Open halter73 opened 4 weeks ago
global.json can read msbuild properties, so maybe we could move it out to Versions.props
& update it manually every 6 months or so? e.g. https://github.com/dotnet/aspnetcore/blob/63c492e22b06d4903cb4e7aee037295c71e1ec37/global.json#L9
We could then have the .ps1/.sh files read it from Versions.props as well
@halter73 @BrennanConroy what do you think the priority on this one is?
It's not a huge problem for me personally, but I figure it should have similar priority to other component governance issues. It just looks like component governance hasn't caught this since the version isn't specified in a conventional place.
It'd be nice if we could move the version to a place where component governance can track it as part of the fix.
Since it's only relevant for Helix, I'd dismiss this if it was a CG alert, because it's test-only. I think it moreso has value as a means of making sure we test with the same stuff we build with. I'll move it to 10 planning
In addition to unifying how we get the JDK, it would be good to get onto a more current version. 21 is the latest LTS and it looks like we use 11 or 10 depending on what job we're running.
56210 and #56211 both intended to update our repo to use the latest 11.x JDK, but those changes do not appear to affect our helix runs. I'm guessing we want to use the same JDK everywhere.
https://github.com/dotnet/aspnetcore/blob/30fb87ca055beb5997ab3f28d02bbc7866e8b683/eng/targets/Helix.targets#L3-L4
I do not think our InstallJdk.ps1 or installjdk.sh scripts support leaving the minor version and patch unspecified. If you try, you get 404 responses from https://netcorenativeassets.blob.core.windows.net.
This can also hinder local development, because unlike in
release/8.0
,.\eng\scripts\InstallJdk.ps1
fails inmain
andrelease/9.0
unless a version with a patch is explicitly specified, since it only reads JDK version "11" in global.json. It's unclear what JDK versions are available. 11.0.3 appears to exist for Windows, but not 11.0.23, and it doesn't appear to be possible to anonymously list available versions.@wtgodbe @BrennanConroy