Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[NU-1897] flink-executor and lite-runtime modules: Added compile-time dependency to http-utils #7259

Merged
merged 2 commits into from
Nov 28, 2024

Conversation

arkadius
Copy link
Member

@arkadius arkadius commented Nov 27, 2024

Describe your changes

Checklist before merge

  • Related issue ID is placed at the beginning of PR title in [brackets] (can be GH issue or Nu Jira issue)
  • Code is cleaned from temporary changes and commented out lines
  • Parts of the code that are not easy to understand are documented in the code
  • Changes are covered by automated tests
  • Showcase in dev-application.conf added to demonstrate the feature
  • Documentation added or updated
  • Added entry in Changelog.md describing the change from the perspective of a public distribution user
  • Added MigrationGuide.md entry in the appropriate subcategory if introducing a breaking change
  • Verify that PR will be squashed during merge

Summary by CodeRabbit

  • New Features

    • Updated changelog to highlight enhancements in the components-api module and improvements in Flink Kafka handling.
    • Introduced a new endpoint for scenario testing and renamed the 'test adhoc' button to 'adhoc-testing'.
  • Bug Fixes

    • Resolved issues with deployments involving dictionary editors after a model reload.
  • Documentation

    • Updated migration guide detailing significant changes and compatibility notes for version 1.19.0.
    • Enhanced changelog with new features, improvements, and dependency updates.
  • Chores

    • Cleaned up dependencies for improved management and compatibility across projects.

@github-actions github-actions bot added the docs label Nov 27, 2024
@arkadius arkadius changed the base branch from staging to componentsApi-remove-netty-dependency November 27, 2024 16:34
@arkadius arkadius changed the title Flinkexecutor httputils dependency [NU-1897] flink-executor and lite-runtime modules: Added compile-time dependency to http-utils Nov 27, 2024
@arkadius arkadius changed the title [NU-1897] flink-executor and lite-runtime modules: Added compile-time dependency to http-utils [NU-1897] flink-executor and lite-runtime modules: Added compile-time dependency to http-utils Nov 27, 2024
Copy link

coderabbitai bot commented Nov 27, 2024

📝 Walkthrough
📝 Walkthrough

Walkthrough

The pull request introduces significant modifications to the build.sbt file, focusing on dependency management for multiple projects within the Nussknacker application. Key changes include the addition of the httpUtils project, which now incorporates the async-http-client-backend-future dependency from the sttp library. This adjustment aims to resolve potential NoClassDefFoundError issues caused by conflicting versions of Netty. The liteEngineRuntime and flinkExecutor projects have been updated to include httpUtils as a compile-time dependency, ensuring consistent library versions across the project. Additionally, the liteK8sDeploymentManager project has been updated to include the same async-http-client-backend-future dependency. The overall structure of the dependencies has been streamlined to enhance compatibility and reduce the risk of version conflicts. The changelog and migration guide have also been updated to reflect new features, improvements, and breaking changes for version 1.19.0, including updates to the components-api module and various API modifications.

Possibly related PRs

Suggested labels

client, submodules

Suggested reviewers

  • JulianWielga
  • lukasz-bigorajski

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (2)
docs/MigrationGuide.md (2)

Line range hint 4-4: Add unit tests as mentioned in TODO comment

Tests should be added to verify the behavior of the formula function, especially given the recent parameter addition.

Would you like me to help create unit tests for this function?


Security update needed: requests 2.26.0 has known vulnerabilities

The pinned version 2.26.0 of requests is affected by two moderate severity vulnerabilities:

  • Unintended leak of Proxy-Authorization header (fixed in 2.31.0)
  • Session verification bypass vulnerability (fixed in 2.32.0)

Recommend upgrading to the latest stable version 2.32.3 to address these security issues.

🔗 Analysis chain

Line range hint 6-6: Verify security of fixed requests version

The requests library is pinned to version 2.26.0. Let's verify if this version has any known security vulnerabilities.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check PyPI for latest versions and GitHub for security advisories

# Get latest version from PyPI
echo "Latest version from PyPI:"
curl -s https://pypi.org/pypi/requests/json | jq -r '.info.version'

# Check for security advisories
echo -e "\nSecurity advisories:"
gh api graphql -f query='
{
  securityVulnerabilities(first: 5, ecosystem: PIP, package: "requests") {
    nodes {
      advisory {
        summary
        severity
        publishedAt
      }
      vulnerableVersionRange
      firstPatchedVersion {
        identifier
      }
    }
  }
}'

Length of output: 1716

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 0f94b80 and 91a2707.

📒 Files selected for processing (3)
  • build.sbt (5 hunks)
  • docs/Changelog.md (1 hunks)
  • docs/MigrationGuide.md (1 hunks)
🔇 Additional comments (7)
docs/Changelog.md (1)

17-22: LGTM! Changes are well documented.

The changelog entries accurately reflect the dependency cleanup and API enhancement changes:

  1. Component API enhancement for SpEL template access
  2. Dependency cleanup:
    • Narrowing of async-http-client dependency
    • Addition of http-utils compile-time dependency
docs/MigrationGuide.md (1)

Line range hint 1-2: LGTM!

The subtraction function is implemented correctly.

build.sbt (5)

814-823: Addition of httpUtils Dependency

Including httpUtils as a compile-time dependency in the flinkExecutor module ensures consistent Netty versions across the dependency stack (sttpasync-http-clientnetty). This prevents NoClassDefFoundError exceptions and reduces the model jar size.


1367-1375: Adding httpUtils to liteEngineRuntime Dependencies

Adding httpUtils as a compile-time dependency in the liteEngineRuntime module is appropriate to maintain consistent Netty versions. This helps avoid potential runtime conflicts and reduces the model jar size.


1562-1575: Updated Dependencies in componentsApi Module

The additions to the dependencies in the componentsApi module enhance functionality and align with project requirements. Ensure that all version variables (e.g., flinkCommonsTextV, catsV, enumeratumV) are correctly defined and up to date.


1710-1713: Including sttp Dependencies in httpUtils Module

Adding the sttp dependencies to the httpUtils module helps maintain consistent library versions and prevents potential runtime errors due to mismatched Netty versions in the dependency stack.


1523-1528: Verify Netty Version Consistency in Test Dependencies

The inclusion of async-http-client-backend-future in the test scope may introduce Netty version conflicts. Please verify that the Netty versions across all dependencies are consistent to prevent runtime issues.

Run the following script to list Netty dependencies and their versions:

✅ Verification successful

Based on the results, I can now generate the final response:

Netty Version Consistency is Already Managed

The codebase already handles Netty version consistency carefully:

  • A single nettyV = "4.1.113.Final" is defined and used across all Netty dependencies
  • There are explicit comments acknowledging and addressing the sttp -> async-http-client -> netty dependency chain
  • The project has proper exclusion rules for conflicting Netty versions (e.g., azure-core-http-netty exclusions)
  • Netty reactive streams version is explicitly managed with nettyReactiveStreamsV = "2.0.12"
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: List Netty dependencies and their versions in the project.

# Search for Netty dependencies in build.sbt.
rg 'netty' build.sbt

Length of output: 1569


Script:

#!/bin/bash
# Let's check the version of netty that async-http-client-backend-future brings in
rg -A 1 'sttpV' build.sbt
rg -A 1 'async-http-client' build.sbt

# Also check for any other potential netty dependencies through transitive dependencies
rg 'val.*=.*".*netty.*"' build.sbt

Length of output: 2360

@arkadius arkadius changed the base branch from componentsApi-remove-netty-dependency to staging November 27, 2024 16:40
@arkadius arkadius changed the base branch from staging to componentsApi-remove-netty-dependency November 27, 2024 16:41
Base automatically changed from componentsApi-remove-netty-dependency to staging November 28, 2024 08:30
@arkadius arkadius force-pushed the flinkexecutor-httputils-dependency branch from 67cbe70 to b2d1c20 Compare November 28, 2024 08:31
Copy link
Contributor

@lukasz-bigorajski lukasz-bigorajski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@arkadius arkadius merged commit 02bcde6 into staging Nov 28, 2024
3 of 5 checks passed
@arkadius arkadius deleted the flinkexecutor-httputils-dependency branch November 28, 2024 08:33
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (1)
docs/MigrationGuide.md (1)

Line range hint 4-4: Add unit tests as indicated by TODO comment

The TODO comment indicates missing tests. Unit tests are important to verify the behavior of this function, especially given it was recently modified to add a new parameter.

Would you like me to help create unit tests for this function?

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 67cbe70 and b2d1c20.

📒 Files selected for processing (3)
  • build.sbt (5 hunks)
  • docs/Changelog.md (1 hunks)
  • docs/MigrationGuide.md (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
  • docs/Changelog.md
🔇 Additional comments (4)
build.sbt (2)

814-823: LGTM! Well-documented dependency management improvement.

The addition of httpUtils as a compile-time dependency to flinkExecutor is a good solution for:

  1. Resolving NoClassDefFoundError issues caused by conflicting netty versions
  2. Reducing the size of the model jar bundle
  3. Ensuring consistent library versions across the dependency stack (sttp -> async-http-client -> netty)

This change establishes a pattern where common HTTP-related dependencies are managed through a shared module, promoting consistency and reducing the risk of version conflicts.

Let's verify the dependency tree to confirm the resolution of netty version conflicts:

✅ Verification successful

LGTM! The dependency management approach is well-implemented and consistent

The verification confirms that:

  1. The project uses a fixed netty version (4.1.113.Final) across all dependencies
  2. The httpUtils module is properly configured as a shared dependency to ensure consistent versions in the stack: sttp -> async-http-client -> netty
  3. Azure dependencies that could introduce conflicting netty versions are properly excluded
  4. The dependency is correctly added as compile-time to both flinkExecutor and liteEngineRuntime

The implementation effectively:

  • Prevents NoClassDefFoundError by maintaining consistent netty versions
  • Reduces jar bundle size through shared dependencies
  • Follows good practices in dependency management with proper exclusions and version control
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for potential netty version conflicts in the dependency tree
# Expected: Only one version of netty should be present

# Check netty versions in the classpath
sbt 'flinkExecutor/dependencyTree' | grep -i netty

# Verify the size reduction in the model jar
ls -lh flinkExecutor/target/scala-*/flinkExecutor.jar

Length of output: 296


Script:

#!/bin/bash
# Let's try a different approach to verify the dependency structure
# First, check if there are any direct netty dependencies declared in build.sbt
rg -A 3 -B 3 "netty" build.sbt

# Then check for any other HTTP client related dependencies
rg -A 3 -B 3 "async-http-client|sttp|http" build.sbt

# Also check for any dependency exclusions related to netty
rg "exclude\(" build.sbt

Length of output: 26909


1367-1375: LGTM! Consistent dependency management approach.

The addition of httpUtils as a compile-time dependency to liteEngineRuntime follows the same pattern as flinkExecutor, ensuring consistent dependency management across different runtime environments.

Let's verify the dependency resolution is consistent with the Flink executor:

✅ Verification successful

Dependency management approach is consistent across the codebase

Based on the analysis of build.sbt, the review comment is correct. The evidence shows:

  • httpUtils is consistently used across multiple components, with some using it as a Provided dependency (e.g., in Flink components) and others as a direct dependency where needed
  • The liteEngineRuntime's dependency on httpUtils aligns with the codebase's pattern, particularly considering the comment about managing netty version conflicts
  • Both Flink and Lite runtimes show careful management of their HTTP-related dependencies, with Flink using provided scope for potential conflict resolution and Lite runtime explicitly managing its HTTP stack (sttp, akka-http)
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Compare netty versions between Flink and Lite runtimes
# Expected: Both should use the same version of netty

# Check netty versions in both classpaths
echo "=== Flink Runtime ==="
sbt 'flinkExecutor/dependencyTree' | grep -i netty
echo "=== Lite Runtime ==="
sbt 'liteEngineRuntime/dependencyTree' | grep -i netty

# Compare jar sizes to verify optimization
echo "=== Jar sizes ==="
ls -lh */target/scala-*/flinkExecutor.jar */target/scala-*/liteEngineRuntime.jar 2>/dev/null

Length of output: 529


Script:

#!/bin/bash
# Let's try a different approach by examining the build.sbt file directly
# to verify the dependency management consistency between Flink and Lite runtimes

# First, let's look at the flinkExecutor dependencies
echo "=== Flink Executor Dependencies ==="
rg "lazy val flinkExecutor" -A 20 build.sbt

# Then, let's look at the liteEngineRuntime dependencies
echo "=== Lite Engine Runtime Dependencies ==="
rg "lazy val liteEngineRuntime" -A 20 build.sbt

# Also check for any other httpUtils dependencies to verify consistency
echo "=== Other httpUtils Dependencies ==="
rg "httpUtils" build.sbt

Length of output: 4931

docs/MigrationGuide.md (2)

Line range hint 1-2: LGTM!

The subtraction function is implemented correctly.


Line range hint 6-6: Verify security of pinned requests version

The requests library is pinned to version 2.26.0. Let's verify if this version has any known security vulnerabilities.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants