-
Added as an improvement request
-
Name Previous Value Current Value Type
Question
Improvement
-
Previous Value Current Value Prevent redeploy of Maven artifacts with the same version?
Prevent redeploy of Maven artifacts with the same version
-
Hello, is this improvement really not needed by anyone else?
-
Reject re-uploading a file for an existing non-SNAPSHOT version when it would replace previously published content. Uploads that carry identical content are still accepted so interrupted deploys can be retried, and SNAPSHOT versions remain mutable as before.
--- .../server/plugin/pack/maven/MavenPackHandler.java | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/server-plugin/server-plugin-pack-maven/src/main/java/io/onedev/server/plugin/pack/maven/MavenPackHandler.java b/server-plugin/server-plugin-pack-maven/src/main/java/io/onedev/server/plugin/pack/maven/MavenPackHandler.java index 4a931b8..4028778 100644 --- a/server-plugin/server-plugin-pack-maven/src/main/java/io/onedev/server/plugin/pack/maven/MavenPackHandler.java +++ b/server-plugin/server-plugin-pack-maven/src/main/java/io/onedev/server/plugin/pack/maven/MavenPackHandler.java @@ -9,6 +9,7 @@ import static io.onedev.server.util.IOUtils.copyWithMaxSize; import static java.nio.charset.StandardCharsets.UTF_8; import static java.util.stream.Collectors.toList; import static javax.servlet.http.HttpServletResponse.SC_BAD_REQUEST; +import static javax.servlet.http.HttpServletResponse.SC_CONFLICT; import static javax.servlet.http.HttpServletResponse.SC_CREATED; import static javax.servlet.http.HttpServletResponse.SC_NOT_ACCEPTABLE; import static javax.servlet.http.HttpServletResponse.SC_NOT_FOUND; @@ -398,6 +399,16 @@ public class MavenPackHandler implements PackHandler { pack.setUser(SecurityUtils.getUser()); pack.setPublishDate(new Date()); MavenData data = (MavenData) pack.getData(); + // Prevent redeploy of release (non-SNAPSHOT) artifacts: reject when a file + // already published for this version would be replaced with different content. + // Identical re-uploads are allowed so interrupted deploys can be retried safely. + if (version != null && !version.endsWith(VERSION_SUFFIX_SNAPSHOT)) { + var existingSha256BlobHash = data.getSha256BlobHashes().get(blobName); + if (existingSha256BlobHash != null && !existingSha256BlobHash.equals(sha256BlobHash)) { + throw new HttpResponseAwareException(SC_CONFLICT, "Redeploy not allowed for released version: " + + getName(groupId, artifactId) + ":" + version); + } + } var prevSha256BlobHash = data.getSha256BlobHashes().put(blobName, sha256BlobHash); packService.createOrUpdate(pack, null, false); if (prevSha256BlobHash != null) { -- -
@cwh please work on this. We should implement for all package types. Also make sure that we should allow to redeploy SNAPSHOT versions for maven repository. If other package types have same concept as maven SNAPSHOT, we should allow deploy for these specific versions as well.
-
Failed to do the job, please open workspace OD-1 for details
-
@cwh fixed, please retry
-
@robin implemented the broader redeploy protection in pr #79.
The shared pack service now rejects updates that would remove or replace already referenced blobs for an existing package version, while still allowing identical retries and additive files. Maven keeps its special behavior: non-SNAPSHOT artifact files can not be replaced with different content, and
-SNAPSHOTversions remain mutable.Verification:
git diff --checkpassed. I could not runmvn -pl server-plugin/server-plugin-pack-maven -am compilein this workspace becausemvn, a Maven wrapper,java, andjavacare not available onPATH. -
Previous Value Current Value Open
Closed
| Type |
Improvement
|
| Priority |
Normal
|
| Assignee | |
| Labels |
No labels
|
As the title says, I have a problem with which I can accidentally upload/deploy the same Maven artifact version to the OneDev repository. I cannot find a configuration to just prevent any redeploys. Am I missing something?