docs(prefetch): add experimental Maven prefetch documentation#620
docs(prefetch): add experimental Maven prefetch documentation#620adambkaplan wants to merge 1 commit into
Conversation
Add documentation for enabling Maven dependency prefetching with Hermeto. The new section covers generating a lockfile using the Maven Lockfile plugin with SHA-512 checksums computed locally for post-quantum cryptography readiness, including Maven plugins in the lockfile, validating the lockfile, and configuring the Tekton pipeline with the experimental x-maven type. Assisted-by: Claude Opus 4.6 Signed-off-by: Adam Kaplan <adam.kaplan@redhat.com>
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request adds documentation for experimental Maven prefetch support in Hermeto, including instructions on generating and validating a lockfile and configuring the Tekton pipeline. The review feedback suggests avoiding inline callouts within multi-line bash commands to prevent copy-paste syntax errors, and refining the description of Hermeto's Maven integration for improved clarity and technical accuracy.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| [source,bash] | ||
| ---- | ||
| mvn io.github.chains-project:maven-lockfile:generate \ | ||
| -DincludeMavenPlugins=true \ <1> | ||
| -DchecksumAlgorithm=SHA-512 \ <2> | ||
| -DchecksumMode=local <3> | ||
| ---- | ||
| <1> Include all Maven build plugins and their transitive dependencies in the lockfile. This ensures that plugin artifacts are also prefetched and available during hermetic builds. | ||
| <2> Use the SHA-512 algorithm for checksum computation to ensure post-quantum cryptography readiness. | ||
| <3> Compute checksums locally from artifacts in your local Maven repository (`.m2`), rather than downloading pre-computed checksums from remote repositories. |
There was a problem hiding this comment.
Using backslashes for line continuation followed by a space and an AsciiDoc callout (e.g., \\ <1>) can cause syntax errors when users copy and paste the command into their terminal. If the callout is stripped or copied, the trailing space after the backslash escapes the space instead of the newline, breaking the command.
To prevent copy-paste issues and improve readability, consider removing the callouts from the code block and describing the parameters in an imperative list below the command.
[source,bash]
----
mvn io.github.chains-project:maven-lockfile:generate \\
-DincludeMavenPlugins=true \\
-DchecksumAlgorithm=SHA-512 \\
-DchecksumMode=local
----
The command uses the following parameters:
* `-DincludeMavenPlugins=true`: Include all Maven build plugins and their transitive dependencies in the lockfile to ensure that plugin artifacts are also prefetched and available during hermetic builds.
* `-DchecksumAlgorithm=SHA-512`: Use the SHA-512 algorithm for checksum computation to ensure post-quantum cryptography readiness.
* `-DchecksumMode=local`: Compute checksums locally from artifacts in your local Maven repository (`.m2`), rather than downloading pre-computed checksums from remote repositories.
References
- Use imperative mood language in documentation. (link)
|
|
||
| WARNING: Maven support in Hermeto is experimental and may change without prior notice. | ||
|
|
||
| Hermeto supports Maven by reading a `lockfile.json` file in the project directory. To generate this file, use the link:https://github.com/chains-project/maven-lockfile[Maven Lockfile] plugin, which records resolved dependencies, plugins, and parent POM graphs. Hermeto downloads those artifacts into a local Maven repository layout and writes Maven settings so the build can run offline against that cache only. |
There was a problem hiding this comment.
Improve the clarity and precision of the description. Specifying 'configures Maven settings' or 'writes a Maven settings.xml file' is more accurate than 'writes Maven settings'. Also, 'these' is more appropriate than 'those' when referring to the resolved artifacts.
Hermeto supports Maven by reading a `lockfile.json` file in the project directory. To generate this file, use the link:https://github.com/chains-project/maven-lockfile[Maven Lockfile] plugin, which records resolved dependencies, plugins, and parent POM graphs. Hermeto downloads these artifacts into a local Maven repository layout and configures Maven settings so that the build can run offline using only that cache.
|
🚀 Preview is available at: https://pr-620--konflux-docs.netlify.app |
1 participant
Add documentation for enabling Maven dependency prefetching with Hermeto. The new section covers generating a lockfile using the Maven Lockfile plugin with SHA-512 checksums computed locally for post-quantum cryptography readiness, including Maven plugins in the lockfile, validating the lockfile, and configuring the Tekton pipeline with the experimental x-maven type.
Assisted-by: Claude Opus 4.6