Skip to content

Refresh geode-server-all:integrationTest dependency_classpath inventory #7914

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
JinwooHwang merged 2 commits into from
Aug 26, 2025
Merged

Refresh geode-server-all:integrationTest dependency_classpath inventory #7914

JinwooHwang merged 2 commits into from
Aug 26, 2025

Conversation

@JinwooHwang
Copy link
Contributor

@JinwooHwang JinwooHwang commented Aug 25, 2025
edited
Loading

Summary

  • Updates dependency_classpath.txt, gfsh_dependency_classpath.txt, expected_jars.txt and assembly_content.txt with a current snapshot of the integration test runtime classpath.

Purpose

  • Provide a deterministic baseline for detecting unintended dependency drift.
  • Support license / NOTICE aggregation and auditing.
  • Enable reproducible environment diagnostics and security / vulnerability scanning.
  • Facilitate SBOM or dependency report generation from a curated, ordered list.

File Characteristics

  • Contains only jar filenames (no paths) for easier detection of changes.
  • Represents resolved integration test runtime artifacts at snapshot time.
  • Internal modules use placeholder version 0.0.0 (indicates unpublished in-repo artifacts).

Follow-up Suggestions

  • Add a Gradle task to regenerate and verify this list (fail build if out-of-date).
  • Integrate SBOM generation referencing this baseline.
  • Introduce a script to diff against previous commit and flag unexpected additions.

Verification Steps

  1. Resolve integration test runtime classpath (e.g. print integrationTest.runtimeClasspath.files).
  2. Compare sorted filenames to file contents; they should match exactly.
  3. Commit only when intentional changes occur (new, removed, or version-changed jars).

Risk

  • Documentation-only change; no production code impact.

Added / Current Inventory (alphabetical excerpt)

  • jackson-datatype-jsr310-2.17.0.jar
  • jackson-annotations-2.17.0.jar
  • jackson-core-2.17.0.jar
  • jackson-datatype-joda-2.17.0.jar
  • jackson-databind-2.17.0.jar
  • byte-buddy-1.14.9.jar

For all changes:

  • Is there a JIRA ticket associated with this PR? Is it referenced in the commit message?

  • Has your PR been rebased against the latest commit within the target branch (typically develop)?

  • Is your initial contribution a single, squashed commit?

  • Does gradlew build run cleanly?

  • Have you written or updated unit tests to verify your changes?

  • If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?

@JinwooHwang JinwooHwang merged commit 436be0a into apache:develop Aug 26, 2025
25 of 29 checks passed
@JinwooHwang JinwooHwang deleted the geode-server-all-integrationTest branch August 26, 2025 20:00
@raboof raboof mentioned this pull request Aug 27, 2025
Closed
6 tasks
JinwooHwang added a commit that referenced this pull request Sep 3, 2025
@JinwooHwang
Refresh geode-server-all:integrationTest dependency_classpath invento…
85662cb 
…ry (#7914)

* geode-server-all:integrationTest

(cherry picked from commit 436be0a)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@JinwooHwang