diff --git a/README.md b/README.md
index 1c000802054..df3dc6f0a74 100644
--- a/README.md
+++ b/README.md
@@ -117,6 +117,66 @@ Bootstrapping installs the necessary dependencies for each package.
---
+## Reproducible Builds for _maven-based_ packages
+
+It is mandatory that any _maven-based_ package that releases artifacts runs [Reproducible Builds](https://reproducible-builds.org/)
+to build it's artifacts, in this case, in our `build:prod` scripts.
+
+`@kie-tools/maven-base` provides the `reproducible-build` `maven` profile to enable _Reproducible Builds_ in our builds.
+To use it follow the steps:
+
+- Make sure the `package.json` depends on `@kie-tools/maven-base`:
+
+```json
+{
+ "dependencies": {
+ "@kie-tools/maven-base": "workspace:*"
+ }
+}
+```
+
+- Make the package `pom.xml` has `kie-tools-maven-base` as a parent and declares the `project.build.outputTimestamp` property like:
+
+```xml
+
+
+ org.kie
+ kie-tools-maven-base
+ ${revision}
+ ./node_modules/@kie-tools/maven-base/pom.xml
+
+ ...
+
+ 2024-01-12T00:00:00Z
+
+ ...
+
+```
+
+- In your `package.json` scripts, enable the _Reproducible Build_ profile adding the `-Dreproducible` argument in `build:prod` scripts, like:
+
+```json
+{
+ "scripts": {
+ "build:prod": "pnpm lint && run-script-os",
+ "build:prod:darwin:linux": "mvn clean deploy [...other maven options...] -Dreproducible",
+ "build:prod:win32": "pnpm powershell \"mvn clean deploy [...other maven options...] `-Dreproducible\""
+ }
+}
+```
+
+> IMPORTANT: the current version of the `maven-artifact-plugin` (3.4.1) used in `kie-tools` bans the `maven-flatten-plugin` that
+> we use to generate deployable artifacts using the dynamic `${revision}` variable. You can check the full list of banned
+> plugins [here](https://maven.apache.org/plugins-archives/maven-artifact-plugin-3.4.1/plugin-issues.html).
+> The issue that caused the ban [flatten-maven-plugin/issues/256](https://github.com/mojohaus/flatten-maven-plugin/issues/256) was a result
+> of change in `maven` behaviour between `v3.8.1` and `v3.8.2`, and isn't a problem on the `maven-flatten-plugin`.
+> Actually, in later versions of the `maven-artifact-plugin` the ban got revoked.
+> Having this in mind, and due to the fact that `kie-tools` requires newer `maven` versions, our _Reproducible Builds_ require
+> temporarily overriding the list of banned plugins, until we upgrade to a newer `maven-artifact-plugin` version.
+> This will be addressed by https://github.com/apache/incubator-kie-issues/issues/1371
+
+---
+
## Applications
The Apache KIE Tools project contains several applications. To develop each one of them individually, refer to the instructions below.
diff --git a/packages/extended-services-java/package.json b/packages/extended-services-java/package.json
index 785de45e2ba..eb924c5c1b2 100644
--- a/packages/extended-services-java/package.json
+++ b/packages/extended-services-java/package.json
@@ -21,8 +21,8 @@
"build:dev:linux:darwin": "mvn clean install -DskipTests -DskipITs && pnpm dist",
"build:dev:win32": "pnpm powershell \"mvn clean install `-DskipTests `-DskipITs\" && pnpm dist",
"build:prod": "run-script-os",
- "build:prod:linux:darwin": "mvn clean install -DskipTests=$(build-env tests.run --not) -Dmaven.test.failure.ignore=$(build-env tests.ignoreFailures) -DskipITs=$(build-env endToEndTests.run --not) && pnpm dist",
- "build:prod:win32": "pnpm powershell \"mvn clean install `-DskipTests=$(build-env tests.run --not) `-Dmaven.test.failure.ignore=$(build-env tests.ignoreFailures) `-DskipITs=$(build-env endToEndTests.run --not)\" && pnpm dist",
+ "build:prod:linux:darwin": "mvn clean install -DskipTests=$(build-env tests.run --not) -Dmaven.test.failure.ignore=$(build-env tests.ignoreFailures) -DskipITs=$(build-env endToEndTests.run --not) -Dreproducible && pnpm dist",
+ "build:prod:win32": "pnpm powershell \"mvn clean install `-DskipTests=$(build-env tests.run --not) `-Dmaven.test.failure.ignore=$(build-env tests.ignoreFailures) `-DskipITs=$(build-env endToEndTests.run --not) `-Dreproducible\" && pnpm dist",
"copy:app": "run-script-os",
"copy:app:linux:darwin": "copyfiles -u 1 \"target/quarkus-app/**/*\" dist/",
"copy:app:win32": "copyfiles -u 1 \"target/quarkus-app/**\" dist/",
diff --git a/packages/extended-services-java/pom.xml b/packages/extended-services-java/pom.xml
index 08d2a490bf5..7eb6467d1da 100644
--- a/packages/extended-services-java/pom.xml
+++ b/packages/extended-services-java/pom.xml
@@ -45,6 +45,7 @@
+ 2024-01-12T00:00:00Z
org.kie.tools.extended-services
diff --git a/packages/jbpm-quarkus-devui/package.json b/packages/jbpm-quarkus-devui/package.json
index 17ac09aa967..0bb8ffe2a41 100644
--- a/packages/jbpm-quarkus-devui/package.json
+++ b/packages/jbpm-quarkus-devui/package.json
@@ -17,8 +17,8 @@
"build:dev:darwin:linux": "mvn clean install -DskipTests",
"build:dev:win32": "pnpm powershell \"mvn clean install -DskipTests \"",
"build:prod": "pnpm lint && run-script-os",
- "build:prod:darwin:linux": "mvn clean deploy -DdeployAtEnd -DskipTests=$(build-env tests.run --not) -Dmaven.test.failure.ignore=$(build-env tests.ignoreFailures) -Dmaven.deploy.skip=$(build-env maven.deploy.skip)",
- "build:prod:win32": "pnpm powershell \"mvn clean deploy `-DdeployAtEnd `-DskipTests `-Dmaven.test.failure.ignore=$(build-env tests.ignoreFailures) `-Dmaven.deploy.skip=$(build-env maven.deploy.skip)\"",
+ "build:prod:darwin:linux": "mvn clean deploy -DdeployAtEnd -DskipTests=$(build-env tests.run --not) -Dmaven.test.failure.ignore=$(build-env tests.ignoreFailures) -Dmaven.deploy.skip=$(build-env maven.deploy.skip) -Dreproducible",
+ "build:prod:win32": "pnpm powershell \"mvn clean deploy `-DdeployAtEnd `-DskipTests `-Dmaven.test.failure.ignore=$(build-env tests.ignoreFailures) `-Dmaven.deploy.skip=$(build-env maven.deploy.skip) `-Dreproducible\"",
"install": "node install.js",
"lint": "echo 'Linting'",
"powershell": "@powershell -NoProfile -ExecutionPolicy Unrestricted -Command",
diff --git a/packages/jbpm-quarkus-devui/pom.xml b/packages/jbpm-quarkus-devui/pom.xml
index 1b5dc7c7e0a..fa9762b7fa2 100644
--- a/packages/jbpm-quarkus-devui/pom.xml
+++ b/packages/jbpm-quarkus-devui/pom.xml
@@ -39,6 +39,7 @@
pom
+ 2024-01-12T00:00:00Z
org.jbpm.quarkus.dev.ui
diff --git a/packages/maven-base/not-reproducible-plugins.properties b/packages/maven-base/not-reproducible-plugins.properties
new file mode 100644
index 00000000000..4fb578634a5
--- /dev/null
+++ b/packages/maven-base/not-reproducible-plugins.properties
@@ -0,0 +1,91 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+
+# KIE-TOOLS DISCLAIMER:
+# This file has been copied from the "maven-artifact-plugin" github repo (https://github.com/apache/maven-artifact-plugin/tree/maven-artifact-plugin-3.4.1/)
+# with the unique goal of enabling then "maven-flatten-plugin" in the "kie-tools" reproducible builds.
+# We are re-enabling the "maven-flatten-plugin" because the issue that caused the inclusion of plugin in this file (https://github.com/mojohaus/flatten-maven-plugin/issues/256)
+# won't have any effect in our builds. The issue was reported due to a change in "maven" behaviour between v3.8.1 & v3.8.2
+# and "kie-tools" require newer "maven" versions.
+# This file will be removed as a part of: https://github.com/apache/incubator-kie-issues/issues/1371
+
+
+# list of plugins that did not produce reproducible output in the past, with minimum reproducible version
+
+# default org.apache.maven.plugins groupId
+maven-archetype-plugin=3.2.0
+# https://issues.apache.org/jira/browse/ARCHETYPE-590
+maven-assembly-plugin=3.2.0
+# https://issues.apache.org/jira/browse/MASSEMBLY-921
+maven-jar-plugin=3.2.0
+# https://issues.apache.org/jira/browse/MJAR-263
+# https://issues.apache.org/jira/browse/MJAR-275
+maven-ejb-plugin=3.1.0
+# https://issues.apache.org/jira/browse/MEJB-128
+maven-plugin-plugin=3.5.1
+# https://issues.apache.org/jira/browse/MPLUGIN-326
+maven-remote-resources-plugin=1.7.0
+# https://issues.apache.org/jira/browse/MRRESOURCES-114
+maven-shade-plugin=3.2.3
+# https://issues.apache.org/jira/browse/MSHADE-352
+# https://issues.apache.org/jira/browse/MSHADE-420 for some shaded jars, timezone counts: does not really make the build not reproducible, just harder
+maven-source-plugin=3.2.1
+# https://issues.apache.org/jira/browse/MSOURCES-123
+maven-war-plugin=3.3.1
+# https://issues.apache.org/jira/browse/MWAR-432
+maven-ear-plugin=3.1.0
+# https://issues.apache.org/jira/browse/MEAR-280
+maven-rar-plugin=3.0.0
+# https://issues.apache.org/jira/browse/MRAR-86
+maven-acr-plugin=3.2.0
+# https://issues.apache.org/jira/browse/MACR-53
+
+# plugin-specific groupId
+
+org.antlr+antlr3-maven-plugin=fail:https://github.com/antlr/antlr3/pull/195
+
+org.apache.felix+maven-bundle-plugin=5.1.5
+# https://issues.apache.org/jira/browse/FELIX-6495
+# https://issues.apache.org/jira/browse/FELIX-6496
+org.apache.karaf.tooling+karaf-maven-plugin=4.3.7
+# https://issues.apache.org/jira/browse/KARAF-7367
+org.apache.nifi+nifi-nar-maven-plugin=1.3.4
+# https://issues.apache.org/jira/browse/NIFI-9857
+org.apache.servicemix.tooling+depends-maven-plugin=fail:https://issues.apache.org/jira/browse/SM-5021
+
+org.codehaus.plexus+plexus-component-metadata=2.1.0
+# https://github.com/codehaus-plexus/plexus-containers/issues/27
+org.codehaus.mojo+jaxb2-maven-plugin=fail:https://github.com/mojohaus/jaxb2-maven-plugin
+#
+org.codehaus.mojo+properties-maven-plugin=1.1.0
+# https://github.com/mojohaus/properties-maven-plugin/pull/75
+
+# Commenting to enable the "flatten-maven-plugin" for "kie-tools", please refer to the DISCLAIMER for more info.
