Skip to content

Commit

Permalink
apacheGH-40515: [Java] Bump org.apache.maven dependencies from 3.3.9 …
Browse files Browse the repository at this point in the history 
…to 3.8.7 (apache#40514)

- Updates the Maven version required in `/java/maven/module-info-compiler-maven-plugin` to 3.8.7 which addresses vulnerabilities identified by https://deps.dev/maven/org.apache.maven%3Amaven-core/3.3.9.
- Updates `.env` to use Maven version 3.8.7.
- Bumps older versions of Maven to 3.8.7 in `ci/docker/*.dockerfile`
- Updates the release verification instructions to say that Maven 3.8.7 is required.

-----
* GitHub Issue: apache#40515

Lead-authored-by: Ian Cook <[email protected]>
Co-authored-by: Vibhatha Abeykoon <[email protected]>
Co-authored-by: vibhatha <[email protected]>
Co-authored-by: Sutou Kouhei <[email protected]>
Co-authored-by: Dane Pitkin <[email protected]>
Signed-off-by: Sutou Kouhei <[email protected]>
  • Loading branch information
@ianmcook @vibhatha
@kou @danepitkin @lriggs
4 people authored and lriggs committed Mar 22, 2024
1 parent 1db8b45 commit 2b15982
Show file tree
Hide file tree
Showing 8 changed files with 50 additions and 9 deletions.
2 changes: 1 addition & 1 deletion .env
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ JDK=8
KARTOTHEK=latest
# LLVM 12 and GCC 11 reports -Wmismatched-new-delete.
LLVM=14
MAVEN=3.6.3
MAVEN=3.8.7
NODE=18
NUMBA=latest
NUMPY=latest
Expand Down
2 changes: 1 addition & 1 deletion ci/docker/conda-integration.dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ ARG arch=amd64
FROM ${repo}:${arch}-conda-cpp

ARG arch=amd64
ARG maven=3.5
ARG maven=3.8.7
ARG node=16
ARG yarn=1.22
ARG jdk=8
Expand Down
2 changes: 1 addition & 1 deletion ci/docker/conda-python-hdfs.dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ ARG python=3.8
FROM ${repo}:${arch}-conda-python-${python}

ARG jdk=8
ARG maven=3.5
ARG maven=3.8.7
RUN mamba install -q -y \
maven=${maven} \
openjdk=${jdk} \
Expand Down
2 changes: 1 addition & 1 deletion ci/docker/conda-python-jpype.dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ ARG python=3.8
FROM ${repo}:${arch}-conda-python-${python}

ARG jdk=11
ARG maven=3.6
ARG maven=3.8.7
RUN mamba install -q -y \
maven=${maven} \
openjdk=${jdk} \
Expand Down
2 changes: 1 addition & 1 deletion ci/docker/conda-python-spark.dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ ARG python=3.8
FROM ${repo}:${arch}-conda-python-${python}

ARG jdk=8
ARG maven=3.5
ARG maven=3.8.7

ARG numpy=latest
COPY ci/scripts/install_numpy.sh /arrow/ci/scripts/
Expand Down
2 changes: 1 addition & 1 deletion ci/docker/linux-apt-docs.dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ RUN apt-get update -y && \

ENV JAVA_HOME=/usr/lib/jvm/java-${jdk}-openjdk-amd64

ARG maven=3.6.3
ARG maven=3.8.7
COPY ci/scripts/util_download_apache.sh /arrow/ci/scripts/
RUN /arrow/ci/scripts/util_download_apache.sh \
"maven/maven-3/${maven}/binaries/apache-maven-${maven}-bin.tar.gz" /opt
Expand Down
45 changes: 43 additions & 2 deletions dev/release/verify-release-candidate.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,8 @@

# Requirements
# - Ruby >= 2.3
# - Maven >= 3.3.9
# - JDK >=7
# - Maven >= 3.8.7
# - JDK >=8
# - gcc >= 4.8
# - Node.js >= 18
# - Go >= 1.19
Expand Down Expand Up @@ -499,6 +499,44 @@ maybe_setup_conda() {
fi
}

install_maven() {
MAVEN_VERSION=3.8.7
if command -v mvn > /dev/null; then
SYSTEM_MAVEN_VERSION=$(mvn -v | head -n 1 | awk '{print $3}')
show_info "Found Maven version ${SYSTEM_MAVEN_VERSION} at $(command -v mvn)."
else
SYSTEM_MAVEN_VERSION=0.0.0
show_info "Maven installation not found."
fi

if [[ "$MAVEN_VERSION" == "$SYSTEM_MAVEN_VERSION" ]]; then
show_info "System Maven version ${SYSTEM_MAVEN_VERSION} matches required Maven version ${MAVEN_VERSION}. Skipping installation."
else
# Append pipe character to make preview release versions like "X.Y.Z-beta-1" sort
# as older than their corresponding release version "X.Y.Z". This works because
# `sort -V` orders the pipe character lower than any version number character.
older_version=$(printf '%s\n%s\n' "$SYSTEM_MAVEN_VERSION" "$MAVEN_VERSION" | sed 's/$/|/' | sort -V | sed 's/|$//' | head -n1)
if [[ "$older_version" == "$SYSTEM_MAVEN_VERSION" ]]; then
show_info "Installing Maven version ${MAVEN_VERSION}..."
APACHE_MIRROR="https://www.apache.org/dyn/closer.lua?action=download&filename="
curl -sL -o apache-maven-${MAVEN_VERSION}-bin.tar.gz \
${APACHE_MIRROR}/maven/maven-3/${MAVEN_VERSION}/binaries/apache-maven-${MAVEN_VERSION}-bin.tar.gz
tar xzf apache-maven-${MAVEN_VERSION}-bin.tar.gz
export PATH=$(pwd)/apache-maven-${MAVEN_VERSION}/bin:$PATH
show_info "Installed Maven version $(mvn -v | head -n 1 | awk '{print $3}')"
else
show_info "System Maven version ${SYSTEM_MAVEN_VERSION} is newer than minimum version ${MAVEN_VERSION}. Skipping installation."
fi
fi
}

maybe_setup_maven() {
show_info "Ensuring that Maven is installed..."
if [ "${USE_CONDA}" -eq 0 ]; then
install_maven
fi
}

maybe_setup_virtualenv() {
# Optionally setup pip virtualenv with the passed dependencies
local env="venv-${VENV_ENV:-source}"
Expand Down Expand Up @@ -565,6 +603,7 @@ maybe_setup_nodejs() {
test_package_java() {
show_header "Build and test Java libraries"

maybe_setup_maven
maybe_setup_conda maven openjdk

pushd java
Expand Down Expand Up @@ -1202,6 +1241,8 @@ test_wheels() {

test_jars() {
show_header "Testing Java JNI jars"

maybe_setup_maven
maybe_setup_conda maven python

local download_dir=${ARROW_TMPDIR}/jars
Expand Down
2 changes: 1 addition & 1 deletion java/maven/module-info-compiler-maven-plugin/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@
</prerequisites>

<properties>
<maven.version>3.3.9</maven.version>
<maven.version>3.8.7</maven.version>
</properties>

<dependencies>
Expand Down

0 comments on commit 2b15982

Please sign in to comment.