Skip to content

Adding VersionStream for apache-tika-3.2#57268

Merged
OddBloke merged 5 commits intomainfrom
apache-tika-3.2
Jun 30, 2025
Merged

Adding VersionStream for apache-tika-3.2#57268
OddBloke merged 5 commits intomainfrom
apache-tika-3.2

Conversation

@octo-sts
Copy link
Contributor

@octo-sts octo-sts bot commented Jun 23, 2025

No description provided.

@octo-sts
Copy link
Contributor Author

octo-sts bot commented Jun 23, 2025

🔄 Build Failed: Git Checkout Error

fatal: Remote branch 3.2 not found in upstream origin

Build Details

Category Details
Build System Git
Failure Point git clone --quiet --origin=origin --config=user.name=Melange Build --config=user.email=melange-build@cgr.dev --config=advice.detachedHead=false --branch=3.2 --depth=1 https://github.com/apache/tika /tmp/tmp.J8HyrjVIPv

Root Cause Analysis 🔍

The build is attempting to clone Apache Tika repository with branch '3.2', but this is actually a tag, not a branch. The git clone command is incorrectly using --branch=3.2 when it should be using a tag reference instead.


🔍 Build failure fix suggestions

Found similar build failures that have been fixed in the past and analyzed them to suggest a fix:

Similar PRs with fixes

Suggested Changes

File: apache-tika-3.2.yaml

  • replace at line 34-37 (pipeline git-checkout section)
    Original:
  - uses: git-checkout
    with:
      repository: https://github.com/apache/tika
      tag: ${{package.version}}
      expected-commit: 1cd5b3f43f4555ae8177b9f246d3e8836592ab3b

Replacement:

  - uses: git-checkout
    with:
      repository: https://github.com/apache/tika
      branch: main
      tag: ${{package.version}}
      expected-commit: 1cd5b3f43f4555ae8177b9f246d3e8836592ab3b
Click to expand fix analysis

Analysis

The similar fixed build failure shows a pattern where Git's branch specification was incorrectly used with what was actually a tag reference. In the example fix, the build was trying to use '--branch=v2.32.0' when v2.32.0 was a tag, not a branch. The key insight is that when working with Git repositories where specific versions are tagged rather than branched, the configuration needs to properly specify tag references instead of branch references.

Click to expand fix explanation

Explanation

The current build failure occurs because the Git checkout step is trying to use version '3.2' as a branch, but it's actually a tag in the Apache Tika repository. The error message "fatal: Remote branch 3.2 not found in upstream origin" clearly indicates this confusion.

In the Melange build system, when using the 'git-checkout' action with a tag, we need to specify both:

  1. A valid branch to initially clone (typically 'main' or 'master')
  2. The tag to checkout after cloning

The suggested fix adds the 'branch: main' parameter to ensure that Git first clones a valid branch before checking out the tag. This approach is correct because:

  1. It follows the expected pattern for the git-checkout action when working with tags
  2. It solves the root cause by not trying to directly clone a non-existent branch
  3. The build will still end up at the correct commit specified by the tag and verified by the expected-commit hash

The Git operation will first clone the main branch and then checkout the specified tag, which is the intended behavior for building a specific version from a tag.

Click to expand alternative approaches

Alternative Approaches

  • Another approach would be to use a direct reference to the tag in the git checkout command, like using 'ref: refs/tags/3.2' instead of specifying branch and tag separately.
  • We could also modify the pipeline to use a specific commit directly with 'commit: 1cd5b3f43f4555ae8177b9f246d3e8836592ab3b' instead of using a tag reference, but this would make the build definition less clear about which version is being built.

Was this comment helpful? Please use 👍 or 👎 reactions on this comment.

@octo-sts octo-sts bot added the ai/skip-comment Stop AI from commenting on PR label Jun 23, 2025
@ajayk
Copy link
Member

ajayk commented Jun 23, 2025

https://downloads.apache.org/tika/3.2.0/CHANGES-3.2.0.txt seems GitHub doesn't have tags probably switch to one of the sources

@OddBloke OddBloke self-assigned this Jun 26, 2025
@OddBloke OddBloke force-pushed the apache-tika-3.2 branch 3 times, most recently from 8769e8d to 8bf9953 Compare June 27, 2025 14:05
@octo-sts octo-sts bot added the bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. label Jun 27, 2025
@OddBloke OddBloke force-pushed the apache-tika-3.2 branch 3 times, most recently from d6122cb to 7930967 Compare June 27, 2025 21:49
octo-sts bot and others added 5 commits June 30, 2025 09:14
Upstream haven't tagged a `3.2.0` release in their git repo, so this
moves us to using their release tarballs.  I also updated
https://release-monitoring.org/project/15703/ in the same way, so we can
switch to using that as our update backend.
Upstream have moved `cxf.version` to 4.0.6, and the jetty-http bump
doesn't actually change the version used (it would need to apply to
`tika-parent/pom.xml`, but that causes compilation errors).
@OddBloke
Copy link
Member

This CVE isn't remediable, bumping the affected version causes compilation errors. It's already advisoried for previous releases.

@OddBloke OddBloke requested a review from a team June 30, 2025 15:06
@OddBloke OddBloke enabled auto-merge June 30, 2025 15:06
@OddBloke OddBloke merged commit f3e6a8b into main Jun 30, 2025
17 of 18 checks passed
@OddBloke OddBloke deleted the apache-tika-3.2 branch June 30, 2025 15:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ai/skip-comment Stop AI from commenting on PR automated pr bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. service:version-stream

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants