Skip to content

HBASE-28921 Skip bundling hbase-webapps folder in jars (#6368) #6377

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

HBASE-28921 Skip bundling hbase-webapps folder in jars (#6368) #6377

wants to merge 1 commit into from

Conversation

@NihalJain
Copy link
Contributor

Backports #6368

@NihalJain
HBASE-28921 Skip bundling hbase-webapps folder in jars (apache#6368)
6cdd046 
We are bundling all webapp resources in hbase-server, hbase-thrift, hbase-rest and transitively to hbase-shaded-mapreduce jar. This can be an issue, say if any of the Js projects used by hbase are vulnerable, security scan tools like sonatype start flagging the jars too as vulnerable since they contain vulnerable code.

With this JIRA, we skip bundling static webapp resources in our jars.

Signed-off-by: Istvan Toth <[email protected]>
Reviewed-by: Dávid Paksy <[email protected]>

(cherry picked from commit 8366304)
@NihalJain NihalJain added the backport This PR is a back port of some issue or issues already committed to master label Oct 21, 2024
@Apache-HBase
Copy link

🎊 +1 overall

Vote Subsystem Runtime Logfile Comment
+0 🆗 reexec 1m 42s Docker mode activated.
_ Prechecks _
+1 💚 dupname 0m 0s No case conflicting files found.
+0 🆗 codespell 0m 0s codespell was not available.
+0 🆗 detsecrets 0m 0s detect-secrets was not available.
+1 💚 @author 0m 0s The patch does not contain any @author tags.
_ branch-2 Compile Tests _
+0 🆗 mvndep 0m 18s Maven dependency ordering for branch
+1 💚 mvninstall 4m 57s branch-2 passed
+1 💚 compile 6m 1s branch-2 passed
+1 💚 spotless 1m 18s branch has no errors when running spotless:check.
_ Patch Compile Tests _
+0 🆗 mvndep 0m 18s Maven dependency ordering for patch
+1 💚 mvninstall 4m 19s the patch passed
+1 💚 compile 5m 31s the patch passed
+1 💚 javac 5m 31s the patch passed
+1 💚 blanks 0m 0s The patch has no blanks issues.
+1 💚 xmllint 0m 0s No new issues.
+1 💚 hadoopcheck 20m 54s Patch does not cause any errors with Hadoop 2.10.2 or 3.3.6 3.4.0.
+1 💚 spotless 1m 10s patch has no errors when running spotless:check.
_ Other Tests _
+1 💚 asflicense 0m 39s The patch does not generate ASF License warnings.
49m 25s
Subsystem Report/Notes
Docker ClientAPI=1.43 ServerAPI=1.43 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6377/1/artifact/yetus-general-check/output/Dockerfile
GITHUB PR #6377
Optional Tests dupname asflicense javac codespell detsecrets xmllint hadoopcheck spotless compile
uname Linux 4cfc4c0305e1 5.4.0-1103-aws #111~18.04.1-Ubuntu SMP Tue May 23 20:04:10 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality dev-support/hbase-personality.sh
git revision branch-2 / 6cdd046
Default Java Eclipse Adoptium-11.0.23+9
Max. process+thread count 79 (vs. ulimit of 30000)
modules C: hbase-server hbase-thrift hbase-rest U: .
Console output https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6377/1/console
versions git=2.34.1 maven=3.9.8 xmllint=20913
Powered by Apache Yetus 0.15.0 https://yetus.apache.org

This message was automatically generated.

@Apache-HBase
Copy link

🎊 +1 overall

Vote Subsystem Runtime Logfile Comment
+0 🆗 reexec 0m 44s Docker mode activated.
-0 ⚠️ yetus 0m 6s Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --author-ignore-list --blanks-eol-ignore-file --blanks-tabs-ignore-file --quick-hadoopcheck
_ Prechecks _
_ branch-2 Compile Tests _
+0 🆗 mvndep 0m 13s Maven dependency ordering for branch
+1 💚 mvninstall 3m 10s branch-2 passed
+1 💚 compile 1m 40s branch-2 passed
+1 💚 javadoc 0m 56s branch-2 passed
+1 💚 shadedjars 5m 46s branch has no errors when building our shaded downstream artifacts.
_ Patch Compile Tests _
+0 🆗 mvndep 0m 16s Maven dependency ordering for patch
+1 💚 mvninstall 3m 1s the patch passed
+1 💚 compile 1m 43s the patch passed
+1 💚 javac 1m 43s the patch passed
+1 💚 javadoc 0m 56s the patch passed
+1 💚 shadedjars 5m 48s patch has no errors when building our shaded downstream artifacts.
_ Other Tests _
+1 💚 unit 203m 2s hbase-server in the patch passed.
+1 💚 unit 6m 49s hbase-thrift in the patch passed.
+1 💚 unit 3m 40s hbase-rest in the patch passed.
242m 42s
Subsystem Report/Notes
Docker ClientAPI=1.43 ServerAPI=1.43 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6377/1/artifact/yetus-jdk17-hadoop3-check/output/Dockerfile
GITHUB PR #6377
Optional Tests javac javadoc unit shadedjars compile
uname Linux f86083635c7f 5.4.0-1103-aws #111~18.04.1-Ubuntu SMP Tue May 23 20:04:10 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality dev-support/hbase-personality.sh
git revision branch-2 / 6cdd046
Default Java Eclipse Adoptium-17.0.11+9
Test Results https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6377/1/testReport/
Max. process+thread count 4442 (vs. ulimit of 30000)
modules C: hbase-server hbase-thrift hbase-rest U: .
Console output https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6377/1/console
versions git=2.34.1 maven=3.9.8
Powered by Apache Yetus 0.15.0 https://yetus.apache.org

This message was automatically generated.

