Skip to content

Use Jacoco 0.8.15 snapshot #1550

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
msridhar merged 1 commit into from
Apr 27, 2026
+17 −1
Merged

Use Jacoco 0.8.15 snapshot #1550

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 17 additions & 1 deletion buildSrc/src/main/groovy/nullaway.java-test-conventions.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,24 @@ plugins {
id 'jacoco'
}

// we pull in the snapshot version of Jacoco to support running on JDK 27 early access builds
// This repositories declaration is scoped so we can only pull in a snapshot version of Jacoco
// from the snapshots repo, not any other dependency
repositories {
maven {
name = "SonatypeSnapshots"
url = uri("https://central.sonatype.com/repository/maven-snapshots/")
mavenContent {
snapshotsOnly()
}
content {
includeGroup("org.jacoco")
}
}
}

jacoco {
toolVersion = "0.8.14"
toolVersion = "0.8.15-SNAPSHOT"
Comment on lines +22 to +39
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Apr 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick | 🔵 Trivial

🧩 Analysis chain

🌐 Web query:

Sonatype Central Portal maven snapshots repository URL 2026

💡 Result:

The Sonatype Central Portal Maven snapshots repository URL is https://central.sonatype.com/repository/maven-snapshots/. This is the current URL as of 2026 for publishing and consuming Maven SNAPSHOT artifacts via the Central Portal. Note that the legacy OSSRH snapshots URL (https://oss.sonatype.org/content/repositories/snapshots/) has been deprecated since around mid-2025.

Citations:

Pinning to a -SNAPSHOT makes builds non-reproducible; add a TODO to switch to the release.

Snapshot artifacts on Sonatype are mutable, so two builds of the same NullAway commit can resolve different org.jacoco:*:0.8.15-SNAPSHOT jars, producing different coverage behavior or transitive dependency sets over time. Gradle caches snapshots for 24h by default, so locally-cached vs. fresh CI agents may also diverge.

The repository scoping (snapshotsOnly() + includeGroup("org.jacoco")) correctly limits the blast radius to Jacoco only. Add a // TODO (and ideally a tracking issue link) to revert to the released 0.8.15 once it ships, so this doesn't silently linger:

📝 Suggested TODO marker 
-// we pull in the snapshot version of Jacoco to support running on JDK 27 early access builds
+// TODO: revert to released Jacoco once 0.8.15 is published; tracking: <issue-link>
+// We temporarily pull in the snapshot version to support JDK 27 early access builds.
 // This repositories declaration is scoped so we can only pull in a snapshot version of Jacoco
 // from the snapshots repo, not any other dependency
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@buildSrc/src/main/groovy/nullaway.java-test-conventions.gradle` around lines
22 - 39, Add a clear TODO comment next to the Jacoco snapshot pin (the jacoco {
toolVersion = "0.8.15-SNAPSHOT" } declaration) indicating this is temporary and
must be switched to the released 0.8.15 once available; mention the reason
(SNAPSHOT is mutable), scope (we limit to SonatypeSnapshots/mavenContent
includeGroup("org.jacoco")), and include a tracking issue or ticket link (or
placeholder) so it can be reverted later.

}

// Do not generate reports for individual projects
Expand Down
Loading