Upgrade to SBT 1.5 #42
Conversation
|
Was it hard keeping sbt 0.13 support? (Because I don't think it's really necessary to keep sbt 0.13 in the crossbuild.) |
|
@SethTisue Uh whoops, I forgot about that, sorry! I was only testing 1.5.5. I can fix it to work with both versions, but it would easier if we just remove it, so I'll do that if you're OK with it |
|
Yes, definitely okay. We don't have surplus of maintenance energy in this repo, so I think it's good to prioritize level-of-maintenance-effort over supporting people using ancient versions of things. (And sbt 0.13 is really ancient at this point; I'm encouraging basically all sbt plugin authors to stop supporting it. If there's somebody who's truly stuck on sbt 0.13 and absolutely needs to make changes to this plugin, they're welcome to fork the repo and do the maintenance and publishing work themselves.) |
|
I hit the "migrate" button over at travis-ci.com to get CI going again. (And close/reopen to kick it off.) |
|
@SethTisue Thanks, I'll remove it! It looks like we do have Travis CI. Did you want to migrate to Github actions? |
|
Staying on Travis CI is fine, but moving to GitHub Actions is fine too, if somebody wants to tackle that. |
|
@SethTisue Gotcha. It looks like it's passing. Can we merge this for now? And then cut a new release? |
|
@pvlugter @mpollmeier are you guys still interested in this plugin? I can temporarily step in from time to time in sbt/* repos, but there are so many such repos that there's a danger of it eating too much of my time |
|
Hmm, we do use this plugin (ancient version still works fine). I don't have enough free cycles to actively maintain this repo, but helping out here and there (if it's within my area of knowledge) may work. Not sure if that's what you were after? |
|
We haven't used this plugin at Lightbend for a long time now. Would be useful to have the releasing updated to be an automated publish on tags, so that it's easy for any active maintainers to review and release changes. |
| proguardInputs := { | ||
| assembly.value | ||
| Seq((assembly / assemblyOutputPath).value) | ||
| }, |
There was a problem hiding this comment.
Is there a reason for depending on sbt-assembly and always going through an assembly first? Just using the classpath seems like a simpler default, and pre-assembly can be added when needed?
There was a problem hiding this comment.
I couldn't get it to work by using the classpath. My understanding (correct me if i'm wrong) is that Proguard can only work on fat jars. But maybe I was doing something wrong
There was a problem hiding this comment.
Just tried it again and it's still running into errors. It's possible that the task keys this was using before have changed between versions
There was a problem hiding this comment.
Ok. Since there are other changes, both inputs and libraries, could be good to confirm what's going on here. It should certainly work as before, with a classpath of inputs rather than a fat jar.
There was a problem hiding this comment.
I'm really not a proguard expert but would also think that sbt-assembly shouldn't be mandated.
It wouldn't be the end of the world and if there's no other way I'd rather merge this PR.
However: I just tried your branch and reverted to the old proguardInputs := (fullClasspath in Runtime).value.files and removed all sbt-assembly related settings/dependency declarations. The included test projects work just fine (two of which do not use sbt-assembly themselves), and so does our internal build (which uses sbt-native-packager).
Can you clarify what kind of errors you're running into? Maybe those are actually unrelated to assembly?
There was a problem hiding this comment.
That's odd. None of the tests work for me when I try that. This is the error I get:
[info] [info] Proguard command:
[info] [info] java -Xmx256M -cp /Users/sbly/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/com/guardsquare/proguard-base/7.0.0/proguard-base-7.0.0.jar:/Users/sbly/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/com/guardsquare/proguard-core/7.0.0/proguard-core-7.0.0.jar:/Users/sbly/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/com/google/code/gson/gson/2.8.5/gson-2.8.5.jar:/Users/sbly/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/jetbrains/kotlin/kotlin-stdlib/1.3.31/kotlin-stdlib-1.3.31.jar:/Users/sbly/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/jetbrains/kotlin/kotlin-stdlib-common/1.3.31/kotlin-stdlib-common-1.3.31.jar:/Users/sbly/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/jetbrains/kotlinx/kotlinx-metadata-jvm/0.1.0/kotlinx-metadata-jvm-0.1.0.jar:/Users/sbly/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/jetbrains/annotations/13.0/annotations-13.0.jar proguard.ProGuard -injars "/private/var/folders/34/jl47bvtd2_14y99v6gx4k0bm0000gt/T/sbt_d73d4659/target/scala-2.12/classes" -injars "/Users/sbly/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-library/2.12.3/scala-library-2.12.3.jar" -libraryjars "/Users/sbly/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-library/2.12.3/scala-library-2.12.3.jar" -libraryjars "/Users/sbly/Library/Java/JavaVirtualMachines/corretto-11.0.12/Contents/Home" -outjars "/private/var/folders/34/jl47bvtd2_14y99v6gx4k0bm0000gt/T/sbt_d73d4659/target/scala-2.12/proguard/simple_2.12-0.1.0-SNAPSHOT.jar" -dontoptimize -dontnote -dontwarn -ignorewarnings -keep public class Test {
[info] [info] public static void main(java.lang.String[]);
[info] [info] }
[info] [info] ProGuard, version 7.0.0
[info] [error] Error: The same input jar [/Users/sbly/Library/Caches/Coursier/v1/https/repo1.maven.org/maven2/org/scala-lang/scala-library/2.12.3/scala-library-2.12.3.jar] is specified twice.
