-
Notifications
You must be signed in to change notification settings - Fork 985
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support vendoring for Maven #485
Comments
Just to bump this one, maybe this github action can be an inspiration for it! |
Hello, can we have an update on this one? Is this something you still consider implementing? It seems we have some alternatives for Gradle wrapper, for example and #2223 seems to be an active thread. However, I didn't find anything similar for maven as of now. |
No updates here @guilhemferr, sorry. We'll post something if there's some movement. |
Really disappointing, no progress here. I'm waiting for years for this feature. |
I set this up with: ``` mvn org.apache.maven.plugins:maven-wrapper-plugin:3.2.0:wrapper -Dtype=only-script -Dmaven=3.9.5 ``` It's not obvious to me whether we'd notice any differences between the 3 non-binary types (`source`, `script`, and `only-script`), so I've gone with the one that is newest, given that it sounds theoretically like it involves the fewest steps. (We got a recommendation for the Maven Wrapper [from Ben Manes](https://groups.google.com/g/guava-discuss/c/e5UVvuM9CP8/m/w2H3CjZ7AQAJ).) There does not yet appear to be a way to [make Dependabot automatically update the version of Maven we use](dependabot/dependabot-core#485) (nor the version of the wrapper itself, though I looked less hard for that because it's less important). We've already not kept up with Maven upgrades very carefully—and we might each be using different Maven versions for all I know!—so this isn't necessarily a huge downgrade. Still, we don't want to fall far behind what's on our machines or GitHub CI, so I've at least set myself a calendar reminder to check back every 6 months. RELNOTES=n/a PiperOrigin-RevId: 509334407
I set this up with: ``` mvn org.apache.maven.plugins:maven-wrapper-plugin:3.2.0:wrapper -Dtype=-script -Dmaven=3.9.5 ``` It's not obvious to me whether we'll notice many differences among the 3 non-binary types (`source`, `script`, and `only-script`). I initially went with `only-script`, which is newest, given that it sounded theoretically like it would involve the fewest steps. But I got [an error](https://github.com/google/guava/actions/runs/6536542346/job/17748480689?pr=6783) from the Windows CI: ``` distributionUrl is not valid, must match *-bin.zip or maven-mvnd-*.zip, but found 'https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.5/apache-maven-3.9.5-bin.zip ' ``` I assume that this is a newline-related issue. That error message comes from the `only-script` shell script, and there is no such line in the `script` shell script, so I'm now trying `script`. (It's possible that we should be using `mvnw.cmd` under Windows, so maybe nothing will work until I change our CI to do that.... (We got a recommendation for the Maven Wrapper [from Ben Manes](https://groups.google.com/g/guava-discuss/c/e5UVvuM9CP8/m/w2H3CjZ7AQAJ).) There does not yet appear to be a way to [make Dependabot automatically update the version of Maven we use](dependabot/dependabot-core#485) (nor the version of the wrapper itself, though I looked less hard for that because it's less important). We've already not kept up with Maven upgrades very carefully—and we might each be using different Maven versions for all I know!—so this isn't necessarily a huge downgrade. Still, we don't want to fall far behind what's on our machines or GitHub CI, so I've at least set myself a calendar reminder to check back every 6 months. RELNOTES=n/a PiperOrigin-RevId: 509334407
I set this up with: ``` mvn org.apache.maven.plugins:maven-wrapper-plugin:3.2.0:wrapper -Dtype=-script -Dmaven=3.9.5 ``` It's not obvious to me whether we'll notice many differences among the 3 non-binary types (`source`, `script`, and `only-script`). I initially went with `only-script`, which is newest, given that it sounded theoretically like it would involve the fewest steps. But I got [an error](https://github.com/google/guava/actions/runs/6536542346/job/17748480689?pr=6783) from the Windows CI: ``` distributionUrl is not valid, must match *-bin.zip or maven-mvnd-*.zip, but found 'https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.5/apache-maven-3.9.5-bin.zip ' ``` I assume that this is a newline-related issue. That error message comes from the `only-script` shell script, and there is no such line in the `script` shell script, so I'm now trying `script`. (It's possible that we should be using `mvnw.cmd` under Windows, so maybe nothing will work until I change our CI to do that.... (We got a recommendation for the Maven Wrapper [from Ben Manes](https://groups.google.com/g/guava-discuss/c/e5UVvuM9CP8/m/w2H3CjZ7AQAJ).) There does not yet appear to be a way to [make Dependabot automatically update the version of Maven we use](dependabot/dependabot-core#485) (nor the version of the wrapper itself, though I looked less hard for that because it's less important). We've already not kept up with Maven upgrades very carefully—and we might each be using different Maven versions for all I know!