pom.xml: shade Jackson artifacts#225
Conversation
See discussion at #187. Signed-off-by: Pierre-Alexandre Meyer <pierre@mouraf.org>
|
Thanks @pierre ! I'll find a way to test this. I can create a project to try. |
|
I've been on vacation for a few days. Making time to test this today. |
|
@pierre can you give me some instructions on how to test this? I have a new java/maven project. I ran <dependency>
<groupId>com.ning.billing</groupId>
<artifactId>recurly-java-library</artifactId>
<version>0.13.2</version>
<scope>system</scope>
<systemPath>/Users/ben/R/recurly-java-library/target/recurly-java-library-0.13.2-SNAPSHOT.jar</systemPath>
</dependency>This won't compile and it seems is expecting me to explicitly list recurly's dependencies in my pom file. Is this expected? |
The shaded jar becomes the main artifact, so there isn't anything special to do. Just run |
|
In order to get this to work, I also had to shade woodstox. Changes at easel@e994de5 |
|
Following up on this, I can get my test project to build, but not run: |
|
Hello. I am using custom build of this branch few months in our production system without issues. Had to setup pom.xml in a following way, to get it working: <!-- Custom recurly lib build to work with newer jackson version START -->
<!-- TODO remove this and jar dependencies and use dependency from maven central after
https://github.com/killbilling/recurly-java-library/issues/187 is resolved, also remove exception from .gitignore-->
<dependency>
<groupId>com.ning.billing</groupId>
<artifactId>recurly-java-library</artifactId>
<version>0.13.2-SNAPSHOT</version>
<scope>system</scope>
<systemPath>${project.basedir}/lib/recurly-java-library-0.13.2-SNAPSHOT.jar</systemPath>
</dependency>
<!-- manually included recurly jar dependencies -->
<dependency>
<groupId>com.google.code.findbugs</groupId>
<artifactId>jsr305</artifactId>
<version>2.0.3</version>
</dependency>
<dependency>
<groupId>com.ning</groupId>
<artifactId>async-http-client</artifactId>
<version>1.9.8</version>
</dependency>
<dependency>
<groupId>joda-time</groupId>
<artifactId>joda-time</artifactId>
<version>2.7</version>
</dependency>
<dependency>
<groupId>org.codehaus.woodstox</groupId>
<artifactId>stax2-api</artifactId>
<version>4.0.0</version>
</dependency>
<!-- Custom recurly lib build to work with newer jackson version END --> |
|
Okay, I've gotten this working with jackson 2.9.0. Here is my pom file: <?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.recurly.shadedjava</groupId>
<artifactId>recurly-shaded-java</artifactId>
<version>1.0-SNAPSHOT</version>
<build>
<plugins>
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<configuration>
<archive>
<manifest>
<mainClass>com.recurly.shadedjava.Main</mainClass>
</manifest>
</archive>
<descriptorRefs>
<descriptorRef>jar-with-dependencies</descriptorRef>
</descriptorRefs>
</configuration>
</plugin>
</plugins>
</build>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<jackson.version>2.9.0</jackson.version>
</properties>
<dependencies>
<dependency>
<groupId>com.ning.billing</groupId>
<artifactId>recurly-java-library</artifactId>
<version>0.13.2-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>18.0</version>
</dependency>
<dependency>
<groupId>com.google.code.findbugs</groupId>
<artifactId>jsr305</artifactId>
<version>2.0.3</version>
</dependency>
<dependency>
<groupId>com.ning</groupId>
<artifactId>async-http-client</artifactId>
<version>1.9.8</version>
</dependency>
<dependency>
<groupId>joda-time</groupId>
<artifactId>joda-time</artifactId>
<version>2.7</version>
</dependency>
<dependency>
<groupId>org.codehaus.woodstox</groupId>
<artifactId>stax2-api</artifactId>
<version>4.0.0</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
<version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
<version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.dataformat</groupId>
<artifactId>jackson-dataformat-xml</artifactId>
<version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.datatype</groupId>
<artifactId>jackson-datatype-joda</artifactId>
<version>${jackson.version}</version>
</dependency>
</dependencies>
</project>Here is a test Main class to make sure everything is okay at runtime. package com.recurly.shadedjava;
import com.ning.billing.recurly.RecurlyClient;
import com.ning.billing.recurly.model.Account;
public class Main {
public static void main(String[] args) {
try {
final RecurlyClient client = new RecurlyClient("1fcc92ddc21e409f85e3ad1179e43929", "java-client-sandbox");
client.open();
final Account account = client.getAccount("fg5q0RKQ7r");
System.out.println("Account found: " + account.getAccountCode());
client.close();
} catch (Exception e) {
e.printStackTrace();
}
}
} |
|
@pierre how do we plan to release this? will we have a shaded and original version of the library? How do we communicate changes to the users? |
|
@bhelx have you got all the tests passing with Jackson 2.9? I ran into a number of code api changes in addition to the dependency issues. |
The provided scope was useful during the transition from Google Collections, but hopefully nobody uses it anymore. Signed-off-by: Pierre-Alexandre Meyer <pierre@mouraf.org>
Thank you @easel for the testing! I've applied it to this PR.
This was related to Guava being
I would simply bump the minor. I don't think there is any side effect regarding Jackson / Woodstock now that the main jar is shaded (the only drawback would be for people to import unused jars in their projects if they don't cleanup their
@bhelx, @easel: I would not try to upgrade Jackson now it is shaded, unless there is a good reason for it (CVE, etc.). Let me know if the latest changes work for you and I'll prepare a release! |
|
@easel yeah there does appear to be some breaking API changes. I'm not sure how we can handle those. |
|
@bhelx I was able to get everything ported as far as Jackson 2.8 successfully at easel@dcec432 There are a couple of seemingly undocumented changes in Jackson 2.9 I couldn't quite figure out and dropped in favor of shading. @pierre I just updated my local snapshot against your changed branch and everything I use is still working. Looking forward to the release! |
|
@easel are those changes backwards compatible? |
|
@bhelx no they aren't, at least as far as I can tell. Perhaps somebody who knows Jackson better than I would know more, and how to cross the last gap to get things working with 2.9. Given we're shading in this library, I don't think it's such a high priority, but on the other hand, if we're shading we can also move forward safely so it might be worth it from a performance or security standpoint if we get everything working. |
bhelx
left a comment
bhelx
left a comment
There was a problem hiding this comment.
This seems to be working for me up to jackson 2.8.11. I think it's worth getting this out now due to security concerns and jackson 2.5 is pretty old. This will give our users some more flexibility.
|
@easel thanks for helping us! |
|
@bhelx glad to help out, I'm a happy user of the library. Are you thinking to try and bring the shaded version of jackson forward to 2.8? |
|
Can someone help me understand what this whole shading thing is about? I'm trying to upgrade from v14 to v16, and the first issue I'm running into is when trying to use the XmlMapper @easel -- you seem to have a handle on this? |
|
@pennstatephil net-net, shading lets us extract a version of a dependency for our own usage, allowing your application to use a different version. Changes are if you change your |
|
@easel so, it essentially allows the two versions to work side-by-side? Or can we override the internal version of the library's Jackson with a newer version (say, 2.8)? |
|
@pennstatephil which version or jackson are you currently using? You might need to include some more dependencies in your maven pom.xml like i've done here: #225 (comment) |
|
@pennstatephil also, what it essentially means is that this library is no longer locked to the old version of jackson and you can now provide your own. |
…path Fix format for installer
5 participants
See discussion at #187.
Note that the library jar is now 1.8M.
@bhelx Do you have a project handy using this library for testing?