Dependencies with reference to module metadata but missing metadata should be seen as broken and ignored #15893
Comments
The underlying issue with Gradle being unable to resolve Kotlin platform specific modules was misconfiguration to first look at maven local directory. It was problematic as Gradle uses module metadata to resolve target platform specific (-jvm) modules. Since this metadata is not used by Maven, once Maven integration tests kicked in and downloaded the dependencies, Gradle no longer was able to resolve those platform libs. See gradle/gradle#15893 for details.
The underlying issue with Gradle being unable to resolve Kotlin platform specific modules was misconfiguration to first look at maven local directory. It was problematic as Gradle uses module metadata to resolve target platform specific (-jvm) modules. Since this metadata is not used by Maven, once Maven integration tests kicked in and downloaded the dependencies, Gradle no longer was able to resolve those platform libs. See gradle/gradle#15893 for details.
|
I think the solution is to not use mavenLocal() and to make sure you only use reliable repositories - i.e. repositories which do always contain the complete components with all metadata. Maybe Gradle should print a big warning if you use mavenLocal() as a source for dependencies. |
|
In that case the local Maven repository was used for integration tests to test with snapshot versions that code from a repository as usual. Of course it was more a misconfiguration, than a Gradle bug, but the suggested solution would mainly implement a fail-fast with a meaningful error message instead of looking like Gradle is flaky. The could also be other bad repos, like mirrors that so not mirror all files and so on, that would also be catched by this logic. |
|
I understand the pain this can cause but I am dubious we would find a mitigation strategy that did not have its own corner cases. I think the best approach we could have is to warn on resolution failure from |
Not if the last paragraph is taken into account, using the previously discarded result if no repository contains the metadata.
My approach was meant for all repos, not only maven local, but this would at least improve the situation as maven local that is filled by Maven builds is most likely to break in such a way, while maybe the "whenever there is no content filtering" should be lifted imho. :-) |
* [build] update to Kotlin 1.4, Spring Boot 2.4.1 and Ktor 1.5 JaCoCo branch coverage dropped because of jacoco/jacoco#1126, once new version of Jacoco is released we can bump it up again. * use mavenLocal last and only for graphql-kotlin artifacts The underlying issue with Gradle being unable to resolve Kotlin platform specific modules was misconfiguration to first look at maven local directory. It was problematic as Gradle uses module metadata to resolve target platform specific (-jvm) modules. Since this metadata is not used by Maven, once Maven integration tests kicked in and downloaded the dependencies, Gradle no longer was able to resolve those platform libs. See gradle/gradle#15893 for details. * update to spring boot 2.4.2 * disable flaky tests Unsure whats causing the race condition on those subscription integration tests when run from GH actions. It appears that some websocket messages are randomly dropped. Cannot reproduce it locally. Disabling the test for now as subscription logic is already covered by tests in spring-server module. Co-authored-by: Dariusz Kuc <dkuc@expedia.com>
…Group#1007) * [build] update to Kotlin 1.4, Spring Boot 2.4.1 and Ktor 1.5 JaCoCo branch coverage dropped because of jacoco/jacoco#1126, once new version of Jacoco is released we can bump it up again. * use mavenLocal last and only for graphql-kotlin artifacts The underlying issue with Gradle being unable to resolve Kotlin platform specific modules was misconfiguration to first look at maven local directory. It was problematic as Gradle uses module metadata to resolve target platform specific (-jvm) modules. Since this metadata is not used by Maven, once Maven integration tests kicked in and downloaded the dependencies, Gradle no longer was able to resolve those platform libs. See gradle/gradle#15893 for details. * update to spring boot 2.4.2 * disable flaky tests Unsure whats causing the race condition on those subscription integration tests when run from GH actions. It appears that some websocket messages are randomly dropped. Cannot reproduce it locally. Disabling the test for now as subscription logic is already covered by tests in spring-server module. Co-authored-by: Dariusz Kuc <dkuc@expedia.com>
donat
added
in:gradle-module-metadata
and removed
in:dependency-management
…Group#1007) * [build] update to Kotlin 1.4, Spring Boot 2.4.1 and Ktor 1.5 JaCoCo branch coverage dropped because of jacoco/jacoco#1126, once new version of Jacoco is released we can bump it up again. * use mavenLocal last and only for graphql-kotlin artifacts The underlying issue with Gradle being unable to resolve Kotlin platform specific modules was misconfiguration to first look at maven local directory. It was problematic as Gradle uses module metadata to resolve target platform specific (-jvm) modules. Since this metadata is not used by Maven, once Maven integration tests kicked in and downloaded the dependencies, Gradle no longer was able to resolve those platform libs. See gradle/gradle#15893 for details. * update to spring boot 2.4.2 * disable flaky tests Unsure whats causing the race condition on those subscription integration tests when run from GH actions. It appears that some websocket messages are randomly dropped. Cannot reproduce it locally. Disabling the test for now as subscription logic is already covered by tests in spring-server module. Co-authored-by: Dariusz Kuc <dkuc@expedia.com>
Following this issue on the Kotlin slack: https://kotlinlang.slack.com/archives/C19FD9681/p1610547344113500 there is a potential for really strange and hard to grasp problem that looks like flaky Gradle behavior, even if it is not really.
The symptom was, that someone wanted to upate
io.ktor:ktor-client-cio:1.3.1toio.ktor:ktor-client-cio:1.5.0and suddenly the build started to break, sometimes being able to add thektor-client-cio-jvmvariant and sometimes not being able to within the same build and in subsequent builds continuously until the dependency was delete from local maven repository.1.3.1 was published without Gradle Module Metadata, 1.5.0 adde Gradle Module Metadata with variants for different platforms.
Roughly summarized:
mavenLocal()as first repository, that uses something with Gradle Module Metadata (e. g.io.ktor:ktor-client-cio:1.5.0)mavenLocal()ktor-client-cio-jvmadded to the dependency treemavenLocal()but without the metadata and soktor-client-cio-jvmis not going to be added to the dependency graphSolutions on the build author side are of course to move
mavenLocal()to last position (needed for integration tests with snapshot versions) or to use repository content filters to only allow snapshot versions frommavenLocal()for example.But this results in strange behavior that is hard to diagnose if you don't know where to look at and looks like flaky Gradle behavior.
One way of solving this on Gradle side to prevent build authors from shooting their own feet would be to see that the pom or ivy file has a reference to the module metadata but find it missing, then consider the dependency as broken and try the next repository until all repositories are exhausted.
Imho to not have a situation where something could be used from Maven but not from Gradle due to this, I'd suggest to have a second pass (or remember the previous discarded candidates) and use them even with missing module metadata if none of the defined repositories has the missing metadata present. But maybe I'm not taking something into account here.
The text was updated successfully, but these errors were encountered: