I think it would be useful to mirror our output folder structure in the
repository. This would show what is libraries (lib), resources (resources),
javadocs (api), docbook (doc), etc.

e.g. as a developer I probably wouldn't be interested in pulling down javadocs,
docbook, examples/tutorial source code, etc., if I just want to build against that
projects binary.
But these will be useful when creating any final release that
includes that information.

It might be more logical to have the notion of main project/version first,
but such a structure would probably be only useful to somebody browsing
the repository on-line?
e.g.

JBossAS/
 4.0.1/
 jboss-common/
 lib/
 jboss-common.jar
 resources/
 {runtime config xml here}
 api/
 {javadocs here}
 doc/
 {docbook here}
 LICENSE
 component-info.xml
 jboss-system/
 lib/
 jboss-system.jar
 run.jar
 shutdown.jar
 resources/
 {runtime config xml here}
 api/
 {javadocs here}
 doc/
 {docbook here}
 LICENSE
 component-info.xml

So we need to finalize the repository structure and component-info so I can recreate the jboss-4.0.x thirdparty contents from a jbossbuild.xml.

One current issue is the license info. The existing jboss-4.0/thirdparty/licenses/thirdparty-licenses.xml now has an index of the licenses used along with the acceptable source code headers used in the codebase to reference the license. The latter is used by the org.jboss.tools.license.ValidateLicenseHeaders utility to run across every source file in the codebase to validate that a license header exists, and that it maps to an acceptable license.

So the first change that needs to be made to the repository structure is to pull out all license files from the component dirs into a repository/licenses structure so that there is a canonical representation of the licenses in use. When I look at a licenseType="apache-2.0" reference from a component-info.xml, its a reference to either repository/licenes/apache-2.0 contents, or a reference to an element in a single repository/licenes/license-info.xml element not unlike the current thirdparty-licenses.xml licenses section:

<licenses>
 <license id="apache-1.1" licenseFile="apache-1.1.txt">
 <terms-header id="apache#0">
 * The Apache Software License, Version 1.1
...

Another thing that is missing in the component-info.xml is an expression of the depenencies on other repository components. For example, the javagroups component has no expressed dependency on the commons-logging component. I don't think the consumer of javagroups should have to understand implied dependencies.

"scott.stark@jboss.org" wrote:
Another thing that is missing in the component-info.xml is an expression of the depenencies on other repository components. For example, the javagroups component has no expressed dependency on the commons-logging component. I don't think the consumer of javagroups should have to understand implied dependencies.

[ejort@htimes2 kernel]$ ant -f jbossbuild.xml runtest
Buildfile: jbossbuild.xml

runtest.tests:
Unable to locate 'commons-logging.jar' in Class-Path of jboss-common.jar
Unable to locate 'commons-httpclient.jar' in Class-Path of jboss-common.jar
Unable to locate 'commons-discovery.jar' in Class-Path of jboss-common.jar
Unable to locate 'dom4j.jar' in Class-Path of jboss-common.jar
Unable to locate 'jaxmexs.jar' in Class-Path of jboss-common.jar
Unable to locate 'log4j.jar' in Class-Path of jboss-common.jar
Unable to locate 'gnu-regexp.jar' in Class-Path of jboss-common.jar
Unable to locate 'webdavlib.jar' in Class-Path of jboss-common.jar
Unable to locate 'dtdparser121.jar' in Class-Path of jboss-common.jar
Unable to locate 'xercesImpl.jar' in Class-Path of jboss-common.jar

Bug report:
http://jira.jboss.com/jira/browse/JBBUILD-72

One problem with doing this, is that it would potentially allow a

<source>

<source>

I'm not following how that lone source element triggers imports.

Going through this currently for the 4.0 thirdparty, the unversioned import still leaves open the problem of what version is being referenced. We can build a graph of components and attempt to resolve the components, but I see a number of components that have references to components only used by them (dom4j to jaxen, cglib to asm). We can attempt to taken the latest version of each unversioned reference, but this requires a latest link pointing to latest, or an index of the components so that it can be computed.

The import should also support a version in the case that there is an explicit version requirement. Are you working on adding the import addition Ryan? If not, I'll look at this since I need to complete it to finish the thirdparty build.

As was mentioned in this post which spawned the JBBUILD-72 issue, its not practical for the component user to have to know the dependencies of the component. Case 1, hibernate depends on cglib and asm, neither of which are used anywhere else in jbossas. In creating the top level build I only know I need hibernate 3.0.3. The component-info.xml for hibernate 3.0.3 needs to tell the synchronize process that cglib and asm are also needed.

This should not be in the jbossas build component list, because hibernate 3.0.4 may no longer have these dependencies. A given components dependeices should be a listing of those apis that are actually used.

I'll take a look at import addition and assign myself the task as I am looking at how the build actually works currently.

What do you do if two components specify different versions
of the same dependency?

My guess is to take the latest and warn the developer if there is nothing
saying a component has been tested with that version.

This would then lead to a QA task where they test it and either:
1) update the manifest to say that version is ok
2) choose a later version of the component in question that has been tested
3) get the component developer(s) to fix any problems found from the testing

Right, assuming by manifest you mean the repository component-info.xml import statements?

We do need to figure out to handle the multiple version mismatches that will show up. As part of generating the license-info.xml from the thirdparty repository references, detection of version conflicts will be flagged. That should in fact be a custom cruisecontrol action that results in an email to qa and the development list. Maybe its best to require the version on component-info.xml import statements rather than trying to default to the latest to start with in the absence of such info to start with.

As you say I don't see any magic resolution. There needs to be testing and lead on the component using the older version consulted to see if the changes look to be problematic. This gets back to exactly what should be in the thirdparty repository. Release notes, source and patches would seem to be a good minimum in addition to the binaries.