-
Notifications
You must be signed in to change notification settings - Fork 14.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
KAFKA-16803: Update ShadowJavaPlugin #16295
Conversation
I verified that this upgrade includes a commit to remove the deprecated ConfigureUtil: Goooler/shadow@b1d87c2 and the Gradle build scan no longer shows the deprecation warning. It also contains a fix for the blocker mentioned in the previous comment: Goooler/shadow#80 but I have not verified this fix as I am unfamiliar with the original problem. @ijuma and @divijvaidya What do you think about changing forks for this plugin? The existing fork appears to have an issue that blocks our upgrade, isn't compatible with Gradle 9.0, and doesn't appear to have any recent releases. The new fork is from a contributor to the original fork, and has the exact same license. |
build.gradle
Outdated
// Updating the shadow plugin version to 8.1.1 causes issue with signing and publishing the shadowed | ||
// artifacts - see https://github.com/johnrengelman/shadow/issues/901 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this can be removed now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Comment has been removed as suggested
I am not a big fan of taking a dependency on a project maintained by a single developer as it's a huge supply chain risk (cue: https://xkcd.com/2347/) Our dependency on zstd-jni falls in the same category which makes me nervous. Nevertheless, coming back to the topic, I agree that releases on https://github.com/johnrengelman/shadow seems to have stalled and hence, it makes sense to use an alternative in the short term. Using https://github.com/Goooler/shadow sounds good to me. Alternatively, can we get rid of usage of the shadow plugin? I observe that the use case for this plugin is to create a fat jar for |
So maybe we can consider this as a temporary solution and then think about removing that altogether later. Thoughts? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I quickly looked into replacing the shadow jar plugin with a vanilla Jar task.
It lacks the relocate method that we use to perform real shading (not just fat-jar) for the kafka-clients jar.
I don't think that replacing this dependency will be trivial, so i'm fine moving forward with just swapping out the upstream for now.
Thanks, @gharris1727. Hope this can be merged now. |
I checked the upstream diff and didn't see anything out of the ordinary: GradleUp/shadow@8.1.0...Goooler:shadow:v8.1.7 I verified locally that the kafka-clients jar has the correct filename and contains the proper shaded classes. I also verified that the JMH benchmarks run as-expected. |
Test failures are unrelated. |
Thank you @Nancy-ksolves for fixing this! |
@Nancy-ksolves @gharris1727 It looks like We may want to fix the issue or downgrade the shadow plugin to 8.1.3. |
@omkreddy How are you seeing that classifier? This is what i'm seeing:
|
Okay I see that the publish results are different:
|
@omkreddy I confirmed that 8.1.3 prevents the The statement We can immediately downgrade to 8.1.3 since that appears to work. I'll follow up with the upstream repo to see if we can change to lazy evaluation, or re-structure our build to accommodate the eager evaluation order. Thanks again for finding this problem, it's unfortunate that I didn't find it in my pre-merge validation. |
@gharris1727 do you have any suggestion on how could we have caught this regression? One naive option could be to add a validation step in our build logic? In the validation we can start with a simple validation on the names of the files and add more complicated validations later on. |
) Reviewers: Greg Harris <[email protected]>, Divij Vaidya <[email protected]>
…pache#16295)" This reverts commit 391778b. Unfortunately that commit re-introduced bug apache#15127 which prevented the publishing of kafka-clients artifacts to remote maven. As that bug says: The issue triggers only with publishMavenJavaPublicationToMavenRepository due to signing. Generating signed asc files error out for shadowed release artifacts as the module name (clients) differs from the artifact name (kafka-clients). The fix is basically to explicitly define artifact of shadowJar to signing and publish plugin. project.shadow.component(mavenJava) previously outputs the name as client-<version>-all.jar though the classifier and archivesBaseName are already defined correctly in :clients and shadowJar construction.
…16295)" (#17218) This reverts commit 391778b. Unfortunately that commit re-introduced bug #15127 which prevented the publishing of kafka-clients artifacts to remote maven. As that bug says: The issue triggers only with publishMavenJavaPublicationToMavenRepository due to signing. Generating signed asc files error out for shadowed release artifacts as the module name (clients) differs from the artifact name (kafka-clients). The fix is basically to explicitly define artifact of shadowJar to signing and publish plugin. project.shadow.component(mavenJava) previously outputs the name as client-<version>-all.jar though the classifier and archivesBaseName are already defined correctly in :clients and shadowJar construction. Reviewers: David Arthur <[email protected]>
Upgrade to a different ShadowJavaPlugin to remove deprecated dependency 'org.gradle.util.ConfigureUtil'.
Committer Checklist (excluded from commit message)