Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

logstash-integration-jdbc/5.5.2 package update #38277

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

octo-sts[bot]
Copy link
Contributor

@octo-sts octo-sts bot commented Dec 23, 2024

@octo-sts octo-sts bot added request-version-update request for a newer version of a package automated pr labels Dec 23, 2024
Copy link
Contributor Author

octo-sts bot commented Dec 23, 2024

Gen AI suggestions to solve the build error:

• Detected Error:

Execution failed for task ':svnCheckout'.
> Consumed all retries, failing the task

• Error Category: Build Configuration/Dependency

• Failure Point: Gradle svnCheckout task attempting to access Apache Derby SVN repository

• Root Cause Analysis:
The build is failing because it's trying to checkout Derby source code from Apache's SVN repository, which is timing out. This is related to the Derby version update in the sed command that modifies DERBY_VERSION.

• Suggested Fix:

  1. Replace the SVN-based Derby dependency with a Maven/Gradle dependency:
  - runs: |
      # Update to use Maven central dependency instead of SVN checkout
      sed -i 's/task svnCheckout {.*}//' build.gradle
      sed -i 's/def DERBY_VERSION = .*/def DERBY_VERSION = "10.14.2.0"/' build.gradle
      sed -i '/svn {/,/}/d' build.gradle
      
      # Add Maven central repository if needed
      echo "repositories { mavenCentral() }" >> build.gradle
      echo "dependencies { testImplementation 'org.apache.derby:derby:10.14.2.0' }" >> build.gradle
      
      ./gradlew vendor

• Explanation:
The original build tries to fetch Derby source from SVN, which is unreliable and unnecessary. Since we only need Derby for testing, using the published Maven artifact is more reliable and faster. The fix removes the SVN checkout task and replaces it with a proper Maven dependency.

• Additional Notes:

  • Apache Derby 10.14.2.0 is available on Maven Central
  • This change maintains the CVE fix intention (upgrading from 10.14.1.0 to 10.14.2.0)
  • The build will be more reliable as it doesn't depend on SVN access

• References:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
automated pr request-version-update request for a newer version of a package
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant