New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Generate POM files with non-wildcard excludes #21234
Generate POM files with non-wildcard excludes #21234
Conversation
Dependencies are currently marked as non-transitive in generated POM files by adding a wildcard (*) exclusion. This does not play with the Apache Ivy dependency manager as it interprets these wildcards to exclude the main artifact of the dependency as well. This commit uses explicit excludes for each transitive artifact instead to ensure that the main artifact is not excluded.
I ❤️ all the tests! Also, sbt spits out some long lines.... |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
I do not see this as an elasticsearch bug, and do not think we should make this change. It is a bug in ivy. Wildcard exclusions are legitimate configuration for maven, and I added them to our generated poms to match what we will get when we are finally able to upgrade gradle to 3.x. |
We can ask contributors to run a specific version of gradle but I'm not sure we can ask users to run a particular version of ivy. Ivy should totally fix this but we should work around their bug in the mean time. |
@rjernst The SBT team has only fixed this in their latest release (0.13.3 - released 6 days ago) by patching their custom Ivy fork whereas other build / dependency management systems (e.g. Grape) use the official Ivy release which doesn't have such a fix. Fixing the incompatibility on our end for now is an easy thing to do (as I've shown with this PR) and will enable users of all build systems to properly consume our dependencies. Unless you come up with a better plan, I will merge this tonight. |
As much as I'd love to get this merged I don't think we should merge this over @rjernst's objections. It is our place as supporters of the patch to argue for it and @rjernst's place to either be convinced and withdraw his objections or not. I really do want us to generate the poms this way so ivy users can use it but I don't want to set a precedent that it is ok to override objections. Don't get me wrong, it is perfectly healthy to not do all of the thing requested in a PR but it is the requester of the change's place to withdraw the request not our place to merge anyway. We do this all the time, deciding that things should be done in a followup or not at all. With that said, I'll make my case again: |
Thank you Nik.
If we are going to merge this, then I think we should first file an issue with Ivy, which can be referenced in comments in this commit. And a comment should still exist that explains this will need revisiting when we upgrade to gradle 3.x. |
There is an open issue for it on the IVY issue tracker (didn't find it the first time): IVY-1531: Translation of POM to Ivy XML with * exclusion is removing main artifact |
@ywelsch Can you please add a link to that issue in your commit, along with a note that Gradle does this in 2.14+ automatically and we will need to revisit when upgrading? |
Dependencies are currently marked as non-transitive in generated POM files by adding a wildcard (*) exclusion. This breaks compatibility with the dependency manager Apache Ivy as it incorrectly translates POMs with * excludes to Ivy XML with * excludes which results in the main artifact being excluded as well (see https://issues.apache.org/jira/browse/IVY-1531). To stay compatible with the current release of Ivy this commit uses explicit excludes for each transitive artifact instead to ensure that the main artifact is not excluded. This should be revisited when we upgrade Gradle to a higher version as the current one (2.13) as Gradle automatically translates non-transitive dependencies to * excludes in 2.14+.
Dependencies are currently marked as non-transitive in generated POM files by adding a wildcard (*) exclusion. This breaks compatibility with the dependency manager Apache Ivy as it incorrectly translates POMs with * excludes to Ivy XML with * excludes which results in the main artifact being excluded as well (see https://issues.apache.org/jira/browse/IVY-1531). To stay compatible with the current release of Ivy this commit uses explicit excludes for each transitive artifact instead to ensure that the main artifact is not excluded. This should be revisited when we upgrade Gradle to a higher version as the current one (2.13) as Gradle automatically translates non-transitive dependencies to * excludes in 2.14+.
Dependencies are currently marked as non-transitive in generated POM files by adding a wildcard (*) exclusion. This breaks compatibility with the dependency manager Apache Ivy as it incorrectly translates POMs with * excludes to Ivy XML with * excludes which results in the main artifact being excluded as well (see https://issues.apache.org/jira/browse/IVY-1531). To stay compatible with the current release of Ivy this commit uses explicit excludes for each transitive artifact instead to ensure that the main artifact is not excluded. This should be revisited when we upgrade Gradle to a higher version as the current one (2.13) as Gradle automatically translates non-transitive dependencies to * excludes in 2.14+.
Relates to #21170
I've tested this patch as follows:
gradle publishToMavenLocal
Dependency management systems:
Gradle
Build file:
Run
gradle dependencies --configuration compile
which yieldsReplace the 5.0.0 dependency by 5.0.1-SNAPSHOT in the build file and run same command again:
Conclusion:
Gradle was handling the * excludes fine before and is still working as expected afterwards.
Ivy
Create
ivysettings.xml
file with following contents:Then run
ivy -settings ivysettings.xml -confs default -dependency org.elasticsearch elasticsearch 5.0.0 -retrieve "jars/[module]-[artifact](-[revision]).[ext]"
which yields
Only 12 artifacts instead of the 29 that we expect.
Let's repeat the same for 5.0.1-SNAPSHOT (but first
rm jars/*
):ivy -settings ivysettings.xml -confs default -dependency org.elasticsearch elasticsearch 5.0.1-SNAPSHOT -retrieve "jars/[module]-[artifact](-[revision]).[ext]"
which yields:
All 29 artifacts are accounted for.
SBT (version 0.13.12)
Let's create a simple build file (
build.sbt
):and run
sbt 'show runtime:fullClasspath'
Same as for Ivy, only 12 artifacts instead of the 29 that we expect.
Replace the 5.0.0 dependency by 5.0.1-SNAPSHOT in the build file and run same command again:
All 29 artifacts are there.