Skip to content

Change maven id for testing pom tree

David Diederich requested to merge change-maven-id-for-testing-pom-tree into master

This MR alters the maven artifact-id for the testing/integration-tests root POM to be unique from the artifactID associated with the main POM.

This discrepancy, and the solution, was reported by Zach LaVallee (zach@fossa.com).

Why does this matter?

The artifactID and version combined give a kind of locator for maven to identify the project. By using the artifactID and version for the testing code, it implies that they are the same project.

This caused problems while trying to upgrade the FOSSA scanners to version 3.x. Their newer scanners are better integrated with maven conventions, so they consider the projects to be the same based on this same ID. Ironically, that led to the FOSSA tool missing half of the program.

FOSSA 3.x was the mechanism we used to discover this issue, but it should be changed regardless of whether we upgrade our license scanning tool or not.

Other Projects

It is possible that other projects have the same problem, but the few I spot checked (Storage, Indexer, Entitlements) did not.

This isn't changing FOSSA yet

Just to be clear, this MR fixes a maven configuration problem that was blocking a FOSSA upgrade. It does not include that upgrade itself -- that will be a more complex MR requiring more analysis across multiple projects.

Merge request reports

Loading