[SPARK-54192][BUILD] Upgrade roaringbitmap from 1.3.0 to 1.5.3

[yaooqinn]

What changes were proposed in this pull request?

Upgrade roaringbitmap from 1.3.0 to 1.5.3

Artifact updates at https://mvnrepository.com/artifact/org.roaringbitmap/RoaringBitmap have been stopped since 1.3.0. We need to add an additional repository, jitpack.io.

Why are the changes needed?

Dependency updates

Does this PR introduce any user-facing change?

No

How was this patch tested?

Passing GA

Was this patch authored or co-authored using generative AI tooling?

no

[yaooqinn]

cc @dongjoon-hyun

[dongjoon-hyun]

cc @LuciferYang from his attempt.

• [BUILD] Upgrade RoaringBitmap to 1.5.2 #49710

[LuciferYang]

Our previous concern was that the download source was flakiness: #49710 (comment)

If we can confirm that there's no issue with it, that would be great.

[yaooqinn]

I didn't notice @LuciferYang 's PR. Thank you for providing me with the link, @dongjoon-hyun .

Let me merge this first to test the network traffic to the Jitpack servers. Considering the disparity in usage base between Jitpack and Maven Central， it is hoped this will not result in network-related exceptions.

Merged to master

[LuciferYang]

I didn't notice @LuciferYang 's PR. Thank you for providing me with the link, @dongjoon-hyun .

Let me merge this first to test the network traffic to the Jitpack servers. Considering the disparity in usage base between Jitpack and Maven Central， it is hoped this will not result in network-related exceptions.

Merged to master

ok, let me close my pr

[dongjoon-hyun]

Hi, @yaooqinn . Just want to report some downstream issues.

Unfortunately, it turns out that this new repository, https://jitpack.io, is not trivially supported in some company. I'm digging the issues to handle in the downstream.

[yaooqinn]

Thank you for the information @dongjoon-hyun. Maybe they can download the artifact to their repo mirror service ahead.

[LuciferYang]

Thank you for the information @dongjoon-hyun. Maybe they can download the artifact to their repo mirror service ahead.

This is indeed a problem, as not every company grants sufficient permissions to allow its employees to do this.

[yaooqinn]

I understand that it could be a temporary issue for some of the CI maintainers of proprietary forks. But withdrawing or banning a trusted and functional public repository service from being used is out of step with the trend.

[dongjoon-hyun]

It seems that we hit the download error due to Jitpack instability, @yaooqinn .

• https://github.com/SCHJonathan/spark/actions/runs/19356119835/job/55379836389

[error] sbt.librarymanagement.ResolveException: Error downloading com.github.RoaringBitmap.RoaringBitmap:roaringbitmap:1.5.3
[error]   Not found
[error]   Not found
[error]   not found: https://maven-central.storage-download.googleapis.com/maven2/com/github/RoaringBitmap/RoaringBitmap/roaringbitmap/1.5.3/roaringbitmap-1.5.3.pom
[error]   download error: Caught java.net.SocketException (Network is unreachable) while downloading https://jitpack.io/com/github/RoaringBitmap/RoaringBitmap/roaringbitmap/1.5.3/roaringbitmap-1.5.3.pom
[error]   not found: https://repo1.maven.org/maven2/com/github/RoaringBitmap/RoaringBitmap/roaringbitmap/1.5.3/roaringbitmap-1.5.3.pom
[error]   not found: /root/.m2/repository/com/github/RoaringBitmap/RoaringBitmap/roaringbitmap/1.5.3/roaringbitmap-1.5.3.pom
[error]   not found: /root/.ivy2/localcom.github.RoaringBitmap.RoaringBitmap/roaringbitmap/1.5.3/ivys/ivy.xml

[yaooqinn]

Hi @dongjoon-hyun, thank you for the updates.

Based on the observations so far, it looks like the service availability level of JitPack.io meets our requirements compared to all other infra systems.

[dongjoon-hyun]

Hi, @yaooqinn . This fails again. Given that I don't check all failure log one by one, I believe JitPack failures are more frequent than I report here. In other words, JitPatck.io seems to be a big contributor to the CI flakiness compare to the other infra system.

https://github.com/apache/spark/actions/runs/19469862296/job/55714095559

Error:  Failed to execute goal on project spark-network-common_2.13: Could not collect dependencies for project org.apache.spark:spark-network-common_2.13:jar:spark-899171
Error:  Failed to read artifact descriptor for com.github.RoaringBitmap.RoaringBitmap:roaringbitmap:jar:1.5.3
Error:  	Caused by: The following artifacts could not be resolved: com.github.RoaringBitmap.RoaringBitmap:roaringbitmap:pom:1.5.3 (absent): Could not transfer artifact com.github.RoaringBitmap.RoaringBitmap:roaringbitmap:pom:1.5.3 from/to jitpack.io (https://jitpack.io/):
status code: 500, reason phrase: Internal Server Error (500)

[dongjoon-hyun]

Please note that Internal Server Error (500) is different from Too Many Requests (429) error which we meet in the common system. For 4xx, we may add re-try but what can we do for 500 error, @yaooqinn ? Have you seen 500 errors from Google Maven Central or Maven Central at this frequency?

[yaooqinn]

FYI, https://status.jitpack.io/, https://status.maven.org/

Regarding downtime statistics, Jitpack's uptime over the last 90 days is 98.700%, while Maven achieves 100%. It is clear that Maven performs better in terms of Service Level Agreement (SLA).

[yaooqinn]

Maven - Nov 18, 11:31 EST

Monitoring - We had received sporadic reports of 5xx errors during the early parts of the CloudFlare outage. We are currently unable to reproduce these errors in our primary regions. We will keep this incident open while CloudFlare CDN services are marked as degraded.