-
-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
build failure with useArtifactCachingProxy=true and dependency with version range #4426
Comments
(not sure on why its failing) Why are you using a version range? Can't you just use a fixed version and then use a dependency update to keep it up to date? |
Hello @sephiroth-j , +1 with @timja : what is the rationale behind using a version range? It does not seem, at first sight, an acceptable use case for ACP (I might be mistaken but I need insights). |
I don't know why you are questioning the use of version ranges. This is a normal function of Maven. The key point is this: If ACP can't handle this, then it should be clearly communicated, there should at least be a warning when using version ranges with ACP enabled and maybe it should not be enabled by default at all. p.s. But something apparently broke at the beginning of October. |
I'm not saying version should or should not be used. But I'm asking about the rationale about using version range: pinning dependencies is a pattern helping to have reproducible builds and that is known to work over hundreds of other plugins. ACP has been introduced for sustainability reasons, including decreasing the amount of bandwidth consumed by the Jenkins project from the artifactory instances repo.jenkins-ci.org. It also helps decreasing the cost of the Jenkins infrastructure to keep it alive (as it is a sponsored-only infrastructure). I understand your frustration about builds failing which most probably slows you down or blocks you. |
We discussed this topic during today's SIG Infra weekly meeting:
Of course I could miss a use case or a solid reason to use version range in this context: if it is the case, please share your knowledge so we can build on top of it |
I use version ranges only for dependencies in the test scope. I am doing this to reduce the noise of pull requests from the bots and the effort of reviewing and merging them. I consider the affected dependencies very stable and they are using semantic versioning. I do not require a particular patch version. And because I would use the latest patch version anyways, I'm using the version range feature of Maven. Though this will not meet the requirements of a reproducible builds in whole, it still does in the part that actually counts and is the most important: the shippable artifact, the plugin itself. I also personally believe, that no one should develop a plugin for a software for a specific patch version of this software, unless there is a really good reason do to so. This holds true for Jenkins. We are developing a plugin and define a minimum required version of Jenkins. This version may be the latest stable at this time. But some time later, a new stable version of Jenkins gets released. This may be just a patch or new minor or even major version. In such case, the plugin version very often stays the same and only Jenkins is updated. But what now? The plugin is used with a version of Jenkins that it has not been tested with. In most cases this is fine because it will continue to work. But it could also be the case that it does not. Version ranges can come in handy in this situation because they allow me to define the range of supported versions. Once a new minor or major version comes out, I have to adjust this range and test the software against this new version. And for Jenkins, I would like to build/test against this new version but without increasing the minimum required version when there is no reason to do so. |
Thanks @sephiroth-j for the explanations. Despite having a different opinion than yours, I believe you feedback is legitimate and as such we'll check why ACP did not behave as expected. |
Same as #4442 (comment):
|
Reproduction steps
buildPlugin
anduseArtifactCachingProxy
enabledExpected Results
no build failure
Actual Results
error claiming that no versions are available for the dependency with the version range.
Anything else?
below are logs of two examples, one with
useArtifactCachingProxy=false
and one withuseArtifactCachingProxy=true
useArtifactCachingProxy=false
build for jenkinsci/dependency-track-plugin@f8e2281
jenkins run
logfile
useArtifactCachingProxy=true
build for jenkinsci/dependency-track-plugin@9e190d2
jenkins run
logfile
The text was updated successfully, but these errors were encountered: