Guillaume Lambert #13989 Hello +1 for me too BR Guillaume De : TSC@... <TSC@...> de la part de Anil Belur <abelur@...> Envoyé : jeudi 25 novembre 2021 23:47:09 À : Robert Varga Cc : tsc@... Objet : Re: [OpenDaylight TSC] Jenkins jobs: maven-3.8 as default +1 on moving to mvn38. Cheers, Anil On Wed, Nov 24, 2021 at 10:43 PM Robert Varga <nite@...> wrote: Hello TSC members, during infrastructure-side preparation for odlparent-10's requirement of maven-3.8+ in Sulfur, we have discovered an issue with our current JJB setup. It essentially means that attempts to override job group definitions' use of maven-3.5 are fruitless. After sparing a bit with Anil on Slack, we have concluded that the cleanest solution is to: - set our default to mvn38 - remove all current overrides of this default This would result in all our jobs using maven-3.8, including Silicon and Phosphorus. This change is purely in our build infrastructure and nothing changes in terms of the ability to build Silicon/Phosphorus projects with maven-3.5+. In terms of compatibility, I have been using maven-3.8.2+ for all local builds for a couple of months now and experienced no issues at all. There is another angle to this, which is that maven-3.8.1 is a security, as detailed here: https://maven.apache.org/docs/3.8.1/release-notes.html#cve-2020-13956 https://maven.apache.org/docs/3.8.1/release-notes.html#cve-2021-26291 Hence we would like to merge https://git.opendaylight.org/gerrit/c/releng/builder/+/98646 and follow that up with a cleanup of superfluous mvn-version directives. Are there any objections to this plan of action? Thanks, Robert _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
More All Messages By This Member

1 - 3 of 3

1

Previous Topic Next Topic

Home Hashtags Subgroups Terms