+# org.codehaus.mojo+flatten-maven-plugin=fail:https://github.com/mojohaus/flatten-maven-plugin/issues/256
+
+org.eclipse.sisu+sisu-maven-plugin=0.3.4
+# https://github.com/eclipse/sisu.inject/pull/5
+org.eclipse.jetty+jetty-jspc-maven-plugin=fail:https://github.com/eclipse/jetty.project/
+
+org.jboss.jandex+jandex-maven-plugin=fail:https://github.com/wildfly/jandex-maven-plugin/pull/35
+
+org.springframework.boot+spring-boot-maven-plugin=2.7.1
+# https://github.com/spring-projects/spring-boot/issues/21005
+
+org.vafer+jdeb=1.10
+# https://github.com/tcurdt/jdeb/pull/363
\ No newline at end of file
diff --git a/packages/maven-base/package.json b/packages/maven-base/package.json
index 35f01393562..8af3e3cbf2f 100644
--- a/packages/maven-base/package.json
+++ b/packages/maven-base/package.json
@@ -17,8 +17,8 @@
"build:dev:darwin:linux": "mvn clean install -DskipTests",
"build:dev:win32": "pnpm powershell \"mvn clean install -DskipTests \"",
"build:prod": "pnpm lint && run-script-os",
- "build:prod:darwin:linux": "mvn clean deploy -DdeployAtEnd -DskipTests=$(build-env tests.run --not) -Dmaven.test.failure.ignore=$(build-env tests.ignoreFailures) -Dmaven.deploy.skip=$(build-env maven.deploy.skip)",
- "build:prod:win32": "pnpm powershell \"mvn clean deploy `-DdeployAtEnd `-DskipTests `-Dmaven.test.failure.ignore=$(build-env tests.ignoreFailures) `-Dmaven.deploy.skip=$(build-env maven.deploy.skip)\"",
+ "build:prod:darwin:linux": "mvn clean deploy -DdeployAtEnd -DskipTests=$(build-env tests.run --not) -Dmaven.test.failure.ignore=$(build-env tests.ignoreFailures) -Dmaven.deploy.skip=$(build-env maven.deploy.skip) -Dreproducible",
+ "build:prod:win32": "pnpm powershell \"mvn clean deploy `-DdeployAtEnd `-DskipTests `-Dmaven.test.failure.ignore=$(build-env tests.ignoreFailures) `-Dmaven.deploy.skip=$(build-env maven.deploy.skip) `-Dreproducible\"",
"install": "pnpm set-quarkus-version && pnpm set-kogito-version && node install.js",
"lint": "echo 'Linting'",
"powershell": "@powershell -NoProfile -ExecutionPolicy Unrestricted -Command",
diff --git a/packages/maven-base/pom.xml b/packages/maven-base/pom.xml
index 433d466ca48..0a7e775f5a4 100644
--- a/packages/maven-base/pom.xml
+++ b/packages/maven-base/pom.xml
@@ -169,6 +169,12 @@
${version.maven.artifact.plugin}
${project.build.outputTimestamp}
+
+ ${session.executionRootDirectory}/node_modules/@kie-tools/maven-base/not-reproducible-plugins.properties
@@ -219,4 +225,45 @@
+
+
+
+ reproducible-build
+
+ false
+
+ reproducible
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-artifact-plugin
+
+
+
+ check-buildplan
+
+ check-buildplan
+
+
+ validate
+
+
+ compare
+
+ compare
+
+
+ install
+
+
+
+
+
+
+
diff --git a/packages/sonataflow-quarkus-devui/package.json b/packages/sonataflow-quarkus-devui/package.json
index b5a98959e5b..0e505282968 100644
--- a/packages/sonataflow-quarkus-devui/package.json
+++ b/packages/sonataflow-quarkus-devui/package.json
@@ -17,8 +17,8 @@
"build:dev:darwin:linux": "mvn clean install -DskipTests",
"build:dev:win32": "pnpm powershell \"mvn clean install -DskipTests \"",
