Build Improvements

David Diederichrequested to merge
build-improvements into master

A few different items to improve the overall build health.

Release versions for dependencies

SNAPSHOT dependencies are unreliable. They can be changed from one build to the next, leading to unpredictable code linkage. And, it is different to track down which commit a given SNAPSHOT was built from. Release versions are more stable -- though admittedly due to social conventions of never rebuilding to the same version.

Additionally, when the package repository starts to fill up, the SNAPSHOTs are the first to be purged; so old ones (like 0.8.0-SNAPSHOT) don't even exist anymore.

FOSSA Configuration

In order to get a FOSSA scan to work, you need a .fossa.yml configuration file. This can be crafted by hand, or generated using FOSSA CLI. It tells FOSSA what modules are in your project, and what build tools to use to analyze them.

Once I got a scan working, I added the NOTICE file as well.

Deprecated Pipeline Includes

fossa.yml and aws.yml are deprecated pipeline includes. They still work, and continue to support old behavior, but they've been replaced with more specific versions and will eventually go away. This utilizes the newer variants, which also removes the warnings from the .pre stage of the pipelines.

Edited by David Diederich

Merge request reports