Open Fiouz opened 2 years ago
Why is this issue filed here? I don't understand the problem.
The issue is filled here as
spring-cloud-release-tools
subproject advertises itself as Tools used for the Spring Cloud release process
, so it seemed a good candidateIf this issue tracker is not suitable due to my wrong assumptions/understanding, please let me know the relevant issue tracker, thank you.
The problem is that, the latest updates to maven-metadata.xml
on many (if not all Spring Cloud subprojects) broke the assumption that released artifacts that were once available+discoverable will always stay available+discoverable from Maven Central (some of them are no longer discoverable).
In practice:
org.springframework.cloud:spring-cloud-stream-dependencies:3.1.+
3.1.3
, and all went well3.1.1
(because it is now the latest 3.1.*
version listed in maven-metadata.xml
), causing issues due to version regressionMoving to spring-cloud-build as spring-cloud-release-tools is some automation for us, it doesn't have anything to do with maven besides just running ./mvnw
.
I still don't know what the issue is or how we could fix it. I think that file is generated by nexus by sontatype where we deploy, not by anything we control.
From past experiences with maven-deploy-plugin with private repositories (also using Sonatype Nexus), the Maven plugin itself will first download maven-metadata.xml
, in order to upload an updated version which includes the artifact being published (in addition to actually uploading the main artifact). In other words, the repository is initially not involved into generating the maven-metadata.xml
content, unless specifically requested to (Nexus has "Maven metadata repair" feature).
Unfortunately, I have no experience with Maven Central publishing, so I don't know whether that knowledge applies to it.
At its core, the issue is:
maven-metadata.xml
, but it is not(I also observed similar situation with other Spring Cloud subprojects)
I still don't think there's anything we can do.
Should I request Maven Central to repair Spring Cloud artifacts metadata?
My concern is that:
We can make the request
Description
Versions previously listed in Maven Central artifacts metadata (
maven-metadata.xml
) are no longer listed, breaking workflows that rely on automatically identifying available versions (with or without locking).Examples:
3.1.*
versions:3.1.0
,3.1.1
,3.1.2
,3.1.3
,3.1.4
,3.1.5
3.1.*
versions listed inmaven-metadata.xml
:3.1.0
,3.1.1
3.0.*
versions:3.0.0
,3.0.1
,3.0.2
,3.0.3
3.0.*
versions listed inmaven-metadata.xml
:3.0.0
,3.0.1
Sample
build.gradle.kts
gradle build
output:Workaround: switch to statically defined version / manual version locking
References
https://docs.gradle.org/current/userguide/single_versions.html https://maven.apache.org/pom.html#Dependency_Version_Requirement_Specification