Keeping dependencies up to date

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

Keeping dependencies up to date

jewzaam
Administrator
http://mojo.codehaus.org/versions-maven-plugin/examples/advancing-dependency-versions.html

Looks pretty nice.  I'll probably try this on lightblue-core, the versions:use-latest-release goal.
Reply | Threaded
Open this post in threaded view
|

Re: Keeping dependencies up to date

jewzaam
Administrator
This plugin isn't that great.  I would like to not update to beta releases or RC releases but if is released to central it's treated as a release.  End of story.  To do anything else requires getting into managing version ranges that are acceptable, so might as well just do this manually.

Note that on doing this I found the jackson library we use moved some classes around in a minor release..  A PR will be coming to fix that and update.  I'll do this:

1. mvn versions:use-latest-versions # updates release versions
2. mvn versions:update-properties -DallowSnapshots=true # updates lightblue versions specified as properties
3. manually downgrade versions with a post fix (i.e. -beta or -RC1 etc)
4. build and fix any issues
5.1. revert if there are lots of issues
5.2. issue a pull request if easy to fix and build is successful
Reply | Threaded
Open this post in threaded view
|

Re: Keeping dependencies up to date

jewzaam
Administrator
Actual steps in case someone wants to do this in the future:

git fetch origin
git checkout -b update-versions origin/master
mvn versions:update-properties -DallowSnapshots=true
mvn versions:update-parent versions:use-latest-versions -DallowMajorUpdates=false
git difftool pom.xml
mvn clean install
git commit -a -m "Updated lightblue dependencies to latest snapshot and everything else to latest releases"
git push jewzaam update-versions
Reply | Threaded
Open this post in threaded view
|

Re: Keeping dependencies up to date

lcestari
I'd like to comment about a side effect of the usage of this plugin is we can change the version of some dependencies that we weren't expecting to change (maybe breaking the interface or maybe we created a patched version of it and there is a newer version without the fix).
Reply | Threaded
Open this post in threaded view
|

Re: Keeping dependencies up to date

jewzaam
Administrator
Yes, use of this plugin is at the mercy of the maintainers of those dependencies.  Best we can do if we use the plugin is to make sure we always run our build and tests every time we update and review the diff before committing and creating a PR for the change.


On Fri, Aug 22, 2014 at 11:03 AM, lcestari [via lightblue-dev] <[hidden email]> wrote:
I'd like to comment about a side effect of the usage of this plugin is we can change the version of some dependencies that we weren't expecting to change (maybe breaking the interface or maybe we created a patched version of it and there is a newer version without the fix).


If you reply to this email, your message will be added to the discussion below:
http://lightblue-dev.1011138.n3.nabble.com/Keeping-dependencies-up-to-date-tp78p98.html
To start a new topic under lightblue-dev, email [hidden email]
To unsubscribe from lightblue-dev, click here.
NAML

Reply | Threaded
Open this post in threaded view
|

Re: Keeping dependencies up to date

lcestari
Totally agree 

Luan Cestari | Senior Software Applications Engineer
IT Shared Services
M: +55 11 99602-7887
<img src="http://images.engage.redhat.com/eloquaimages/clients/RedHat/{a8aabf3a-4467-4e37-9bc5-48b1d7b494a2}_LATAM_RedHat.jpg" alt="Red Hat" border="0" data-mce-src="http://images.engage.redhat.com/eloquaimages/clients/RedHat/{a8aabf3a-4467-4e37-9bc5-48b1d7b494a2}_LATAM_RedHat.jpg" data-mce-style="font-family: Arial; font-size: 13px;" style="font-family: Arial; font-size: 13px;">
Better technology. Faster innovation. Powered by community collaboration. 
See how it works at www.redhat.com
 




From: "jewzaam [via lightblue-dev]" <[hidden email]>
To: "lcestari" <[hidden email]>
Sent: Friday, August 22, 2014 12:31:36 PM
Subject: Re: Keeping dependencies up to date

Yes, use of this plugin is at the mercy of the maintainers of those dependencies.  Best we can do if we use the plugin is to make sure we always run our build and tests every time we update and review the diff before committing and creating a PR for the change.


On Fri, Aug 22, 2014 at 11:03 AM, lcestari [via lightblue-dev] <[hidden email]> wrote:
I'd like to comment about a side effect of the usage of this plugin is we can change the version of some dependencies that we weren't expecting to change (maybe breaking the interface or maybe we created a patched version of it and there is a newer version without the fix).


