Hi all, I just wanted to inform you about something that might be causing issues in PRs and the GitHub CI/CD.
As in the near future keeping track of dependencies (especially transitive ones) will be more important, we added a check to the CI/CD, which uses the SBOM of the project to compile a list of all dependencies being used. This list is compared with one stored in the root of the project: dependencies.json. Whenever any of the dependencies change and this file needs to be updated as well, or the CI/CD build will fail. If you are running into problems with this, please run the maven build with the “dependencyCheck.skip=false” property set. mvn verify -Dmaven.test.skip=true -DdependencyCheck.skip=false -Dmdep.analyze.skip=true This will create a file in “target/apache-iotdb-parent-2.0.0-SNAPSHOT-sbom.transformed.json” if you replace the content in the dependencies.json file with that of this file, the build should succeed again. However, now in the PR the reviewers will clearly see if new dependencies were added or existing ones were removed. Chris
