fyi, we seem to running into some certificate issues contacting the Maven Repo when running builds, which I assume is happening for some reason due to the Maven migration?
27-Oct-2017 03:11:38 [ERROR] The build could not read 1 project -> [Help 1]
27-Oct-2017 03:11:38 [ERROR]
27-Oct-2017 03:11:38 [ERROR] The project org.openmrs.module:webservices.rest-omod:2.22.0-SNAPSHOT (/opt/bamboo5.9/xml-data/build-dir/MIREBALAIS-RWSM-JOB1/omod/pom.xml) has 1 error
27-Oct-2017 03:11:38 [ERROR] Unresolveable build extension: Plugin org.openmrs.maven.plugins:maven-openmrs-plugin:1.0.1 or one of its dependencies could not be resolved: Could not transfer artifact org.openmrs.maven.plugins:maven-openmrs-plugin:jar:1.0.1 from/to openmrs-repo (http://mavenrepo.openmrs.org/nexus/content/repositories/public): sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target -> [Help 2]
I believe we ran into this same issue today with all of our module builds. The Bamboo server was upgraded yesterday, which is when it started happening for us.
We would not be able to update to java 7.0.111. The Bamboo server is not maintained by our group. Also, I think 7.0.80 is the latest publicly available version. My understanding is that 7.0.111 is a paid version. This doesn’t seem like a java issue since we are able to build fine locally.
This is still happening for us, unfortunately, but only in some cases, and it’s unclear what the pattern is. Most of the time it works, but when it fails, it fails consistently. For instance, every time our bamboo tries to deploy the Visit Documents module snapshot we are seeing this error:
build 30-Oct-2017 11:25:56 [ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.7:deploy (default-deploy) on project visitdocumentsui: Failed to retrieve remote metadata org.openmrs.module:visitdocumentsui:1.4-SNAPSHOT/maven-metadata.xml: Could not transfer metadata org.openmrs.module:visitdocumentsui:1.4-SNAPSHOT/maven-metadata.xml from/to openmrs-repo-snapshots (http://mavenrepo.openmrs.org/nexus/content/repositories/snapshots): sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target -> [Help 1]
However, it’s able to deploy other module snapshots correctly, and the “snapshot” section in the distribution management section of both poms appear to be identical.
On a related note, in case this is helpful, at times our builds are failing because it can’t find a dependency (which does exist):
[ERROR] Failed to execute goal on project mirebalais-api: Could not resolve dependencies for project org.openmrs.module:mirebalais-api:jar:1.2-SNAPSHOT: The following artifacts could not be resolved: org.openmrs.module:pacsintegration-api:jar:1.5-SNAPSHOT, org.openmrs.module:emr-api:jar:2.1-SNAPSHOT, org.openmrs.module:coreapps-api:jar:1.18.0-SNAPSHOT, org.openmrs.module:allergyapi-api:jar:1.5-SNAPSHOT, org.openmrs.module:edtriageapp-api:jar:1.0-SNAPSHOT, org.openmrs.module:labtrackingapp-api:jar:1.0.0-SNAPSHOT: Could not find artifact org.openmrs.module:pacsintegration-api:jar:1.5-SNAPSHOT → [Help 1]
These failures appear to be transitory though… a rerun and generally things work.
Hope this helps and doesn’t just make things more confusing…
I’m not sure if it will help in your case or not, but it might be worth a try. I think there is something strange happening how Bamboo handles redirects.
We had the old URL specified in our settings.xml file, but as soon as we switched them to the new one all the builds started working again.
Nope, before all the automation, we are using a paid/manual certificate. You know, those you pay and get the certificate back a couple of days later, without autorenew and stuff. We sorta need to get rid of it.
But letsencrypt is so standard these days that it didn’t even occur to me that some java truststores wouldn’t have it.
It’s a little tricky for me to diagnose problems when I don’t have access to the machines. I suppose bamboo is not accessible from the internet, right?
I suppose you might have multiple bamboo agents. Would you be able to check if there’s any pattern (a certain agent always fails, or always succeeds)? Also, if you have multiple agents, there’s a chance they have slightly different maven versions or java updates.
Can you please run a build ‘mvn --version ; java -version’ in all of them? Also, could you run that locally for me please? I will try to reproduce it locally, but I’d need the very specific version to attempt.
I suppose there’s a pretty good reason why you are running it with java 7, and you wouldn’t be able to try it with java 8.
The URL on the settings.xml should only affect downloads, not uploads. The only thing relevant there for uploads are the credentials. So it’s very weird. It could indeed be a problem with maven, but it’s very confusing the whole thing.
Last by not least, I’m really sorry for all the problems. When we automate and upgrade all the systems, some teething problem is bound to happen. It’s a shame it’s with an external system, so I don’t really have the power to fix it by myself.
First of, no worries! Generally the upgrade has gone really smoothly, and it’s worked in most cases. I realize that problems are to be expected.
And I think I’ve figured this one out… was an issue on my end… I think there was a old version of Java 8 (1.8.0_60) that it was picking up, even though I had also installed 1.8.0_151… I’ve cleaned it up and confirmed that I can now deploy the Visit Documents module… so weird though that it was only happening in some cases, though…
I’m running through our whole pipeline now to make sure everything still works, fingers crossed!
@mogoodrich does the whole pipeline work well? It looks like am running into the same problem while trying to build the latest version of the reference application distro.
Yes, our whole pipeline is now working, after I made sure I was running Java 1.8_151.
I think it relates to the letsencrypt bug mentioned above… and you need to make sure you are using a high enough build of Java 8. (I’m assuming Java 7 would still work, as long as you have a more recent build of it as well).
I’m still having problems deploying from my laptop as I mentioned in another thread, but that seems to be a different issue.