Update dependencies, add instructions to build and a GitHub Action#37
Update dependencies, add instructions to build and a GitHub Action#37Mingun wants to merge 5 commits intokaitai-io:masterfrom
Conversation
Mingun
changed the title
There was a problem hiding this comment.
To allow developers without gpg test their changes I moved signing under a flag. Now if you need to sign artefacts you should pass
-DperformRelease=trueflag to the maven command
Thanks for that, I also needed to comment the maven-gpg-plugin in pom.xml locally to be able to build the Maven package:
- <plugin>
+ <!-- <plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>1.5</version>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
- </plugin>
+ </plugin> -->So it'll be a nice improvement that I won't have to do that anymore.
pom.xml
Outdated
| <version>2.2.1</version> | ||
| <version>3.2.1</version> |
There was a problem hiding this comment.
Are there any breaking changes, migration guides etc. for these major version bumps? If these plugins follow SemVer, we have to assume that there are some incompatible API changes.
There was a problem hiding this comment.
Change log is too long to read (128 commits) but it seems it contains mostly infrastructure changes. I think the best way is just check the output -- it shouldn't be too hard. At least it generates doc and they seems correct.
The most important thing in 2.x -> 3.x migration seems to be summarized in this phrase from the plugin's page:
Starting with version 3.0.0 of the plugin all properties which could be used via command line have been named based on the following schema
maven.source.*. Further details can be found in the goal documentations.
As I see we don't use CLI, so that does not influence us.
There was a problem hiding this comment.
@generalmimon, could you comment on this?
.github/workflows/build.yml
Outdated
| - name: Run the Maven verify phase | ||
| run: mvn --batch-mode --update-snapshots verify |
There was a problem hiding this comment.
What does this command actually do? Is it some simulation of the release process, so that we can see errors that would block the release and fix them in advance?
There was a problem hiding this comment.
Copy this from the GitHub Action docs. I think that those guys known the idiomatic way, but here explanations of the switches:
--batch-mode-- do not request any interactive input if it can arise--update-snapshots-- needed only if we have dependencies bu we don't. Will removeverify-- runs almost all phases of the project except actual installing into local repository and deploying to the remote repository. It seems ideal for tests
| - uses: actions/setup-java@v2 | ||
| with: | ||
| java-version: '11' | ||
| distribution: 'adopt' |
There was a problem hiding this comment.
Maybe it would make sense to use strategy matrix to test on multiple Java versions.
There was a problem hiding this comment.
Not sure if we need that for such a simple project...
|
So what the status? |
Bumps [maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) from 3.2.0 to 3.7.0. - [Release notes](https://github.com/apache/maven-javadoc-plugin/releases) - [Commits](apache/maven-javadoc-plugin@maven-javadoc-plugin-3.2.0...maven-javadoc-plugin-3.7.0)
Bumps [maven-gpg-plugin](https://github.com/apache/maven-gpg-plugin) from 1.5 to 3.2.5. - [Release notes](https://github.com/apache/maven-gpg-plugin/releases) - [Commits](apache/maven-gpg-plugin@maven-gpg-plugin-1.5...maven-gpg-plugin-3.2.5)
Bumps [maven-source-plugin](https://github.com/apache/maven-source-plugin) from 2.2.1 to 3.3.1. - [Release notes](https://github.com/apache/maven-source-plugin/releases) - [Commits](apache/maven-source-plugin@maven-source-plugin-2.2.1...maven-source-plugin-3.3.1)
…to the README.md See https://stackoverflow.com/a/14869692/7518605 Use mvn -DperformRelease=true ... if you need to sign your build
2 participants
To allow developers without gpg test their changes I moved signing under a flag. Now if you need to sign artefacts you should pass
-DperformRelease=trueflag to the maven command:mvn -DperformRelease=true deploy