Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deps: use commons-lang3 replace commons-lang #8996

Closed
wants to merge 1 commit into from
Closed

deps: use commons-lang3 replace commons-lang #8996

wants to merge 1 commit into from

Conversation

BobDu
Copy link
Member

@BobDu BobDu commented Feb 27, 2024

A dependency on commons-lang3 was declared in commons-compress version 1.26.
Jenkins core version 2.447 upgraded to commons-compress 1.26, and from that point onwards, commons-lang3 has effectively been present in our dependency chain.
Therefore, it is safe to use commons-lang3 replace commons-lang without causing any additional breaking changes.

ref:

apache commons compress
apache/commons-compress@bf50b7d#diff-9c5fb3d1b7e3b0f54bc5c4182965c4fe1f9023d449017cece3005d3f90e8e4d8L214

jenkins core
8d2045b

Testing done

N/A

Proposed changelog entries

  • deps: use commons-lang3 replace commons-lang

Proposed upgrade guidelines

N/A

Submitter checklist

Edit tasklist title
Beta Give feedback Tasklist Submitter checklist, more options

Delete tasklist

Delete tasklist block?
Are you sure? All relationships in this tasklist will be removed.
  1. The Jira issue, if it exists, is well-described.
    Options
  2. The changelog entries and upgrade guidelines are appropriate for the audience affected by the change (users or developers, depending on the change) and are in the imperative mood (see examples). Fill in the Proposed upgrade guidelines section only if there are breaking changes or changes that may require extra steps from users during upgrade.
    Options
  3. There is automated testing or an explanation as to why this change has no tests.
    Options
  4. New public classes, fields, and methods are annotated with @Restricted or have @since TODO Javadocs, as appropriate.
    Options
  5. New deprecations are annotated with @Deprecated(since = "TODO") or @Deprecated(forRemoval = true, since = "TODO"), if applicable.
    Options
  6. New or substantially changed JavaScript is not defined inline and does not call eval to ease future introduction of Content Security Policy (CSP) directives (see documentation).
    Options
  7. For dependency updates, there are links to external changelogs and, if possible, full differentials.
    Options
  8. For new APIs and extension points, there is a link to at least one consumer.
    Options

Desired reviewers

@mention

Before the changes are marked as ready-for-merge:

Maintainer checklist

Edit tasklist title
Beta Give feedback Tasklist Maintainer checklist, more options

Delete tasklist

Delete tasklist block?
Are you sure? All relationships in this tasklist will be removed.
  1. There are at least two (2) approvals for the pull request and no outstanding requests for change.
    Options
  2. Conversations in the pull request are over, or it is explicit that a reviewer is not blocking the change.
    Options
  3. Changelog entries in the pull request title and/or Proposed changelog entries are accurate, human-readable, and in the imperative mood.
    Options
  4. Proper changelog labels are set so that the changelog can be generated automatically.
    Options
  5. If the change needs additional upgrade steps from users, the upgrade-guide-needed label is set and there is a Proposed upgrade guidelines section in the pull request title (see example).
    Options
  6. If it would make sense to backport the change to LTS, a Jira issue must exist, be a Bug or Improvement, and be labeled as lts-candidate to be considered (see query).
    Options

@BobDu
deps: use commons-lang3 replace commons-lang
b7cb865 
Signed-off-by: BobDu <i@bobdu.cc>
basil
basil requested changes Feb 27, 2024
View reviewed changes
Copy link
Member

@basil basil left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shipping commons-lang3 in core was not intentional, and I am removing it in #8997.

@BobDu
Copy link
Member Author

BobDu commented Feb 28, 2024

I understand the design philosophy that we don't want to continue expanding the core API surface.

But, can commons-lang3 be an exception? Because:

  1. commons-lang3 is very stable and widely used. In the vast majority of Java projects I have come across, it has been a dependency.
  2. For a long time now, commons-lang has been included in the core. If we switch to commons-lang3 at this point and recommend that plugin authors use commons-lang3 instead of commons-lang, it could provide the possibility to phase out the dependency on commons-lang in future major versions. (This might be the most important.)
  3. Shipping commons-lang3 in jenkins core since version 2.447 is an event has already occurred.
  4. A dependency on commons-lang3 was declared in commons-compress version 1.26, even I suspect that there might be other existing dependencies that will include commons-lang3 in future versions. Rather than identifying and excluding it, it's better to allow it into the core.

ping @basil

@basil
Copy link
Member

basil commented Feb 28, 2024

  1. The Commons Lang 3 Jenkins library plugin is installed on only 67.3% of Jenkins installations and consumed by only 58 plugins (out of over 2,000), so this isn't a vast majority. Most of the Jenkins plugin ecosystem is still using Commons Lang 2 (via core).
  2. Plugins can already migrate from Commons Lang 2 to Commons Lang 3 by depending on the Commons Lang 3 Jenkins library plugin. There is no need to increase core API surface area to achieve this goal.
  3. Yes but only in a weekly release and only by accident. Weekly releases have bugs all the time. This should be corrected in the next weekly release. If this were released in LTS it would be a different story.
  4. Only in a code path we never use (Pack200) and I have requested the maintainer reconsider.

Weighing all of the above, I am still a -1 on making a special exception for Commons Lang 3. But I am not the only core maintainer, so if you feel strongly about this, you can start a broader discussion on the developer mailing list.

@BobDu
Copy link
Member Author

BobDu commented Feb 28, 2024

Maybe we should start the discussion from a different angle.

The commons-lang version 2.6 has been out of maintenance for over 13 years.

Regarding the transition from commons-lang to commons-lang3 within the Jenkins ecosystem (including core and plugins), are you in +1 or -1?

I believe that it is more meaningful to reach a consensus on this point first.

ping @basil

@jonesbusy
Copy link
Contributor

Not a core maintainer here but maintaining many plugin (including API ones).

I will be -1 on this PR it's againts all the work started on API plugins and dependency management on plugin side.

I don't think we should do any exception on commons-lang3. And even stop shipping commons-lang on core and use native Java API

https://plugins.jenkins.io/commons-lang-api/ also exists already to keep compatibility of plugin that depends from commons-lang

@BobDu
Copy link
Member Author

BobDu commented Feb 28, 2024

Sorry, I missed the discussion that took place 2 years ago. JENKINS-67789

It seems that the community had reached a consensus at that time.

To detached commons-lang from core, and make commons-lang-api plugin as an implicit dependency.

If I have misunderstood the consensus reached before, please remind me.

https://www.jenkins.io/doc/book/managing/plugins/#what-is-an-implied-dependency

I believe that it would certainly be the best if this goal could be achieved. Moreover, the community has already made efforts in this direction. like: #6270
However, two years have passed. We haven't been able to make further progress. I believe it is largely related to the extensive use of commons-lang in the current core, which makes it difficult to replace simply.

How do we proceed further now? Continue to use native Java APIs to replace commons-lang?
Is the replacement cost high enough to justify a compromise and depends commons-lang3 in the core as a more pragmatic solution?

@basil
Copy link
Member

basil commented Feb 28, 2024

Yes, plugins are encouraged to migrate from Commons Lang 2 to Commons Lang 3 (using the Commons Lang 3 library plugin). In core we strive to use as few third-party libraries as possible in order to decrease the API surface area exposed to plugins, so there we prefer to rewrite usages of Commons Lang 2 to usages of standard Java Platform APIs. You are welcome to contribute to both efforts.

@NotMyFault
Copy link
Member

I'm with Basil and Valentin.

@BobDu
Copy link
Member Author

BobDu commented Feb 29, 2024

closed to support #8997

@BobDu BobDu closed this Feb 29, 2024
@basil
Copy link
Member

basil commented Apr 2, 2024

Note that even once consumers are migrated away from the remaining (now deprecated) core APIs that contain Commons Lang 2.x classes in their signatures, there is still the matter of core depending on Stapler, which depends on our fork of json-lib, which depends on Commons Lang 2.x. That fork of json-lib could be improved to use native Java Platform functionality instead of depending on Commons Lang 2.x, but the repository would first need to be seriously modernized, since the last commit was made 10 years ago and there is not even a CI build today.

@BobDu
Copy link
Member Author

BobDu commented Apr 8, 2024

but the repository would first need to be seriously modernized.

Create a new issue to tracking progress: https://issues.jenkins.io/browse/JENKINS-72981

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@basil basil basil requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@BobDu @basil @jonesbusy @NotMyFault