Johannes
/
gson-comments
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Make Maven build reproducible (#2543) 

However, it might still be necessary to use the same OS and JDK version
to actually be able to create identical artifacts.

This commit also formats the `pom.xml` files in the way the Maven Release
Plugin would.
This commit is contained in:
Marcono1234 2023-11-18 21:17:40 +01:00 committed by GitHub
parent 335ff0f9ae
commit b7c3e1d0b8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 154 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
.github/workflows/build.yml vendored
View File

@ -23,7 +23,7 @@ jobs:
cache: 'maven'
- name: Build with Maven
# This also runs javadoc:jar to detect any issues with the Javadoc generated during release
run: mvn --batch-mode --update-snapshots --no-transfer-progress verify javadoc:jar
run: mvn --batch-mode --no-transfer-progress verify javadoc:jar
native-image-test:
name: "GraalVM Native Image test"
@ -42,4 +42,29 @@ jobs:
- name: Build and run tests
# Only run tests in `graal-native-image-test` (and implicitly build and run tests in `gson`),
# everything else is covered already by regular build job above
run: mvn test --batch-mode --update-snapshots --no-transfer-progress --activate-profiles native-image-test --projects graal-native-image-test --also-make
run: mvn test --batch-mode --no-transfer-progress --activate-profiles native-image-test --projects graal-native-image-test --also-make
verify-reproducible-build:
name: "Verify reproducible build"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: "Set up JDK 17"
uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: 17
cache: 'maven'
- name: "Verify no plugin issues"
run: mvn artifact:check-buildplan --batch-mode --no-transfer-progress
- name: "Verify reproducible build"
# See https://maven.apache.org/guides/mini/guide-reproducible-builds.html#how-to-test-my-maven-build-reproducibility
run: |
mvn clean install --batch-mode --no-transfer-progress -Dproguard.skip -DskipTests
# Run with `-Dbuildinfo.attach=false`; otherwise `artifact:compare` fails because it creates a `.buildinfo` file which
# erroneously references the existing `.buildinfo` file (respectively because it is overwriting it, a file with size 0)
# See https://issues.apache.org/jira/browse/MARTIFACT-57
mvn clean verify artifact:compare --batch-mode --no-transfer-progress -Dproguard.skip -DskipTests -Dbuildinfo.attach=false

66
ReleaseProcess.md
View File

@ -37,6 +37,72 @@ This section was borrowed heavily from [Doclava release process](https://code.go
See [OSSRH Publish Guide](https://central.sonatype.org/publish/publish-guide/).
## Testing Maven release workflow locally
The following describes how to perform the steps of the release locally to verify that they work as desired.
**Warning:** Be careful with this, these steps might be outdated or incomplete. Doublecheck that you are working on a copy of your local Gson Git repository and make sure you have followed all steps. To be safe you can also temporarily turn off your internet connection to avoid accidentally pushing changes to the real remote Git or Maven repository.\
As an alternative to the steps described below you can instead [perform a dry run](https://maven.apache.org/maven-release/maven-release-plugin/usage.html#do-a-dry-run), though this might not behave identical to a real release.
1. Make a copy of your local Gson Git repository and only work with that copy
2. Make sure you are on the `main` branch
3. Create a temp directory outside the Gson directory\
In the following steps this will be called `#gson-remote-temp#`; replace this with the actual absolute file path of the directory, using only forward slashes. For example under Windows `C:\my-dir` becomes `C:/my-dir`.
4. Create the directory `#gson-remote-temp#/git-repo`
5. In that directory run
```sh
git init --bare --initial-branch=main .
```
6. Create the directory `#gson-remote-temp#/maven-repo`
7. Edit the root `pom.xml` of Gson
1. Change the `<developerConnection>` to
```txt
scm:git:file:///#gson-remote-temp#/git-repo
```
2. Change the `<url>` of the `<distributionManagement>` to
```txt
file:///#gson-remote-temp#/maven-repo
```
3. If you don't want to use GPG, remove the `maven-gpg-plugin` entry from the 'release' profile.\
There is also an entry under `<pluginManagement>`; you can remove that as well.
8. Commit the changes using Git
9. Change the remote repository of the Git project
<!-- Uses `txt` instead of `sh` to avoid the `#` being highlighted in some way -->
```txt
git remote set-url origin file:///#gson-remote-temp#/git-repo
```
10. Push the changes
```sh
git push origin main
```
Now you can perform the steps of the release:
1. ```sh
mvn release:clean
```
2. ```sh
mvn release:prepare
```
3. ```sh
mvn release:perform
```
4. Verify that `#gson-remote-temp#/git-repo` and `#gson-remote-temp#/maven-repo` contain all the desired changes
5. Afterwards delete all Gson files under `${user.home}/.m2/repository/com/google/code/gson` which have been installed in your local Maven repository during the release.\
Otherwise Maven might not download the real Gson artifacts with these version numbers, once they are released.
## Running Benchmarks or Tests on Android
* Download vogar

6
extras/pom.xml
View File

@ -27,6 +27,12 @@
<name>Gson Extras</name>
<description>Google Gson grab bag of utilities, type adapters, etc.</description>
<properties>
<!-- Make the build reproducible, see root `pom.xml` -->
<!-- This is duplicated here because that is recommended by `artifact:check-buildplan` -->
<project.build.outputTimestamp>2023-01-01T00:00:00Z</project.build.outputTimestamp>
</properties>
<licenses>
<license>
<name>Apache-2.0</name>

8
graal-native-image-test/pom.xml
View File

@ -13,9 +13,7 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
@ -27,6 +25,10 @@
<artifactId>graal-native-image-test</artifactId>
<properties>
<!-- Make the build reproducible, see root `pom.xml` -->
<!-- This is duplicated here because that is recommended by `artifact:check-buildplan` -->
<project.build.outputTimestamp>2023-01-01T00:00:00Z</project.build.outputTimestamp>
<!-- GraalVM is JDK >= 17, however for build with regular JDK these tests
are also executed with JDK 11, so for them exclude JDK 17 specific tests -->
<maven.compiler.testRelease>11</maven.compiler.testRelease>

4
gson/pom.xml
View File

@ -34,6 +34,10 @@
</licenses>
<properties>
<!-- Make the build reproducible, see root `pom.xml` -->
<!-- This is duplicated here because that is recommended by `artifact:check-buildplan` -->
<project.build.outputTimestamp>2023-01-01T00:00:00Z</project.build.outputTimestamp>
<excludeTestCompilation>**/Java17*</excludeTestCompilation>
</properties>

6
metrics/pom.xml
View File

@ -27,6 +27,12 @@
<name>Gson Metrics</name>
<description>Performance Metrics for Google Gson library</description>
<properties>
<!-- Make the build reproducible, see root `pom.xml` -->
<!-- This is duplicated here because that is recommended by `artifact:check-buildplan` -->
<project.build.outputTimestamp>2023-01-01T00:00:00Z</project.build.outputTimestamp>
</properties>
<licenses>
<license>
<name>Apache-2.0</name>

34
pom.xml
View File

@ -14,8 +14,7 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"
child.project.url.inherit.append.path="false">
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd" child.project.url.inherit.append.path="false">
<modelVersion>4.0.0</modelVersion>
<groupId>com.google.code.gson</groupId>
@ -40,6 +39,10 @@
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven.compiler.release>7</maven.compiler.release>
<maven.compiler.testRelease>11</maven.compiler.testRelease>
<!-- Make the build reproducible, see https://maven.apache.org/guides/mini/guide-reproducible-builds.html -->
<!-- Automatically updated by Maven Release Plugin -->
<project.build.outputTimestamp>2023-01-01T00:00:00Z</project.build.outputTimestamp>
</properties>
<!-- These attributes specify that the URLs should be inherited by the modules as is, to avoid constructing
@ -152,8 +155,8 @@
<!-- For Markdown files removing trailing whitespace causes issues for hard line breaks,
which use two trailing spaces. However, the trailing spaces are difficult to notice anyway;
prefer a trailing `\` instead of two spaces. -->
<trimTrailingWhitespace/>
<endWithNewline/>
<trimTrailingWhitespace />
<endWithNewline />
<indent>
<spaces>true</spaces>
<!-- This seems to mostly (or only?) affect the suggested fix in case code contains tabs -->
@ -175,10 +178,29 @@
<reorderImports>true</reorderImports>
<formatJavadoc>true</formatJavadoc>
</googleJavaFormat>
<formatAnnotations/> <!-- Puts type annotations immediately before types. -->
<formatAnnotations /> <!-- Puts type annotations immediately before types. -->
</java>
</configuration>
</plugin>
<!-- Attaches a `.buildinfo` file which contains information for reproducing the build,
such as OS, JDK version, ...
Since this is a multi-module Maven project, only one aggregated file will be created for
the last module, see the note on https://maven.apache.org/plugins/maven-artifact-plugin/usage.html#recording-buildinfo-file -->
<!-- The other goals of this plugin are run by the GitHub workflow to verify that
the build is reproducible (see `artifact:...` usage in the workflow) -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-artifact-plugin</artifactId>
<version>3.5.0</version>
<executions>
<execution>
<goals>
<goal>buildinfo</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
<pluginManagement>
@ -350,6 +372,7 @@
</execution>
</executions>
</plugin>
<!-- Plugin for checking source and binary compatibility; used by GitHub workflow -->
<plugin>
<groupId>com.github.siom79.japicmp</groupId>
@ -381,6 +404,7 @@
</parameter>
</configuration>
</plugin>
<!-- Plugin for checking compatibility with Android API -->
<!-- Note: For now this is not part of a normal Maven build but instead executed only by a
GitHub workflow because the Animal Sniffer signature files use Java Serialization, so they

6
proto/pom.xml
View File

@ -27,6 +27,12 @@
<name>Gson Protobuf Support</name>
<description>Gson support for Protobufs</description>
<properties>
<!-- Make the build reproducible, see root `pom.xml` -->
<!-- This is duplicated here because that is recommended by `artifact:check-buildplan` -->
<project.build.outputTimestamp>2023-01-01T00:00:00Z</project.build.outputTimestamp>
</properties>
<licenses>
<license>
<name>Apache-2.0</name>

8
shrinker-test/pom.xml
View File

@ -14,9 +14,7 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
@ -28,6 +26,10 @@
<artifactId>shrinker-test</artifactId>
<properties>
<!-- Make the build reproducible, see root `pom.xml` -->
<!-- This is duplicated here because that is recommended by `artifact:check-buildplan` -->
<project.build.outputTimestamp>2023-01-01T00:00:00Z</project.build.outputTimestamp>
<maven.compiler.release>8</maven.compiler.release>
</properties>