Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependency convergence issues that surface when using maven-enforcer-plugin with DependencyConvergence #133

Closed
georgespalding opened this issue Feb 14, 2020 · 3 comments
Closed

Dependency convergence issues that surface when using maven-enforcer-plugin with DependencyConvergence #133

georgespalding opened this issue Feb 14, 2020 · 3 comments
Assignees
@elharo
Labels
api: storage Issues related to the googleapis/java-storage API. priority: p2 Moderately-important priority. Fix may not be included in next release. type: cleanup An internal cleanup or hygiene concern.

Comments

@georgespalding
Copy link

georgespalding commented Feb 14, 2020
edited
Loading

The java-storage/google-cloud-storage module has a dependency tree that mixes versions of the same artifact (via transitive dependencies). This is causing me and my team grief, because we use the maven-enforcer-plugin with <DependencyConvergence/> configured (in order to keep our internal and transient dependencies consistent);

In my opinion the best long term solution to this issue would be:

  1. Enable <DependencyConvergence/> in the parent pom: java-shared-config/pom.xml#L225
  2. Explicitly choose version for the conflicting dependencies.
    a. by adding the dependency in dependency management section
    b. by doing the appropriate bom import in the dependency management section

Steps to reproduce

  1. Clone this project
  2. Add the following plugin and config in the root pom.xml of the project:
...
  <build>
    <plugins>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-enforcer-plugin</artifactId>
        <executions>
          <execution>
            <id>enforce</id>
            <goals>
              <goal>enforce</goal>
            </goals>
            <configuration>
              <rules>
                <DependencyConvergence/>
              </rules>
            </configuration>
          </execution>
        </executions>
      </plugin>
      ...
    </plugins>
   ...
  </build>
  1. run maven install

The convergency issue report in full:

These are the conflicting versions in this module:

[WARNING]
Dependency convergence error for org.hamcrest:hamcrest-core:1.3 paths to dependency are:
+-com.google.cloud:google-cloud-storage:1.103.2-SNAPSHOT
  +-junit:junit:4.13
    +-org.hamcrest:hamcrest-core:1.3
and
+-com.google.cloud:google-cloud-storage:1.103.2-SNAPSHOT
  +-org.hamcrest:hamcrest-core:2.2

[WARNING]
Dependency convergence error for com.google.errorprone:error_prone_annotations:2.3.4 paths to dependency are:
+-com.google.cloud:google-cloud-storage:1.103.2-SNAPSHOT
  +-com.google.guava:guava:28.2-android
    +-com.google.errorprone:error_prone_annotations:2.3.4
and
+-com.google.cloud:google-cloud-storage:1.103.2-SNAPSHOT
  +-com.google.protobuf:protobuf-java-util:3.11.3
    +-com.google.errorprone:error_prone_annotations:2.3.4
and
+-com.google.cloud:google-cloud-storage:1.103.2-SNAPSHOT
  +-io.grpc:grpc-api:1.27.0
    +-com.google.errorprone:error_prone_annotations:2.3.4
and
+-com.google.cloud:google-cloud-storage:1.103.2-SNAPSHOT
  +-io.grpc:grpc-netty-shaded:1.27.0
    +-io.grpc:grpc-core:1.27.0
      +-com.google.errorprone:error_prone_annotations:2.3.4
and
+-com.google.cloud:google-cloud-storage:1.103.2-SNAPSHOT
  +-com.google.truth:truth:1.0.1
    +-com.google.errorprone:error_prone_annotations:2.3.3

[WARNING]
Dependency convergence error for com.google.auto.value:auto-value-annotations:1.7 paths to dependency are:
+-com.google.cloud:google-cloud-storage:1.103.2-SNAPSHOT
  +-com.google.auth:google-auth-library-oauth2-http:0.20.0
    +-com.google.auto.value:auto-value-annotations:1.7
and
+-com.google.cloud:google-cloud-storage:1.103.2-SNAPSHOT
  +-com.google.truth:truth:1.0.1
    +-com.google.auto.value:auto-value-annotations:1.6.3

[WARNING]
Dependency convergence error for com.google.api-client:google-api-client:1.30.8 paths to dependency are:
+-com.google.cloud:google-cloud-storage:1.103.2-SNAPSHOT
  +-com.google.api-client:google-api-client:1.30.8
and
+-com.google.cloud:google-cloud-storage:1.103.2-SNAPSHOT
  +-com.google.apis:google-api-services-storage:v1-rev20191011-1.30.3
    +-com.google.api-client:google-api-client:1.30.3
and
+-com.google.cloud:google-cloud-storage:1.103.2-SNAPSHOT
  +-com.google.cloud:google-cloud-core-http:1.91.3
    +-com.google.api-client:google-api-client:1.30.4

[WARNING] Rule 0: org.apache.maven.plugins.enforcer.DependencyConvergence failed with message:
Failed while enforcing releasability. See above detailed error message.

Thanks!
@product-auto-label product-auto-label bot added the api: storage Issues related to the googleapis/java-storage API. label Feb 14, 2020
@frankyn frankyn added priority: p2 Moderately-important priority. Fix may not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. labels Feb 14, 2020
@frankyn
Copy link
Member

frankyn commented Feb 14, 2020

@elharo IIRC you're the Dependency Conflict expert. Could you help me with this issue?

@georgespalding
Copy link
Author

Apologies for all the edits... I'm done now.

@elharo elharo added type: cleanup An internal cleanup or hygiene concern. and removed type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. labels Feb 14, 2020
@elharo
Copy link
Contributor

elharo commented Feb 14, 2020

Patient: Doctor, my arm hurts when I turn on dependency convergence.
Doctor: Don't turn on dependency convergence.

Seriously, we looked at dependency convergence and it's simply not feasible in this complex a library with this many dependencies, third party and first party. We watch for actual linkage errors and upper bounds problems, and that's about as much as is possible to achieve.

@elharo elharo closed this as completed Feb 14, 2020
@L00163105 L00163105 mentioned this issue Jul 5, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@elharo elharo

Labels
api: storage Issues related to the googleapis/java-storage API. priority: p2 Moderately-important priority. Fix may not be included in next release. type: cleanup An internal cleanup or hygiene concern.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@georgespalding @elharo @frankyn