Skip to content

Commit

Permalink
Update logging-parent to version 10.2.0 and implement SBOM (apach…
Browse files Browse the repository at this point in the history
  • Loading branch information
vy committed Oct 20, 2023
1 parent 51825e6 commit 703bdc2
Show file tree
Hide file tree
Showing 10 changed files with 72 additions and 29 deletions.
28 changes: 7 additions & 21 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" child.project.url.inherit.append.path="false" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">

<!-- ██ ██ █████ ██████ ███ ██ ██ ███ ██ ██████ ██
██ ██ ██ ██ ██ ██ ████ ██ ██ ████ ██ ██ ██
Expand All @@ -31,7 +31,7 @@
<parent>
<groupId>org.apache.logging</groupId>
<artifactId>logging-parent</artifactId>
<version>10.1.1</version>
<version>10.2.0</version>
</parent>

<groupId>org.apache.logging.log4j</groupId>
Expand Down Expand Up @@ -79,7 +79,7 @@

</modules>

<scm>
<scm child.scm.connection.inherit.append.path="false" child.scm.developerConnection.inherit.append.path="false" child.scm.url.inherit.append.path="false">
<connection>scm:git:git@github.com:apache/logging-log4j-transform.git</connection>
<developerConnection>scm:git:git@github.com:apache/logging-log4j-transform.git</developerConnection>
<tag>HEAD</tag>
Expand All @@ -96,6 +96,10 @@
<url>https://github.com/apache/logging-log4j-transform/actions</url>
</ciManagement>

<distributionManagement>
<downloadUrl>https://logging.apache.org/log4j/transform/latest/#distribution</downloadUrl>
</distributionManagement>

<properties>

<!-- project version -->
Expand Down Expand Up @@ -149,24 +153,6 @@
</goals>
<phase>process-resources</phase>
<inherited>false</inherited>
<configuration>
<pomElements>
<!-- Keep the `parent`!
This is necessary, since...
1. `-parent` depends on `-bom`
2. `-bom` depends on `logging-parent`
3. `logging-parent` contains `dependencyManagement`, etc. that are used by `-maven-plugin` et al.
4. Dependencies of `-maven-plugin` et al. is resolved *at runtime*.
5. Though at runtime, the deployed `-bom` is used, which is flattened and hence doesn't have a parent!
6. Hence, at runtime, all `logging-parent` logic is lost.
7. To avoid this, we override the `flatten-bom` configuration to retain the parent.
This should ideally be fixed in the `flatten-bom` configuration provided by `logging-parent`.
You can remove `<parent>keep`, if https://github.com/apache/logging-parent/issues/37 is resolved. -->
<parent>keep</parent>
</pomElements>
</configuration>
</execution>
</executions>
</plugin>
Expand Down
24 changes: 24 additions & 0 deletions src/changelog/.0.x.x/add-sbom.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Licensed to the Apache Software Foundation (ASF) under one or more
~ contributor license agreements. See the NOTICE file distributed with
~ this work for additional information regarding copyright ownership.
~ The ASF licenses this file to you under the Apache License, Version 2.0
~ (the "License"); you may not use this file except in compliance with
~ the License. You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<entry xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://logging.apache.org/log4j/changelog"
xsi:schemaLocation="http://logging.apache.org/log4j/changelog https://logging.apache.org/log4j/changelog-0.1.2.xsd"
type="added">
<author id="github:vy"/>
<description format="asciidoc">Started generating CycloneDX SBOM with the recent update of `logging-parent` to version `10.2.0`</description>
</entry>
2 changes: 1 addition & 1 deletion src/changelog/.0.x.x/add-website.xml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<entry xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://logging.apache.org/log4j/changelog"
xsi:schemaLocation="http://logging.apache.org/log4j/changelog https://logging.apache.org/log4j/changelog-0.1.1.xsd"
xsi:schemaLocation="http://logging.apache.org/log4j/changelog https://logging.apache.org/log4j/changelog-0.1.2.xsd"
type="added">
<author id="github:vy"/>
<description format="asciidoc">Started publishing https://logging.apache.org/log4j/transform[the project website]</description>
Expand Down
4 changes: 2 additions & 2 deletions src/changelog/.0.x.x/logging-parent-update.xml
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
<?xml version="1.0" encoding="UTF-8"?>
<entry xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://logging.apache.org/log4j/changelog"
xsi:schemaLocation="http://logging.apache.org/log4j/changelog https://logging.apache.org/log4j/changelog-0.1.1.xsd"
xsi:schemaLocation="http://logging.apache.org/log4j/changelog https://logging.apache.org/log4j/changelog-0.1.2.xsd"
type="changed">
<author id="github:ppkarwasz"/>
<author id="github:vy"/>
<description format="asciidoc">Migrated to `logging-parent` 10.1.1 and adopted its CI and `pom.xml` infrastructure</description>
<description format="asciidoc">Migrated `logging-parent` to version `10.2.0` and adopted its CI and `pom.xml` infrastructure</description>
</entry>
2 changes: 1 addition & 1 deletion src/changelog/.0.x.x/update_org_ow2_asm_asm_bom.xml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<entry xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://logging.apache.org/log4j/changelog"
xsi:schemaLocation="http://logging.apache.org/log4j/changelog https://logging.apache.org/log4j/changelog-0.1.1.xsd"
xsi:schemaLocation="http://logging.apache.org/log4j/changelog https://logging.apache.org/log4j/changelog-0.1.2.xsd"
type="changed">
<author id="github:dependabot"/>
<description format="asciidoc">Update `org.ow2.asm:asm-bom` to version `9.6`</description>
Expand Down
2 changes: 1 addition & 1 deletion src/changelog/0.1.0/.release.xml
Original file line number Diff line number Diff line change
Expand Up @@ -17,5 +17,5 @@
-->
<release xmlns="http://logging.apache.org/log4j/changelog"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://logging.apache.org/log4j/changelog https://logging.apache.org/log4j/changelog-0.1.1.xsd"
xsi:schemaLocation="http://logging.apache.org/log4j/changelog https://logging.apache.org/log4j/changelog-0.1.2.xsd"
date="2023-05-05" version="0.1.0"/>
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
-->
<entry xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://logging.apache.org/log4j/changelog"
xsi:schemaLocation="http://logging.apache.org/log4j/changelog https://logging.apache.org/log4j/changelog-0.1.1.xsd"
xsi:schemaLocation="http://logging.apache.org/log4j/changelog https://logging.apache.org/log4j/changelog-0.1.2.xsd"
type="added">
<issue id="LOG4J2-3638" link="https://issues.apache.org/jira/browse/LOG4J2-3638"/>
<author id="github:ppkarwasz"/>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
-->
<entry xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://logging.apache.org/log4j/changelog"
xsi:schemaLocation="http://logging.apache.org/log4j/changelog https://logging.apache.org/log4j/changelog-0.1.1.xsd"
xsi:schemaLocation="http://logging.apache.org/log4j/changelog https://logging.apache.org/log4j/changelog-0.1.2.xsd"
type="added">
<issue id="LOG4J2-673" link="https://issues.apache.org/jira/browse/LOG4J2-673"/>
<author id="github:edwgiz" name="Eduard Gizatullin"/>
Expand Down
3 changes: 2 additions & 1 deletion src/site/_release-notes/_0.x.x.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -43,9 +43,10 @@ This is the second release of the project.
==== Added
* Started generating CycloneDX SBOM with the recent update of `logging-parent` to version `10.2.0`
* Started publishing https://logging.apache.org/log4j/transform[the project website]
==== Changed
* Migrated to `logging-parent` 10.1.1 and adopted its CI and `pom.xml` infrastructure
* Migrated `logging-parent` to version `10.2.0` and adopted its CI and `pom.xml` infrastructure
* Update `org.ow2.asm:asm-bom` to version `9.6`
32 changes: 32 additions & 0 deletions src/site/index.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,38 @@ In accordance with the Apache Software Foundation's release https://infra.apache
See xref:#release-instructions[the release instructions] for details.
[#maven-bom]
=== Maven Bill of Materials (BOM)
To keep your {project-name} module versions aligned, a https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#bill-of-materials-bom-poms[Maven Bill of Materials (BOM) POM] is provided for your convenience.
To use this with Maven, add the dependency listed below to your `pom.xml` file.
Note that the `<dependencyManagement>` nesting and the `<scope>import</scope>` instruction.
This will _import_ all modules bundled with the associated Log4j release to your `dependencyManagement`.
As a result, you don't have to specify versions of the imported modules (`log4j-weaver`, etc.) while using them as a `<dependency>`.
.`pom.xml` snippet importing `log4j-transform-bom`
[source,subs="+attributes"]
----
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-transform-bom</artifactId>
<version>{project-version}</version>
<scope>import</scope>
<type>pom</type>
</dependency>
</dependencies>
</dependencyManagement>
----
[#cyclonedx-sbom]
=== CycloneDX Software Bill of Materials (SBOM)
Starting with version `0.2.0`, {project-name} distributes https://cyclonedx.org/capabilities/sbom/[CyclenoDX Software Bill of Materials (SBOM)] along with each deployed artifact.
This is streamlined by `logging-parent`, see https://logging.apache.org/logging-parent/latest/#cyclonedx-sbom[its website] for details.
[#support]
== Support
Expand Down

0 comments on commit 703bdc2

Please sign in to comment.