Skip to content

Conversation

@dervoeti
Copy link
Member

@dervoeti dervoeti commented Sep 10, 2024

In this PR I enabled the CycloneDX plugin for the release profile of Phoenix and changed the Maven command to build Phoenix using that profile (because that's how HBase does it as well).

However, the Phoenix release profile also enables the apache-rat-plugin which causes a minor problem with our current build of Phoenix 5.3.0.

Since using the release profile does not seem to have any further advantages I moved the CycloneDX plugin to the general plugin section in the pom.xml and do not activate the release profile anymore when building Phoenix.

Tested the build with Phoenix locally, worked fine and the Phoenix SBOM was still generated correctly.

@dervoeti dervoeti requested a review from razvan September 10, 2024 14:07
Copy link
Member

@razvan razvan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just scanned the pom changes briefly but didn't test them. I trust you.

Maybe a less invasive way would be to define our own CycloneDx profile that we enable per command line in addition to the default one. Just an idea.

@dervoeti
Copy link
Member Author

Yeah I like the idea. It's out of scope for this PR, but it might be a way to better separate this custom patch and avoid conflicts with upstream changes. Also it makes it easy to toggle SBOM generation (although I can't think of a case where we don't want SBOMs to be generated). We could improve it at some point, but should do so for all Java products in all versions.

@dervoeti dervoeti added this pull request to the merge queue Sep 10, 2024
Merged via the queue into main with commit f578e25 Sep 10, 2024
1 check failed
@dervoeti dervoeti deleted the fix/phoenix-remove-release-profile branch September 10, 2024 14:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants