-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bring back Maven dependencies into Gradle #21202
base: release
Are you sure you want to change the base?
Conversation
ad74d61
to
fd287d4
Compare
e7e781a
to
b5bf7d8
Compare
Your PR is failing the DCO checks because your commits aren't signed. This looks like it was working before, e.g., you can see the "Verified" on this other commit: d56201e You'll have to rebase your branch and sign the commits with something like I think it would be better if the update to Maven 3.8.6 was at least a separate commit from the changes to remove the dependency on Maven Central. You could also combine the changes to verification-metadata to go along with the upgrade. |
b5bf7d8
to
1af955a
Compare
Thanks - it seems to have to do with doing the rebase using GH's web UI, though apparently that is supposed to work.
My only reservation with doing it that way now is that I would have to re-test both scenarios separately (or at least what would be the first commit), as I have only verified those two changes together. Are you considering the idea we may want to merge one change but not the other? |
@@ -31,7 31,7 @@ class BinDistributionIntegrationSpec extends DistributionIntegrationSpec { | |||
|
|||
@Override |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
~ ls -lah *.zip
-rw-r--r-- 1 rafael staff 115M Jul 11 15:17 master.zip
-rw-r--r-- 1 rafael staff 118M Jul 11 15:18 pr-20596.zip
@@ -36,7 36,7 @@ import static org.hamcrest.MatcherAssert.assertThat | |||
|
|||
abstract class DistributionIntegrationSpec extends AbstractIntegrationSpec { | |||
|
|||
protected static final THIRD_PARTY_LIB_COUNT = 145 | |||
protected static final THIRD_PARTY_LIB_COUNT = 167 | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
➜ gradle git:(rchaves/maven-dependencies-20596) ✗ find ~/gradle-installs/pr-20596 -name "*.jar" | wc -l
255
➜ gradle git:(rchaves/maven-dependencies-20596) ✗ find ~/gradle-installs/master -name "*.jar" | wc -l
233
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do you know what these extra libraries are? I thought this only removed a few (not >20) libraries when we removed them in 7.0?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
diff /tmp/master-libs.txt /tmp/pr-21202-libs.txt
130a131
> lib/plugins/aopalliance-1.0.jar
139a141
> lib/plugins/cdi-api-1.0.jar
140a143
> lib/plugins/commons-lang3-3.12.0.jar
195a199
> lib/plugins/guice-4.2.3-no_aop.jar
213a218
> lib/plugins/jsr250-api-1.0.jar
217a223
> lib/plugins/maven-artifact-3.6.3.jar
218a225,226
> lib/plugins/maven-compat-3.6.3.jar
> lib/plugins/maven-core-3.6.3.jar
219a228,229
> lib/plugins/maven-model-builder-3.6.3.jar
> lib/plugins/maven-plugin-api-3.6.3.jar
220a231,237
> lib/plugins/maven-resolver-api-1.4.1.jar
> lib/plugins/maven-resolver-connector-basic-1.4.1.jar
> lib/plugins/maven-resolver-impl-1.4.1.jar
> lib/plugins/maven-resolver-provider-3.6.3.jar
> lib/plugins/maven-resolver-spi-1.4.1.jar
> lib/plugins/maven-resolver-transport-http-1.4.1.jar
> lib/plugins/maven-resolver-util-1.4.1.jar
222a240
> lib/plugins/maven-shared-utils-3.2.1.jar
224a243,244
> lib/plugins/org.eclipse.sisu.inject-0.3.4.jar
> lib/plugins/org.eclipse.sisu.plexus-0.3.4.jar
225a246,247
> lib/plugins/plexus-classworlds-2.6.0.jar
> lib/plugins/plexus-component-annotations-2.1.0.jar
230a253
> lib/plugins/wagon-provider-api-3.3.4.jar
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@big-guy It is basically most-of-Maven vs maven-settings-builder.
Given that this PR will have to do changes in dependency verification, make sure to account for the process changes in #21234 |
a7495ec
to
81b07ba
Compare
Back in 7.0, we removed most Maven artifacts from the Gradle distro so they could be dynamically fetched in gradle init --type pom, in an attempt to reduce the Gradle payload. However, that breaks users that are behind corporate firewalls. This commit brings those dependencies back. Issue: #20596
81b07ba
to
8f28d45
Compare
@bot-gradle test this |
OK, I've already triggered the following builds for you: |
This is now pretty much @big-guy's changes (#21156), plus updates to tests that checked artifact counts/distro sizes. With the reversal of the Maven dependency upgrades, the changes to verification metadata are no longer needed. We can look into that once this PR is merged. @ljacomet Could you please take a second look? |
Thanks, that would be needed when we actually upgrade Maven dependencies, but this PR is no longer trying to do that. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should do the upgrade of the added dependencies.
I left a blocking question.
@Override | ||
public void generate(InitSettings initSettings) { | ||
IncubationLogger.incubatingFeatureUsed("Maven to Gradle conversion"); | ||
try { | ||
Settings settings = settingsProvider.buildSettings(); | ||
executor.classLoaderIsolation(config -> config.getClasspath().from(mavenClasspath)) | ||
executor.noIsolation() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder if we'd want to keep the maven dependencies isolated. It would mean including the jars in the distro but not including them in the Gradle core and plugins classpath and resolving them from the distro using the module registry / classpath provider mechanism instead.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@eskatos What would that look like? Just:
executor.classLoaderIsolation()
.submit(...)
?
(your recommendation does make sense to me, btw, at least everything else being equal)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
At this place it would look like (pseudo-code):
FileCollection mavenClasspath = classpathRegistry.getClassPath(MAVEN)
executor.classLoaderIsolation(config -> config.getClasspath().from(mavenClasspath))
and require support for building that classpath from jars in the distro that are not part of the core and plugins classpath. I guess a bit like the ANT
classpath.
Agreed! Once we merge this, I will open a ticket about that. |
@bot-gradle test this |
OK, I've already triggered the following builds for you: |
Context
Back in 7.0, we removed most Maven artifacts from the Gradle distro so they could be dynamically fetched in gradle init --type pom, in an attempt to reduce the Gradle payload. However, that breaks users that are behind corporate firewalls.
This commit brings those dependencies back, while moving to a more
recent versions of Maven artifacts.
Issue: #20596
Gradle Core Team Checklist