[jira] [Commented] (SOLR-17602) Maintain final JAR dependencies in source control to track changes

Wed, 22 Jan 2025 07:16:05 -0800 


    [ 
https://issues.apache.org/jira/browse/SOLR-17602?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17916083#comment-17916083
 ] 

ASF subversion and git services commented on SOLR-17602:
--------------------------------------------------------

Commit 7605593984238dfa4b4cd2b3e0faeeeb613d1366 in solr's branch 
refs/heads/main from Christos Malliaridis
[ https://gitbox.apache.org/repos/asf?p=solr.git;h=76055939842 ]

SOLR-17602: Per-Module Dependency Locking (#2925)

* Introduce platform module

The platform module includes all dependencies from the
version catalog as constraints and is added to the root
modules as API for transitive inheritance of the constraints.

* Cleanup version catalog

* Fix dependency conflicts when errorprone enabled

* Add comment about platform module

* Enable per-module dependency lockfiles

Removes carrot-search dependencychecks plugin

* Update renovate config to use new task

* Update documentation

* Replace references to versions.props, versions.lock and writeLocks

* Add platform module as dependency to include constraints

* Update lockfiles

> Maintain final JAR dependencies in source control to track changes
> ------------------------------------------------------------------
>
>                 Key: SOLR-17602
>                 URL: https://issues.apache.org/jira/browse/SOLR-17602
>             Project: Solr
>          Issue Type: Task
>          Components: Build
>            Reporter: David Smiley
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 1h
>  Remaining Estimate: 0h
>
> When we make changes to Solr's dependencies (add/remove/change), we edit our 
> build files, and the code review process shows these changes to corresponding 
> build files.  However, what we all *really* want to know is the impact the 
> change has on the artifacts our users consume.  Almost nobody validates the 
> impact; we hope for the best and find out of problems long later.
> This issue tracks one artifact: Solr's final assembly (any of the zip, 
> tar.gz, or Docker). I propose committing to source control a machine 
> generated file listing of the dependencies  in a text file.  This file shall 
> be updated based on executing a gradle task TBD.  When gradle "check" is run, 
> it will henceforth ensure that this file hasn't been modified or doesn't 
> match the output of the script's generation (details TBD).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to