[info] [error] java.lang.RuntimeException: Proguard failed with exit code [1]
Depending on what other settings I tweak, I encounter other errors, but I can never get it working without assembly. If you can, that's great. Maybe my local setup is somehow broken
There was a problem hiding this comment.
update: we removed sbt-assembly for the final version of this PR
|
@SethTisue Hey, is it possible to merge this, or did you want to hold off? |
|
@mpollmeier do you have an opinion about the concern Peter raised about adding the dependency on sbt-assembly? I have never used this plugin myself (though I used to be a heavy user of ProGuard itself, back in applet days 🙀), so I don't know how much my opinion is worth, but I share Peter's concern that it seems like a pretty big change, and we don't know if users are depending on the old behavior.
I really doubt that's the case. At https://github.com/Guardsquare/proguard/blob/master/docs/md/manual/refcard.md we see |
There was a problem hiding this comment.
With this building against sbt 1.5, it may not work with earlier sbt 1.x versions. Do we want to support all 1.x versions? Something we've done for other plugins is build against a 1.0 version, and rely on compatibility, with scripted tests for later sbt versions.
| proguardBinaryDeps := { | ||
| (Compile / libraryDependencies).value match { | ||
| case analysis: Analysis => | ||
| analysis.relations.allLibraryDeps.collect { case vf: PathBasedFile => | ||
| vf.toPath.toFile | ||
| }.toSeq | ||
| } | ||
| }, |
There was a problem hiding this comment.
Looks like this is no longer used.
Previously, the binary deps were pulled from the compile analysis to include all binaries, including Java's rt.jar. Looks like that's no longer included under library deps, and I see there's a java home added instead.
Would be good to make sure there's still something that works here across Java versions and environments.
There was a problem hiding this comment.
Yeah, using this method the Java libraries were missing, which is why I added an explicit dependency on JAVA_HOME
Ah, so, this is a subject I have opinions on... here they come :-)
In short, no. People should upgrade to latest sbt if they want to use latest plugin versions. That's the decision I'm seeing most sbt plugin maintainers make. I think it can definitely make sense in a commercial-support context to go the extra mile to ensure compatibility with old versions of things, but here in pure OSS-land where no money is changing hands (even though lots of people are making money using free stuff) and maintainer and contributor effort is the scarcest and most precious resource, I think the onus should be on users to put in a little effort and upgrade things if they want to benefit from the latest free OSS goodies — rather than the onus being on maintainers to accommodate version laggards. (I don't mean "laggards" as shade; people often have good reasons for being conservative about upgrades, but regardless, they should expect a decision not to upgrade to have consequences.) Also, I'd add that the latest really disruptive change (though overall a hugely beneficial one) made to sbt was the Ivy->Coursier switch. That was a while ago now (sbt 1.4.0, May 2019). Once people are over the 1.4.0 hump — and they've now had plenty of time to get over it — it's only rarely a problem to go all the way to 1.5.5. |
|
I am going to give it another shot without using |
|
I'm absolutely stuck on getting this to work. I can't figure it out. So we can close this PR if we don't want to bring in |
|
My comment above #42 (comment) is easily missed in the noise, so linking here again. I think we can just take out the sbt-assembly related additions and merge the remainder as is. The test projects in this repo (as well as our internal build) work just fine. And separately from that we can try to help @sbly to solve his specific issue. If it turns out to be a genuine issue and we really do need sbt-assembly, it wouldn't be the end of the world either, but currently I don't see why we should. |
|
I forked this PR and pushed a few fixes. It's now not using sbt-assembly and filters out the duplicate input jars. Could you please give that a try? If it works you could push those commits to this PR and we can merge it. For reference: here's how I tested locally, not sure if that's the best way, but worked for me: |
|
Thanks for taking a stab at this. I cloned your repo and ran |
|
I only just learned about sbt-test and made myself familiar (https://www.scala-sbt.org/1.x/docs/Testing-sbt-plugins.html). And yes, I'm also getting an error there, but that's a different one now: It's because |
|
@mpollmeier OK cool, so it's not just my machine. I've gotten that specific error before too. I was able to get rid of it before by changing the default input filter:
but then I just ran into another error. |
|
Ok I finally managed to sort this out, mostly by reverting some of the changes in this PR that were unrelated to the sbt upgrade. I'm not saying that this is the best default value, but would suggest to focus this PR on purely upgrading sbt:
|
|
@mpollmeier Thank you so much. Do you know what the actual fix was? It seems to have just been a problem with the test itself |
|
The main differences to the initial PR were to remove sbt-assembly and get the test setup back to what it was - you removed some proguard settings in that @SethTisue @pvlugter 🙏🏻 I believe this is ready for merge/release - would you mind clicking a few buttons? |
filter specific scala version
|
thank you @sbly and @mpollmeier !! ticket on actually getting this published: #43 |
No description provided.