Bamboo build failing because of missing SHA

@jrichards ,

We are now seeing issues with building our bamboo apps because a SHA checksum file is missing:

[WARNING] Could not validate integrity of download from https://packages.atlassian.com/artifactory/maven-atlassian-all/com/octo/captcha/jcaptcha/2.0-alpha-1/jcaptcha-2.0-alpha-1.pom
org.eclipse.aether.transfer.ChecksumFailureException: Checksum validation failed, no checksums available
...
[ERROR] Failed to read artifact descriptor for com.octo.captcha:jcaptcha-api:jar:2.0-alpha-1
[ERROR]         Caused by: The following artifacts could not be resolved: com.octo.captcha:jcaptcha-api:pom:2.0-alpha-1 (absent)

This is indeed correct, see Atlassian Repository: com/octo/captcha/jcaptcha/2.0-alpha-1/

Screenshot 2024-12-17 at 11.16.32664×247 15.7 KB

I actually have this file locally because luckily I’ve been active in this community for some time now

Screenshot 2024-12-17 at 11.17.071110×380 125 KB

but I think it is really weird for Atlassian to do these types of migrations and just loosing random data like a SHA file.

It does not necessarily instil confidence that there aren’t other files gone missing, making it harder and harder for Atlassian Marketplace Partners to build older artifacts from source if required.

Would it be possible for Atlassian to stop the current migrations and re-asses her strategy?

Cheers,

Remie

Hi @rbolte,

I’ve been off for a few weeks. We’ve added .sha files for the .pom now. Can you see if the build works for you using external repo?

I’ve also asked if we’ve missed any other files as well to be sure.

James.

Hi @jrichards,

We’re now having an issue with the missing commons-httpclient:commons-httpclient:jar:3.1-jenkins-3 artifact, which is not present in Maven Central. Can you look into it?

Hi @lexek-92,

We’ve now removed the 3rd party libraries from the Atlassian repo. I had a quick look and I can see this listed here

• https://mvnrepository.com/artifact/commons-httpclient/commons-httpclient/3.1-jenkins-3

Where is this required? In your dependencies or in Bamboo?

James.

Hi, is’s required in Jira 10
https://maven.artifacts.atlassian.com/com/atlassian/jira/jira-bom/10.0.0/jira-bom-10.0.0.pom
https://maven.artifacts.atlassian.com/com/atlassian/jira/jira-bom/10.3.2/jira-bom-10.3.2.pom

We’ve now removed the 3rd party libraries from the Atlassian repo. I had a quick look and I can see this listed here

It seems to be hosted only in Jenkins repo, which is not ideal.

Libraries for Jira 10 (e.g., jira-api and jira-core) depend on artifacts that have been removed from the Atlassian repository. It is not ideal to retrieve these dependencies from external sources.
While httpclient:3.1-jenkins-3 can be obtained from the Jenkins repository and ehcache:2.10.10.20.11 from the Terracotta repository, it would be preferable if they remained available in the Atlassian repository.

image416×119 2.26 KB

image518×157 5.49 KB

Hi Team,

We’ve had to remove non-Atlassian libraries from packages.atlassian.com. We have the required repositories documented in

• https://developer.atlassian.com/server/framework/atlassian-sdk/maven-package-mirrors/
  You can see in the list that Terracotta and Jenkins are required for the builds.

I’m sorry, but I believe this is an upstream requirement from the provider of our repository. The latest atlas-sdk has these already configured.

James.