-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make dependency updates more efficient #2781
Comments
Experiment for automatically detecting licenses:
Findings:
|
https://www.mojohaus.org/license-maven-plugin/aggregate-add-third-party-mojo.html and its configuration are quite powerful, e.g. the parameter |
Same experiment as above using https://github.com/CycloneDX/cyclonedx-maven-plugin/: Dependencies not detected:
Incorrect licenses:
The plugin gets the license information from Maven (I assume that this means it retrieves whatever is declared in the pom.xml of the Maven artifact). See https://github.com/CycloneDX/cyclonedx-maven-plugin/blob/cyclonedx-maven-plugin-2.7.9/src/main/java/org/cyclonedx/maven/DefaultModelConverter.java#L297 and calling code. |
Idea for the tool chain:
Side notes:
|
Test PRs: Breakdown of remaining tasks:
|
Blocked HTTP repository example output:
|
Repos that we will roll out the workflow to: camunda/camunda-bpm-platform |
- contains some changes of the following commits in accumulating files (e.g. dist/index.js, package.json) related to camunda/camunda-bpm-platform#2781
- also removes legacy CI labels that we have already deleted related to #2781
@danielkelemen I have added the 7.20 PRs and corrected the workflow references. Please re-review. |
Forgot to respond here. I decided to not do backports there to save some effort. Anyone who needs it can still do it when they work with such a branch. |
This issue was imported from JIRA:
Acceptance Criteria (Required on creation):
Hints (optional):
Links:
PRs
Rollout PRs
The text was updated successfully, but these errors were encountered: