Skip to content

[LANG-1776] Use GitHub URL in project.scm.url#1405

Merged
garydgregory merged 2 commits intomasterfrom
fix/1776_github-url
Jul 6, 2025
Merged

[LANG-1776] Use GitHub URL in project.scm.url#1405
garydgregory merged 2 commits intomasterfrom
fix/1776_github-url

Conversation

@ppkarwasz
Copy link
Copy Markdown
Member

@ppkarwasz ppkarwasz commented Jul 6, 2025

This PR updates the project.scm.url field in the Maven POM to point to the GitHub repository URL (https://github.com/apache/commons-lang).

While this field is not used directly by Maven during builds, it is increasingly leveraged by tools like Dependabot to:

  • Associate the Maven artifact with its GitHub repository
  • Automatically include release notes, changelogs, and commit history in pull requests for new versions

By using the GitHub URL, we improve the quality and completeness of metadata shown in automated upgrade PRs and make it easier for users to trace changes between releases.

@ppkarwasz
[LANG-1776] Use GitHub URL in project.scm.url
fd7d414 
This PR updates the `project.scm.url` field in the Maven POM to point to the GitHub repository URL (`https://github.com/apache/commons-lang`).

While this field is not used directly by Maven during builds, it is increasingly leveraged by tools like *Dependabot* to:

* Associate the Maven artifact with its GitHub repository
* Automatically include release notes, changelogs, and commit history in pull requests for new versions

By using the GitHub URL, we improve the quality and completeness of metadata shown in automated upgrade PRs and make it easier for users to trace changes between releases.
@garydgregory
Copy link
Copy Markdown
Member

garydgregory commented Jul 6, 2025

Hi @ppkarwasz

Do we really want to point to a non-Apache resource for something that is NOT the canonical Apache repository? I would think twice about this...

Dependabot doesn't seem to need this change FWIW, it just works fine today.

@ppkarwasz
fix: Add ciManagement to point at GitHub
3b3ed38 
This adds a `ciManagement` property that points to the GitHub Actions URL. This is a valid alternative to `project.scm.url` to allow Dependabot and other tooling to associate an artifact with the GitHub repo.
@ppkarwasz
Copy link
Copy Markdown
Member Author

ppkarwasz commented Jul 6, 2025

Do we really want to point to a non-Apache resource for something that is NOT the canonical Apache repository? I would think twice about this...

That's a valid concern. I've reverted project.scm.url back to https://gitbox.apache.org/repos/asf/commons-lang.git, which remains under ASF control and currently redirects to GitHub.

To help tooling like Dependabot discover the GitHub repository (without compromising the canonical SCM reference), I've added a ciManagement element in commit 3b3ed38, which points to GitHub Actions. This satisfies Dependabot’s fallback mechanism that looks for GitHub URLs elsewhere in the POM and enables it to retrieve changelogs and commit history for new releases.

Dependabot doesn't seem to need this change FWIW, it just works fine today.

That's mostly true — Dependabot can detect and propose version bumps even without this change. However, without a GitHub URL present, it cannot automatically enrich PRs with changelogs and commit diffs. For an example of this difference in behavior, see PR ppkarwasz/logging-log4j2#566, where commons-csv includes rich metadata, while commons-lang3 does not.

This small metadata tweak improves the user experience for downstream consumers without altering the authoritative SCM reference.

@garydgregory garydgregory merged commit de25962 into master Jul 6, 2025
34 of 36 checks passed
@garydgregory garydgregory deleted the fix/1776_github-url branch July 6, 2025 14:02
@garydgregory
Copy link
Copy Markdown
Member

garydgregory commented Jul 6, 2025

TY @ppkarwasz Merged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ppkarwasz @garydgregory