"build:prod": "pnpm lint && run-script-os",
- "build:prod:darwin:linux": "mvn clean deploy -DdeployAtEnd -DskipTests=$(build-env tests.run --not) -Dmaven.test.failure.ignore=$(build-env tests.ignoreFailures) -Dmaven.deploy.skip=$(build-env maven.deploy.skip)",
- "build:prod:win32": "pnpm powershell \"mvn clean deploy `-DdeployAtEnd `-DskipTests `-Dmaven.test.failure.ignore=$(build-env tests.ignoreFailures) `-Dmaven.deploy.skip=$(build-env maven.deploy.skip)\"",
+ "build:prod:darwin:linux": "mvn clean deploy -DdeployAtEnd -DskipTests=$(build-env tests.run --not) -Dmaven.test.failure.ignore=$(build-env tests.ignoreFailures) -Dmaven.deploy.skip=$(build-env maven.deploy.skip) -Dreproducible",
+ "build:prod:win32": "pnpm powershell \"mvn clean deploy `-DdeployAtEnd `-DskipTests `-Dmaven.test.failure.ignore=$(build-env tests.ignoreFailures) `-Dmaven.deploy.skip=$(build-env maven.deploy.skip) `-Dreproducible\"",
"install": "node install.js",
"lint": "echo 'Linting'",
"powershell": "@powershell -NoProfile -ExecutionPolicy Unrestricted -Command",
diff --git a/packages/sonataflow-quarkus-devui/pom.xml b/packages/sonataflow-quarkus-devui/pom.xml
index c331ae26b04..bde74599d0a 100644
--- a/packages/sonataflow-quarkus-devui/pom.xml
+++ b/packages/sonataflow-quarkus-devui/pom.xml
@@ -39,6 +39,7 @@
pom
+ 2024-01-12T00:00:00Z
org.kie.kogito.quarkus.swf.dev.ui
diff --git a/packages/vscode-java-code-completion-extension-plugin/package.json b/packages/vscode-java-code-completion-extension-plugin/package.json
index ed548ca7e85..1a16d3f4065 100644
--- a/packages/vscode-java-code-completion-extension-plugin/package.json
+++ b/packages/vscode-java-code-completion-extension-plugin/package.json
@@ -22,8 +22,8 @@
"scripts": {
"build:dev": "mvn clean install -DskipTests",
"build:prod": "pnpm lint && run-script-os",
- "build:prod:darwin:linux": "mvn clean install -DskipTests=$(build-env tests.run --not) -Dmaven.test.failure.ignore=$(build-env tests.ignoreFailures)",
- "build:prod:win32": "pnpm powershell \"mvn clean install `-DskipTests=$(build-env tests.run --not) `-Dmaven.test.failure.ignore=$(build-env tests.ignoreFailures)\"",
+ "build:prod:darwin:linux": "mvn clean install -DskipTests=$(build-env tests.run --not) -Dmaven.test.failure.ignore=$(build-env tests.ignoreFailures) -Dreproducible",
+ "build:prod:win32": "pnpm powershell \"mvn clean install `-DskipTests=$(build-env tests.run --not) `-Dmaven.test.failure.ignore=$(build-env tests.ignoreFailures) `-Dreproducible\"",
"install": "node install.js && pnpm install:mvnw",
"install:mvnw": "mvn -e org.apache.maven.plugins:maven-wrapper-plugin:3.3.0:wrapper -f ./",
"lint": "echo 'Linting'",
diff --git a/packages/vscode-java-code-completion-extension-plugin/pom.xml b/packages/vscode-java-code-completion-extension-plugin/pom.xml
index fb681458423..556e46a65cf 100644
--- a/packages/vscode-java-code-completion-extension-plugin/pom.xml
+++ b/packages/vscode-java-code-completion-extension-plugin/pom.xml
@@ -41,6 +41,7 @@
+ 2024-01-12T00:00:00Z
3.0.5
${tycho.version}
scm:git:https://github.com/apache/incubator-kie-tools.git
