Skip to content

Add support to outdated for BOMs #1341

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 10, 2025
Merged

Add support to outdated for BOMs #1341

merged 1 commit into from
Mar 10, 2025

Conversation

cheister
Copy link
Collaborator

Add support to outdated to check for outdated BOMs. Addressing #1309

The updated output looks like

Checking for updates of 1 boms and 5 artifacts against the following repositories:
	https://repo1.maven.org/maven2
	https://maven.google.com

BOMs
io.opentelemetry:opentelemetry-bom [1.31.0 -> 1.48.0]

Artifacts
org.apache.parquet:parquet-common [1.11.1 -> 1.15.0]
org.codehaus.plexus:plexus [1.0.4 -> 20]
org.hamcrest:hamcrest-core [1.3 -> 3.0]

@cheister cheister requested review from jin and shs96c as code owners March 10, 2025 06:46
shs96c
shs96c approved these changes Mar 10, 2025
View reviewed changes
Copy link
Collaborator

@shs96c shs96c left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Ship it!

tests/com/github/bazelbuild/rules_jvm_external/maven/OutdatedTest.java

Path repositoriesFile = temp.newFile("outdated.repositories").toPath();
Files.write(
repositoriesFile, Arrays.asList("https://repo1.maven.org/maven2"), StandardCharsets.UTF_8);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Non-actionable comment: at some point, we should stop relying on Maven Central in our own tests since it breaks the hermeticity of the build.

private/tools/java/com/github/bazelbuild/rules_jvm_external/maven/Outdated.java

// artifacts might have empty versions if they come from a BOM
// In this case, skip the artifact.
if (artifactParts.length < 3) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll close #1338 since this is the fix in there.

@cheister cheister merged commit ba6f9ec into bazel-contrib:master Mar 10, 2025
7 checks passed
@cheister cheister mentioned this pull request Mar 10, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shs96c shs96c shs96c approved these changes

@jin jin Awaiting requested review from jin jin is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cheister @shs96c