Build Improvements (!3) · Merge requests · OSDU Software / OSDU Data Platform / Data Flow / Data Ingestion / External Data Sources / Proxy Dataset Service

David Diederich requested to merge build-improvements into master Jul 09, 2021

A few different items to improve the overall build health.

Release versions for dependencies

SNAPSHOT dependencies are unreliable. They can be changed from one build to the next, leading to unpredictable code linkage. And, it is different to track down which commit a given SNAPSHOT was built from. Release versions are more stable -- though admittedly due to social conventions of never rebuilding to the same version.

Additionally, when the package repository starts to fill up, the SNAPSHOTs are the first to be purged; so old ones (like 0.8.0-SNAPSHOT) don't even exist anymore.

FOSSA Configuration

In order to get a FOSSA scan to work, you need a .fossa.yml configuration file. This can be crafted by hand, or generated using FOSSA CLI. It tells FOSSA what modules are in your project, and what build tools to use to analyze them.

Once I got a scan working, I added the NOTICE file as well.

Deprecated Pipeline Includes

fossa.yml and aws.yml are deprecated pipeline includes. They still work, and continue to support old behavior, but they've been replaced with more specific versions and will eventually go away. This utilizes the newer variants, which also removes the warnings from the .pre stage of the pipelines.

Edited Jul 09, 2021 by David Diederich

Build Improvements

Release versions for dependencies

FOSSA Configuration

Deprecated Pipeline Includes

Merge request reports