@Apache-HBase
Copy link

🎊 +1 overall

Vote Subsystem Runtime Logfile Comment
+0 🆗 reexec 0m 43s Docker mode activated.
-0 ⚠️ yetus 0m 5s Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --author-ignore-list --blanks-eol-ignore-file --blanks-tabs-ignore-file --quick-hadoopcheck
_ Prechecks _
_ branch-2 Compile Tests _
+0 🆗 mvndep 0m 11s Maven dependency ordering for branch
+1 💚 mvninstall 2m 32s branch-2 passed
+1 💚 compile 1m 19s branch-2 passed
+1 💚 javadoc 1m 1s branch-2 passed
+1 💚 shadedjars 5m 18s branch has no errors when building our shaded downstream artifacts.
_ Patch Compile Tests _
+0 🆗 mvndep 0m 13s Maven dependency ordering for patch
+1 💚 mvninstall 2m 20s the patch passed
+1 💚 compile 1m 19s the patch passed
+1 💚 javac 1m 19s the patch passed
+1 💚 javadoc 0m 59s the patch passed
+1 💚 shadedjars 5m 16s patch has no errors when building our shaded downstream artifacts.
_ Other Tests _
+1 💚 unit 217m 54s hbase-server in the patch passed.
+1 💚 unit 7m 16s hbase-thrift in the patch passed.
+1 💚 unit 4m 15s hbase-rest in the patch passed.
255m 46s
Subsystem Report/Notes
Docker ClientAPI=1.43 ServerAPI=1.43 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6377/1/artifact/yetus-jdk8-hadoop2-check/output/Dockerfile
GITHUB PR #6377
Optional Tests javac javadoc unit shadedjars compile
uname Linux 80ef3f9dcf86 5.4.0-1103-aws #111~18.04.1-Ubuntu SMP Tue May 23 20:04:10 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality dev-support/hbase-personality.sh
git revision branch-2 / 6cdd046
Default Java Temurin-1.8.0_412-b08
Test Results https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6377/1/testReport/
Max. process+thread count 4208 (vs. ulimit of 30000)
modules C: hbase-server hbase-thrift hbase-rest U: .
Console output https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6377/1/console
versions git=2.34.1 maven=3.9.8
Powered by Apache Yetus 0.15.0 https://yetus.apache.org

This message was automatically generated.

@Apache-HBase
Copy link

🎊 +1 overall

Vote Subsystem Runtime Logfile Comment
+0 🆗 reexec 0m 56s Docker mode activated.
-0 ⚠️ yetus 0m 5s Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --author-ignore-list --blanks-eol-ignore-file --blanks-tabs-ignore-file --quick-hadoopcheck
_ Prechecks _
_ branch-2 Compile Tests _
+0 🆗 mvndep 0m 11s Maven dependency ordering for branch
+1 💚 mvninstall 4m 11s branch-2 passed
+1 💚 compile 2m 18s branch-2 passed
+1 💚 javadoc 1m 7s branch-2 passed
+1 💚 shadedjars 8m 1s branch has no errors when building our shaded downstream artifacts.
_ Patch Compile Tests _
+0 🆗 mvndep 0m 27s Maven dependency ordering for patch
+1 💚 mvninstall 4m 51s the patch passed
+1 💚 compile 2m 51s the patch passed
+1 💚 javac 2m 51s the patch passed
+1 💚 javadoc 1m 43s the patch passed
+1 💚 shadedjars 6m 33s patch has no errors when building our shaded downstream artifacts.
_ Other Tests _
+1 💚 unit 231m 43s hbase-server in the patch passed.
+1 💚 unit 7m 19s hbase-thrift in the patch passed.
+1 💚 unit 4m 15s hbase-rest in the patch passed.
281m 58s
Subsystem Report/Notes
Docker ClientAPI=1.47 ServerAPI=1.47 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6377/1/artifact/yetus-jdk11-hadoop3-check/output/Dockerfile
GITHUB PR #6377
Optional Tests javac javadoc unit shadedjars compile
uname Linux ec7f39e53a64 5.4.0-195-generic #215-Ubuntu SMP Fri Aug 2 18:28:05 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality dev-support/hbase-personality.sh
git revision branch-2 / 6cdd046
Default Java Eclipse Adoptium-11.0.23+9
Test Results https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6377/1/testReport/
Max. process+thread count 4437 (vs. ulimit of 30000)
modules C: hbase-server hbase-thrift hbase-rest U: .
Console output https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-6377/1/console
versions git=2.34.1 maven=3.9.8
Powered by Apache Yetus 0.15.0 https://yetus.apache.org

This message was automatically generated.

@NihalJain NihalJain marked this pull request as draft October 21, 2024 22:06
@NihalJain
Copy link
Contributor Author

Stale

@NihalJain NihalJain closed this Oct 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

backport This PR is a back port of some issue or issues already committed to master

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@NihalJain @Apache-HBase