diff --git a/packages/yard-model/package.json b/packages/yard-model/package.json
index 6dd85c13b12..5cdb74cc807 100644
--- a/packages/yard-model/package.json
+++ b/packages/yard-model/package.json
@@ -18,8 +18,8 @@
"build:dev:darwin:linux": "mvn clean install -DskipTests",
"build:dev:win32": "pnpm powershell \"mvn clean install `-DskipTests\"",
"build:prod": "pnpm lint && run-script-os",
- "build:prod:darwin:linux": "mvn clean install -DskipTests=$(build-env tests.run --not) -Dmaven.test.failure.ignore=$(build-env tests.ignoreFailures)",
- "build:prod:win32": "pnpm powershell \"mvn clean install `-DskipTests=$(build-env tests.run --not) `-Dmaven.test.failure.ignore=$(build-env tests.ignoreFailures)\"",
+ "build:prod:darwin:linux": "mvn clean install -DskipTests=$(build-env tests.run --not) -Dmaven.test.failure.ignore=$(build-env tests.ignoreFailures) -Dreproducible",
+ "build:prod:win32": "pnpm powershell \"mvn clean install `-DskipTests=$(build-env tests.run --not) `-Dmaven.test.failure.ignore=$(build-env tests.ignoreFailures) `-Dreproducible\"",
"install": "node install.js && pnpm install:mvnw",
"install:mvnw": "run-script-os",
"install:mvnw:darwin:linux": "mvn -e org.apache.maven.plugins:maven-wrapper-plugin:3.3.0:wrapper",
diff --git a/packages/yard-model/pom.xml b/packages/yard-model/pom.xml
index 7ef6dd4917e..671c53bcf8f 100644
--- a/packages/yard-model/pom.xml
+++ b/packages/yard-model/pom.xml
@@ -42,6 +42,7 @@
+ 2024-01-12T00:00:00Z
0.4
3.2.0
11
diff --git a/packages/yard-validator-worker/package.json b/packages/yard-validator-worker/package.json
index abf20133edb..b7157cc2e3c 100644
--- a/packages/yard-validator-worker/package.json
+++ b/packages/yard-validator-worker/package.json
@@ -18,8 +18,8 @@
"build:dev:darwin:linux": "mvn clean install -DskipTests",
"build:dev:win32": "pnpm powershell \"mvn clean install `-DskipTests\"",
"build:prod": "pnpm lint && run-script-os && pnpm copy:webworker",
- "build:prod:darwin:linux": "mvn clean install -DskipTests=$(build-env tests.run --not) -Dmaven.test.failure.ignore=$(build-env tests.ignoreFailures)",
- "build:prod:win32": "pnpm powershell \"mvn clean install `-DskipTests=$(build-env tests.run --not) `-Dmaven.test.failure.ignore=$(build-env tests.ignoreFailures)\"",
+ "build:prod:darwin:linux": "mvn clean install -DskipTests=$(build-env tests.run --not) -Dmaven.test.failure.ignore=$(build-env tests.ignoreFailures) -Dreproducible",
+ "build:prod:win32": "pnpm powershell \"mvn clean install `-DskipTests=$(build-env tests.run --not) `-Dmaven.test.failure.ignore=$(build-env tests.ignoreFailures) `-Dreproducible\"",
"copy:webworker": "copyfiles -f target/worker/yard-validator-worker/yard-validator-worker.js dist",
"install": "node install.js && pnpm install:mvnw",
"install:mvnw": "run-script-os",
diff --git a/packages/yard-validator-worker/pom.xml b/packages/yard-validator-worker/pom.xml
index d18d9a7439b..3b48a8bd075 100644
--- a/packages/yard-validator-worker/pom.xml
+++ b/packages/yard-validator-worker/pom.xml
@@ -42,6 +42,7 @@
+ 2024-01-12T00:00:00Z
0.4
2.0.10
3.13.0