Dependabot 未升级 Maven SNAPSHOT 依赖项的主要版本
[英]Dependabot not upgrading major versions of Maven SNAPSHOT dependencies
问题描述
我已经安装了dependabot,但即使有一个新的次要版本的SNAPSHOT依赖项可用,也找不到它。
采取以下pom.xml :
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.org</groupId>
<artifactId>project</artifactId>
<version>2.4-SNAPSHOT</version>
<dependencies>
<dependency>
<groupId>com.org</groupId>
<artifactId>dependency</artifactId>
<version>1.1-SNAPSHOT</version>
</dependency>
</dependencies>
使用以下dependabot.yml :
version: 2
registries:
github-maven:
type: maven-repository
url: https://maven.pkg.github.com/my-org/*/
username: admin
password: rosebud
updates:
- package-ecosystem: maven
registries: "*"
directory: /
schedule:
interval: daily
我的私有存储库中现在有一个1.2-SNAPSHOT - 我可以看到它已上传到https://maven.pkg.github.com/my-org/maven-repository/com/org/dependency/1.2-SNAPSHOT/dependency-1.2-20220714.094840-17.jar
查看 Dependabot 日志,很明显它找到了来自maven-metadata.xml的所有dependency版本,但实际上并没有获得任何这些版本。
updater | INFO <job_418367509> Checking if com.org:dependency 1.1-SNAPSHOT needs updating
proxy | 2022/07/14 09:41:03 [176] GET https://repo.maven.apache.org:443/maven2/com/ci/dependency/maven-metadata.xml
proxy | 2022/07/14 09:41:03 [176] 404 https://repo.maven.apache.org:443/maven2/com/ci/dependency/maven-metadata.xml
proxy | 2022/07/14 09:41:03 [178] GET https://maven.pkg.github.com:443/my-org/*/com/ci/dependency/maven-metadata.xml
proxy | 2022/07/14 09:41:03 [178] * authenticating maven repository request (host: maven.pkg.github.com)
proxy | 2022/07/14 09:41:03 [178] 200 https://maven.pkg.github.com:443/my-org/*/com/ci/dependency/maven-metadata.xml
proxy | 2022/07/14 09:41:03 [180] HEAD https://repo.maven.apache.org:443/maven2/com/ci/dependency/1.2-SNAPSHOT/dependency-1.2-SNAPSHOT.jar
proxy | 2022/07/14 09:41:03 [180] 404 https://repo.maven.apache.org:443/maven2/com/ci/dependency/1.2-SNAPSHOT/dependency-1.2-SNAPSHOT.jar
proxy | 2022/07/14 09:41:03 [182] HEAD https://maven.pkg.github.com:443/my-org/*/com/ci/dependency/1.2-SNAPSHOT/dependency-1.2-SNAPSHOT.jar
proxy | 2022/07/14 09:41:03 [182] * authenticating maven repository request (host: maven.pkg.github.com)
proxy | 2022/07/14 09:41:04 [182] 404 https://maven.pkg.github.com:443/my-org/*/com/ci/dependency/1.2-SNAPSHOT/dependency-1.2-SNAPSHOT.jar
proxy | 2022/07/14 09:41:04 [188] HEAD https://repo.maven.apache.org:443/maven2/com/ci/dependency/1.1-SNAPSHOT/dependency-1.1-SNAPSHOT.jar
proxy | 2022/07/14 09:41:04 [188] 404 https://repo.maven.apache.org:443/maven2/com/ci/dependency/1.1-SNAPSHOT/dependency-1.1-SNAPSHOT.jar
proxy | 2022/07/14 09:41:04 [190] HEAD https://maven.pkg.github.com:443/my-org/*/com/ci/dependency/1.1-SNAPSHOT/dependency-1.1-SNAPSHOT.jar
proxy | 2022/07/14 09:41:04 [190] * authenticating maven repository request (host: maven.pkg.github.com)
proxy | 2022/07/14 09:41:04 [190] 404 https://maven.pkg.github.com:443/my-org/*/com/ci/dependency/1.1-SNAPSHOT/dependency-1.1-SNAPSHOT.jar
updater | INFO <job_418367509> Latest version is
updater | INFO <job_418367509> Requirements to unlock update_not_possible
updater | INFO <job_418367509> Requirements update strategy
updater | INFO <job_418367509> No update possible for com.org:dependency 1.1-SNAPSHOT
我认为问题在于SNAPSHOT版本的文件名中都有日期,虽然这在maven-metadata.xml中列出,但 Dependabot 不支持。 我无法验证这一点,因为这不再是您可以更改的 Maven 行为。
我的私有存储库中的非SNAPSHOT依赖项可以与 Dependabot 一起正常工作,并且我的依赖项在 Maven 中解决了构建等问题。
1 个解决方案
解决方案1
0 2022-08-03 13:57:41
这是 Dependabot 中的一个错误。
从 GitHub 支持:
我们的工程师发现我们对 SNAPSHOT 包的支持存在问题。 他们已经为此打开了一个问题,但没有估计何时发布修复程序。
使用Maven时如何自动将SNAPSHOT依赖项更新为最新发布的版本
[英]How do I automate the update of SNAPSHOT dependencies to the latest released versions when using maven
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.