This is how I do usually for RC checks: mvn clean package -DskipTests dependency-check:check
On Mon, Oct 5, 2020, 16:58 Enrico Olivelli <eolive...@gmail.com> wrote: > Il giorno lun 5 ott 2020 alle ore 16:35 Andor Molnar <an...@apache.org> ha > scritto: > > > Does anybody recall the command to run the owasp check? > > Looks like we lost the old build configs, because old Jenkins has been > > shut down. > > > > https://jeremylong.github.io/DependencyCheck/dependency-check-maven/ > something like this: > mvn dependency-check:check > > Enrico > > > > > > Andor > > > > > > > > > On 2020. Sep 16., at 11:28, Andor Molnar <an...@apache.org> wrote: > > > > > > > > > > > >> On 2020. Sep 16., at 1:38, Patrick Hunt <ph...@apache.org> wrote: > > >> > > >> On Tue, Sep 15, 2020 at 2:46 PM Andor Molnar <an...@apache.org> > wrote: > > >> > > >>> "What's the process for making changes now?” > > >>> > > >>> Like for any code changes: open Github PR. > > >>> > > >>> > > >> Sure I know how to submit a PR, but what's the process for creating > one > > for > > >> jenkins? I'm familiar with manually editing jobs, but not whatever > else > > is > > >> required. > > > > > > > > > Sorry Pat, perhaps I didn’t completely understand your question (or was > > too late evening). > > > > > > You want to create a new job for the Owasp check, so first start with > > manually creating a new job in Jenkins under the ZooKeeper View. Select > > “Multibranch pipeline” and “Copy from” this job: > > "zookeeper-multi-branch-build”. > > > > > > Leave everything in place, but change the Script Path of Jenkinsfile to > > “Jenkinsfile-owasp”. Apply & Save. > > > > > > Job will automatically start scanning the branches for the specified > > Jenkinsfile, but won’t find any and stop. > > > > > > Now start implementing and open PR. You probably just need to copy the > > existing Jenkinsfile and change the “sh” command for the owasp build and > > let’s see how it goes. > > > > > > For testing the patch, you need another Jenkins job similar to what I > > mentioned above, but point it to your git repo. > > > > > > Hope that helps. Please shout if you’re stuck. > > > > > > Andor > > > > > > > > > > > >> > > >> Patrick > > >> > > >> > > >>> "How do I verify a job before submitting it via git?” > > >>> > > >>> Create a personal job which is pointing to your repo like mine: > > >>> > > >>> > > > https://ci-hadoop.apache.org/view/ZooKeeper/job/zookeeper-master-maven-multipipeline-andor/ > > >>> > > >>> Not so nice, but that’s what we have for now. > > >>> > > >>> Andor > > >>> > > >>> > > >>> > > >>>> On 2020. Sep 15., at 22:54, Patrick Hunt <ph...@apache.org> wrote: > > >>>> > > >>>> On Tue, Sep 15, 2020 at 12:55 PM Andor Molnar <an...@apache.org> > > wrote: > > >>>> > > >>>>> Hi Michael, > > >>>>> > > >>>>> I was working on the CI migration and there’re still a few things > > which > > >>> is > > >>>>> not available in the new system. I haven’t found any solution for > the > > >>>>> “retest” trigger, but I’ll take another look tomorrow. I need to > dig > > the > > >>>>> builds@ list if there’s anything happened since I’ve last checked > > e.g. > > >>>>> new plugins installed, etc. > > >>>>> > > >>>>> I’m not sure I understand your concern about dead links. Here’s the > > link > > >>>>> of the pre-commit job for your PR: > > >>>>> > > >>>>> > > >>> > > > https://ci-hadoop.apache.org/view/ZooKeeper/job/zookeeper-precommit-github-pr/view/change-requests/job/PR-1380/ > > >>>>> > > >>>>> From the Github PR page I can see the following link: > > >>>>> > > >>>>> > > >>> > > > https://ci-hadoop.apache.org/blue/organizations/jenkins/zookeeper-precommit-github-pr/detail/PR-1380/4/pipeline > > >>>>> > > >>>>> Which takes me to the Pipeline Report and definitely not dead. > (This > > >>> must > > >>>>> be some new thing, but looks quite cool.) > > >>>>> > > >>>>> OWASP Build - Good point Patrick, that’s still missing. > > >>>>> I’ve created the branch and PreCommit jobs as Jenkins pipelines, > > nicely > > >>>>> committed and tracked in Git. I believe that’s how we should do CI > in > > >>> the > > >>>>> future. But I was reluctant do the same with flaky-test job which > is > > >>> just a > > >>>>> copy-and-paste Jenkins job atm. > > >>>>> > > >>>>> > > >>>> What's the process for making changes now? How do I verify a job > > before > > >>>> submitting it via git? > > >>>> > > >>>> Patrick > > >>>> > > >>>> > > >>>>> Feel free to choose your way for the Owasp build, if you’re willing > > to > > >>>>> migrate it, but I think at the end of the way we should have > > everything > > >>> in > > >>>>> source control to be perfect. > > >>>>> > > >>>>> We still don’t have Windows build either, but I’m not sure if > > >>>>> Windows-based nodes are available. > > >>>>> > > >>>>> Andor > > >>>>> > > >>>>> > > >>>>> > > >>>>>> On 2020. Sep 13., at 23:02, Michael Han <h...@apache.org> wrote: > > >>>>>> > > >>>>>> Folks, > > >>>>>> > > >>>>>> I am seeing some CI build issues. Specifically: > > >>>>>> > > >>>>>> * Comment on github PR with "retest maven build" does not trigger > a > > >>>>> rebuild > > >>>>>> of JenkinsMaven. This used to work. Is this a known issue? > > >>>>>> > > >>>>>> * Tons of pre-merge job links on PRs are broken: they actually > link > > to > > >>> a > > >>>>>> deleted ci job I created a few days ago to test the new CI system. > > Here > > >>>>> is > > >>>>>> a broken link > > >>>>>> < > > >>>>> > > >>> > > > https://ci-hadoop.apache.org/job/zookeeper_hanm_tests/job/PR-1380/1/display/redirect > > >>>>>> > > >>>>>> for reference. Do we know how we can trigger a new pre-merge job > on > > >>>>>> existing PRs so these links can be fixed? > > > > >