—so this isn't necessarily a huge downgrade. Still, we don't want to fall far behind what's on our machines or GitHub CI, so I've at least set myself a calendar reminder to check back every 6 months. RELNOTES=n/a PiperOrigin-RevId: 509334407
I set this up with: ``` mvn org.apache.maven.plugins:maven-wrapper-plugin:3.2.0:wrapper -Dtype=-script -Dmaven=3.9.5 ``` It's not obvious to me whether we'll notice many differences among the 3 non-binary types (`source`, `script`, and `only-script`). I initially went with `only-script`, which is newest, given that it sounded theoretically like it would involve the fewest steps. But I got [an error](https://github.com/google/guava/actions/runs/6536542346/job/17748480689?pr=6783) from the Windows CI: ``` distributionUrl is not valid, must match *-bin.zip or maven-mvnd-*.zip, but found 'https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.5/apache-maven-3.9.5-bin.zip ' ``` I assume that this is a newline-related issue. That error message comes from the `only-script` shell script, and there is no such line in the `script` shell script, so I'm now trying `script`. (It's possible that we should be using `mvnw.cmd` under Windows, so maybe nothing will work until I change our CI to do that.... (We got a recommendation for the Maven Wrapper [from Ben Manes](https://groups.google.com/g/guava-discuss/c/e5UVvuM9CP8/m/w2H3CjZ7AQAJ).) There does not yet appear to be a way to [make Dependabot automatically update the version of Maven we use](dependabot/dependabot-core#485) (nor the version of the wrapper itself, though I looked less hard for that because it's less important). We've already not kept up with Maven upgrades very carefully—and we might each be using different Maven versions for all I know!—so this isn't necessarily a huge downgrade. Still, we don't want to fall far behind what's on our machines or GitHub CI, so I've at least set myself a calendar reminder to check back every 6 months. RELNOTES=n/a PiperOrigin-RevId: 509334407
I set this up with: ``` mvn org.apache.maven.plugins:maven-wrapper-plugin:3.2.0:wrapper -Dtype=-script -Dmaven=3.9.5 ``` It's not obvious to me whether we'll notice many differences among the 3 non-binary types (`source`, `script`, and `only-script`). I initially went with `only-script`, which is newest, given that it sounded theoretically like it would involve the fewest steps. But I got [an error](https://github.com/google/guava/actions/runs/6536542346/job/17748480689?pr=6783) from the Windows CI: ``` distributionUrl is not valid, must match *-bin.zip or maven-mvnd-*.zip, but found 'https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.5/apache-maven-3.9.5-bin.zip ' ``` I assume that this is a newline-related issue. That error message comes from the `only-script` shell script, and there is no such line in the `script` shell script, so I'm now trying `script`. (It's possible that we should be using `mvnw.cmd` under Windows, so maybe nothing will work until I change our CI to do that.... (We got a recommendation for the Maven Wrapper [from Ben Manes](https://groups.google.com/g/guava-discuss/c/e5UVvuM9CP8/m/w2H3CjZ7AQAJ).) There does not yet appear to be a way to [make Dependabot automatically update the version of Maven we use](dependabot/dependabot-core#485) (nor the version of the wrapper itself, though I looked less hard for that because it's less important). We've already not kept up with Maven upgrades very carefully—and we might each be using different Maven versions for all I know!—so this isn't necessarily a huge downgrade. Still, we don't want to fall far behind what's on our machines or GitHub CI, so I've at least set myself a calendar reminder to check back every 6 months. RELNOTES=n/a PiperOrigin-RevId: 573917287
See dependabot/feedback#23 for more details. Will require the same work as other vendoring projects - the best details of what will be required are in #370.
Thanks for the feedback @davidgoate.
The text was updated successfully, but these errors were encountered: