Thanks Michael, Are there any "gotchyas" to share based on this?
BR, Steve -----Original Message----- From: ONAP-TSC@lists.onap.org <ONAP-TSC@lists.onap.org> On Behalf Of Michael O'Brien Sent: Saturday, September 29, 2018 2:49 AM To: onap-helpd...@rt.linuxfoundation.org; gildas.lani...@huawei.com Cc: onap-disc...@lists.onap.org; onap-tsc@lists.onap.org; Prudence Au <prudence...@amdocs.com> Subject: Re: [onap-tsc] [ONAP Helpdesk #61551] RE: Competing priorities in onap - CLM vs Code Update: I looked more into the failures just now and yes it is "banned snapshots" the "banned dependencies" and the " Dependency ch.qos.logback:logback-classic:jar:1.1.3 located at Module org.onap.logging-analytics:logging-docker-root:pom:1.2.2-SNAPSHOT" stuck out before I realized it was the forced release of my jars. Releasing my jars should fix all of these - I'll release as-is - Prudence and I need to release the 8 release projects this week. Issue closed and adjusted as a release exercise. Yes, when I looked back at recent docker and release jobs – started seeing these – which look to be enforced CLM rules – blocking Jenkins jobs success – I didn’t save the link I got the following from – I may have mixed up “banned dependencies” with enforce-no-snapshots – which should say “banned snapshots” as the failure message Looking for logs – can’t seem to find them now - before or after I took out 1.1.3 Dependency ch.qos.logback:logback-classic:jar:1.1.3 located at Module org.onap.logging-analytics:logging-docker-root:pom:1.2.2-SNAPSHOT Dependency ch.qos.logback:logback-classic:jar:1.1.3 located at Module org.onap.logging-analytics:logging-kubernetes:pom:1.2.2-SNAPSHOT Dependency ch.qos.logback:logback-classic:jar:1.1.3 located at Module org.onap.logging-analytics:logging-reference:pom:1.2.2-SNAPSHOT This one is not CLM it is SNAPSHOTS – or unreleased code – I will need to release my demo code as-is before RC0 to fix these https://jenkins.onap.org/view/logging-analytics/job/logging-analytics-master-release-version-java-daily/244/ Identified problems Banned dependencies Some Enforcer rules have failed. Look in the log for specific messages explaining why the rule failed Indication 1 2:01:55 [INFO] --- maven-enforcer-plugin:3.0.0-M1:enforce (enforce-no-snapshots) @ logging-demo --- 12:01:55 [WARNING] Rule 0: org.apache.maven.plugins.enforcer.RequireReleaseDeps failed with message: 12:01:55 Found Banned Dependency: org.onap.logging-analytics:logging-slf4j:jar:1.2.2-SNAPSHOT 12:01:55 Found Banned Dependency: org.onap.logging-analytics:logging-mock-service:jar:1.2.2-SNAPSHOT 12:01:55 Found Banned Dependency: org.onap.logging-analytics:logging-library:jar:1.2.2-SNAPSHOT 12:01:55 Use 'mvn dependency:tree' to locate the source of the banned dependencies. -----Original Message----- From: Jessica Wagantall via RT <onap-helpd...@rt.linuxfoundation.org> Sent: Friday, September 28, 2018 7:36 PM To: gildas.lani...@huawei.com Cc: Michael O'Brien <frank.obr...@amdocs.com>; onap-disc...@lists.onap.org; onap-tsc@lists.onap.org Subject: [ONAP Helpdesk #61551] RE: Competing priorities in onap - CLM vs Code Dear Michael Can you please point me to an example? The only dependencies I know we are banning are the ones described in this example: https://wiki.onap.org/display/DW/Release+Versioning+Strategy#ReleaseVersioningStrategy-IssueofdependencyonSnapshot Thanks! Jess On Fri Sep 28 19:00:30 2018, gildas.lani...@huawei.com wrote: > Looping in Helpdesk. > > I am not aware the Jenkins fails on banned dependencies you stated > below. > @Helpdesk, Your thoughts are welcome. > > Thanks, > Gildas > ONAP Release Manager > 1 415 238 6287 > > From: onap-disc...@lists.onap.org [mailto:onap-disc...@lists.onap.org] > On Behalf Of Michael O'Brien > Sent: Friday, September 28, 2018 5:09 AM > To: onap-disc...@lists.onap.org; onap-tsc@lists.onap.org > Subject: [onap-discuss] Competing priorities in onap - CLM vs Code > > Team, > Just a comment on the vulnerabilities work and its impact on > everything else. > Since the release Jenkins jobs now fail on banned dependencies and > we are forced to fix the CLM critical issues - just be aware that > fixing each of these takes time away from development as - I have > fixed one of the remaining 9 in my project last night and am working > through the rest. > Fixing a CLM issue is not trivial as you know - half the time there > is an override brought in with another library - fixing one usually > illuminates a common pattern so the rest should go faster now - > however I am blocking developers waiting on my changes in onap and > acumos because of this. > /michael > > This message and the information contained herein is proprietary and > confidential and subject to the Amdocs policy statement, you may > review at https://www.amdocs.com/about/email-disclaimer > This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer <https://www.amdocs.com/about/email-disclaimer> -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#3798): https://lists.onap.org/g/ONAP-TSC/message/3798 Mute This Topic: https://lists.onap.org/mt/26387900/21656 Group Owner: onap-tsc+ow...@lists.onap.org Unsubscribe: https://lists.onap.org/g/ONAP-TSC/leave/2743226/1412191262/xyzzy [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
