-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create sub directories for ThirdPartyAudit dependency metadata #16844
base: main
Are you sure you want to change the base?
Create sub directories for ThirdPartyAudit dependency metadata #16844
Conversation
❌ Gradle check result for 6f4639f: FAILURE Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change? |
9332c51
to
4e866be
Compare
❌ Gradle check result for 4e866be: FAILURE Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change? |
Signed-off-by: Finn Carroll <carrofin@amazon.com>
4e866be
to
4b1b382
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #16844 +/- ##
============================================
- Coverage 72.19% 72.12% -0.08%
+ Complexity 65208 65205 -3
============================================
Files 5297 5297
Lines 303324 303335 +11
Branches 43913 43916 +3
============================================
- Hits 218999 218791 -208
- Misses 66367 66638 +271
+ Partials 17958 17906 -52 ☔ View full report in Codecov by Sentry. |
The task should be run per module, each having own |
It's not that plugins/modules are sharing build folders, but that the third party dependencies of an individual plugin/module are unzipped into a shared base folder during the third party audit task. Specifically In the minimal example linked in the issue these two randomly chosen dependencies happen to have jars which unzip a
|
Oh I see, thank you, |
@@ -309,6 +309,25 @@ private void extractJars(Set<File> jars) { | |||
jars.forEach(jar -> { | |||
FileTree jarFiles = getProject().zipTree(jar); | |||
getProject().copy(spec -> { | |||
spec.eachFile(details -> { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you think the cleanest approach would be to extract each dependency into own sub-folder all the time so we won't be having the names clash in the first place?
Description
The
thirdPartyAudit
task writes all dependency metadata to the same base directory ofbuild/precommit/thirdPartyAudit/thirdPartyAudit/META-INF
. When two separate dependencies attempt to write a file and directory at the same location the task fails with an error.See #16840.
This PR handles collisions by appending a counter to duplicates.
i.e. dup-1.txt, dup-2.txt, ...
Related Issues
Resolves #16840
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.