search

spdx / spdx-maven-plugin

Plugin for supporting SPDX in a Maven build.
Apache License 2.0
44 stars 26 forks source link

Release 0.7.0 #122

Closed goneall closed 1 year ago

goneall commented 1 year ago

I would like to spin a new release of the Maven plugin to include some of the improvements provided by @hboutemy

@hboutemy - are there any additional issues we should resolve before spinning a new release?

hboutemy commented 1 year ago

@goneall I don't see anything for the moment: let's go!

based on Reproducible Builds issues seen on previous release https://github.com/jvm-repo-rebuild/reproducible-central/blob/master/content/org/spdx/spdx-maven-plugin/README.md , I'd like to make sure that:

goneall commented 1 year ago

Published release 0.7.0.

Thanks @hboutemy

hboutemy commented 1 year ago

FYI, this release is not reproducible https://github.com/jvm-repo-rebuild/reproducible-central/blob/master/content/org/spdx/spdx-maven-plugin/README.md

it's because the build has been done in Eclipse: https://github.com/jvm-repo-rebuild/reproducible-central/blob/master/content/org/spdx/spdx-maven-plugin/spdx-maven-plugin-0.7.0.diffoscope

Would you use maven-release-plugin if I prepare a PR to configure the plugin?

goneall commented 1 year ago

@hboutemy

Hmmm - I used the command line mvn clean deploy.

I'm curious how this shows up as showing the build being done in Eclipse.

I'm not familiar with the maven-release-plugin - but willing to learn if you want to make PR.

Thanks.

hboutemy commented 1 year ago

I suppose you did mvn deploy instead of mvn clean deploy: the files are generated by Eclipse when building in target/clases, then if you don't mvn clean, the Eclipse build pollutes pure Maven build

using release plugin will avoid that, because the reference build will be done from a fresh clone in target/checkout: that's one of the benefit of using the release plugin, it does the build from a completely clean state, then by definition avoid any pollution from anything done during development (in addition, it will update the timestamp for Reproducible Builds)

goneall commented 1 year ago

I suppose you did mvn deploy instead of mvn clean deploy

@hboutemy You are correct - that was my mistake. I usually do mvn clean install to test then do a mvn deploy both from the command line. I must have done something in eclipse in between the clean install and the deploy.

I like the idea of the release plugin. Once we get this setup with the release plugin I'll replicate it for my other Java projects I help maintain.