For what it's worth, I found a workaround: add my own DEPENDENCIES file to SCM. The remote-resources plugin doesn't appear to clobber existing files.
-- Christopher L Tubbs II http://gravatar.com/ctubbsii On Tue, May 12, 2015 at 11:04 AM, Christopher <ctubb...@apache.org> wrote: > On Tue, May 12, 2015 at 1:38 AM, Karl Heinz Marbaise <khmarba...@gmx.de> > wrote: >> Hi Christopher, >> >> the DEPENDENCIES file is generated by the maven-remote-resources-plugin >> >> http://svn.apache.org/viewvc/maven/pom/tags/apache-17/pom.xml?view=markup >> >> Lines 308-323 ... >> > > Thanks. It seems (to me) like this might be a bug with > maven-remote-resources-plugin... this file seems to only exist in the > root of the project (which is our intermediate parent POM), and seems > to generate an empty file (except for the header), because our > project's parent POM has no dependencies. It's a completely worthless > file. It does not get added to any of the child modules, where it > might actually be useful (because they actually have dependencies). > > Further, it seems like a bug because plugins shouldn't really be > modifying stuff outside of ${project.build.directory} usually. Does > anybody know the history of this behavior, and what this file's > purpose is? > > [snip] >> On 5/11/15 11:35 PM, Christopher wrote: > [snip] >>> This file seems to fail the apache-rat check, and makes the >>> -source-release.tar.gz fail to match the SHA-1 git commit. >> >> >> I see fialing the apache-rat check but the SHA-1 git commit i don't >> understand ? >> > [snip] > > I mean: the -source-release.tar.gz includes this file, but the release > tag in git does not. Thus, our official source release tarball does > not match any actual tag in SCM, which is unexpected. > > Another problem is that adding this file "dirties" the clean checkout > of the tag during "release:perform", and as a result, a plugin we have > configured to insert the git commit id (SHA-1) into the MANIFEST.MF > files for the "Implementation Build" gets marked with a "-dirty" > suffix, to indicate the release build was modified since checkout from > the tag (which is normally a bad thing). --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org
