search

confluentinc / kafka-connect-jdbc

Kafka Connect connector for JDBC-compatible databases
Other
22 stars 958 forks source link

Change common pom #1427

Closed sangeet259 closed 2 months ago

sangeet259 commented 2 months ago

Use the same version as elasticsearchsink. ie. 7.0.12. I have confirmed using the effective pom that the distributionManagement comes from the common in case of 7.0.12 but for some reason it is not there in 7.0.15-20.

Also the dependency.check.skip is true as well in the 7.0.12.

Problem

Job was failing with this.

[ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.8.2:deploy (default-deploy) on project kafka-connect-jdbc: Deployment failed: repository element was not specified in the POM inside distributionManagement element or in -DaltDeploymentRepository=id::layout::url parameter -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException

This is because in the version 7..0.15-20 it doesn't bring the distributionManagement transiently, so I had to add that manually.

  <distributionManagement>
    <repository>
      <id>aws-release</id>
      <name>AWS Release Repository</name>
      <url>${confluent.release.repo}</url>
    </repository>
    <snapshotRepository>
      <id>aws-snapshot</id>
      <name>AWS Snapshot Repository</name>
      <url>${confluent.snapshot.repo}</url>
    </snapshotRepository>
  </distributionManagement>

And these two variables are passed during the build with mvn ... -Dconfluent.release.repo and -Dconfluent.snapshot.repo

I had manually added 

    <distributionManagement>
        <repository>
            <id>confluent-codeartifact-internal</id>
            <url>https://confluent-519856050701.d.codeartifact.us-west-2.amazonaws.com/maven/maven-releases</url>
        </repository>
    </distributionManagement>

which is wrong.

sudeshwasnik commented 2 months ago

@sangeet259 since we are back-porting to an earlier version, lets' check for CVEs.

sangeet259 commented 2 months ago

I scanned using trivy.

mvn -Daether.dependencyCollector.impl=bf -Dmaven.artifact.threads=8  org.cyclonedx:cyclonedx-maven-plugin:2.7.10:makeAggregateBom -DskipTests --no-transfer-progress -DincludeTestScope=false && trivy sbom target/bom.json
sangeet259 commented 2 months ago

@sudeshwasnik

@sangeet259 since we are back-porting to an earlier version, lets' check for CVEs.

We are not really doing back-porting, I had done the upgrade to 7.0.15-20 from 6.0.0 while trying to fix the dependency.check issue.

In essence it is still an upgrade from 6.0.0 to 7.0.12.