If you reply to this email, your message will be added to the discussion below:
http://lightblue-dev.1011138.n3.nabble.com/Keeping-dependencies-up-to-date-tp78p98.html
To start a new topic under lightblue-dev, email [hidden email]
To unsubscribe from lightblue-dev, click here.
NAML




If you reply to this email, your message will be added to the discussion below:
http://lightblue-dev.1011138.n3.nabble.com/Keeping-dependencies-up-to-date-tp78p102.html
To start a new topic under lightblue-dev, email [hidden email]
To unsubscribe from lightblue-dev, click here.
NAML

Reply | Threaded
Open this post in threaded view
|

Re: Keeping dependencies up to date

jewzaam
Administrator
One issue with this update is the publishing artifacts, which happens from travis-ci now.  Because of the code changes needed in core for new jackson version some of the other repo builds failed because travis hadn't published the new dependency yet.  Something to remember in the future.
Reply | Threaded
Open this post in threaded view
|

Re: Keeping dependencies up to date

jewzaam
Administrator
Ah, actually because we specifically do not deploy PR artifacts... Future changes like this will require the dependencies be merged first before the PR can be built successfully in some cases.
Reply | Threaded
Open this post in threaded view
|

Re: Keeping dependencies up to date

lcestari
I would also put some observations that I made: I would strongly suggest to open the build status before the PR merge and see if it is the latest build job or if there is any build job running, so you could wait and see the result if the job is related to the master branch. I said that due in one case it showed up for me that the build was fine and I even opened the build but was a dependency (a lightblue submodule) was updated, the travis didn't notice (it would only notice if we update the lightblue repository (which have git submodules), so it would build everything from scratch). The problem was different external dependencies version declared in two lightblues projects (and one of this project have the another one as dependency).
Reply | Threaded
Open this post in threaded view
|

Re: Keeping dependencies up to date

jewzaam
Administrator

The submodule repo is not built by travis. I don't think we can use it for much. There have been some strange build results though. For example the Java 7 success but Java 8 failure for something both should have failed. I think it's likely the repackaged classes and timing, it's annoying..

On Aug 25, 2014 9:00 AM, "lcestari [via lightblue-dev]" <[hidden email]> wrote:
I would also put some observations that I made: I would strongly suggest to open the build status before the PR merge and see if it is the latest build job or if there is any build job running, so you could wait and see the result if the job is related to the master branch. I said that due in one case it showed up for me that the build was fine and I even opened the build but was a dependency (a lightblue submodule) was updated, the travis didn't notice (it would only notice if we update the lightblue repository (which have git submodules), so it would build everything from scratch). The problem was different external dependencies version declared in two lightblues projects (and one of this project have the another one as dependency).


If you reply to this email, your message will be added to the discussion below:
http://lightblue-dev.1011138.n3.nabble.com/Keeping-dependencies-up-to-date-tp78p114.html
To start a new topic under lightblue-dev, email [hidden email]
To unsubscribe from lightblue-dev, click here.
NAML
Reply | Threaded
Open this post in threaded view
|

Re: Keeping dependencies up to date

lcestari
Same unexpected behavior occurred once again with rest project.

About travis with git-submodules, it can initialize if well configured -> http://docs.travis-ci.com/user/build-configuration/#Git-Submodules
Reply | Threaded
Open this post in threaded view
|

Re: Keeping dependencies up to date

jewzaam
Administrator

Yes, seen other repos using submodules bit we don't right now. Do you see a use case for them for lightblue repos that travis builds?

On Aug 25, 2014 10:39 AM, "lcestari [via lightblue-dev]" <[hidden email]> wrote:
Same unexpected behavior occurred once again with rest project.

About travis with git-submodules, it can initialize if well configured -> http://docs.travis-ci.com/user/build-configuration/#Git-Submodules


If you reply to this email, your message will be added to the discussion below:
http://lightblue-dev.1011138.n3.nabble.com/Keeping-dependencies-up-to-date-tp78p116.html
To start a new topic under lightblue-dev, email [hidden email]
To unsubscribe from lightblue-dev, click here.
NAML
Reply | Threaded
Open this post in threaded view
|

Re: Keeping dependencies up to date

lcestari
I can only think in one case,  sometimes Travis gives us a false-positive issue (a problem that only happened with branches so far and then it worked fine in the master branch). I thought that maybe the opposite could happen, a false -positive successful build (which I think I got it once), so the travis would say it is OK to merge or even after the merge, that everything is fine, but running another job (which is the one I mention in the previous comment) would be another test to see if the set of projects are really working fine (it would decrease even more the chance of a false-positive build happen).