Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

KAFKA-16803: Update ShadowJavaPlugin #16295

Merged
merged 2 commits into from
Jun 20, 2024
Merged

Conversation

Nancy-ksolves
Copy link
Contributor

@Nancy-ksolves Nancy-ksolves commented Jun 12, 2024

Upgrade to a different ShadowJavaPlugin to remove deprecated dependency 'org.gradle.util.ConfigureUtil'.

Committer Checklist (excluded from commit message)

  • Verify design and implementation
  • Verify test coverage and CI build status
  • Verify documentation (including upgrade notes)

@gharris1727 gharris1727 added the dependencies Pull requests that update a dependency file label Jun 12, 2024
@gharris1727
Copy link
Contributor

I verified that this upgrade includes a commit to remove the deprecated ConfigureUtil: Goooler/shadow@b1d87c2 and the Gradle build scan no longer shows the deprecation warning.

It also contains a fix for the blocker mentioned in the previous comment: Goooler/shadow#80 but I have not verified this fix as I am unfamiliar with the original problem.

@ijuma and @divijvaidya What do you think about changing forks for this plugin? The existing fork appears to have an issue that blocks our upgrade, isn't compatible with Gradle 9.0, and doesn't appear to have any recent releases. The new fork is from a contributor to the original fork, and has the exact same license.

build.gradle Outdated
Comment on lines 47 to 48
// Updating the shadow plugin version to 8.1.1 causes issue with signing and publishing the shadowed
// artifacts - see https://github.com/johnrengelman/shadow/issues/901
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this can be removed now.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Comment has been removed as suggested

@divijvaidya
Copy link
Contributor

I am not a big fan of taking a dependency on a project maintained by a single developer as it's a huge supply chain risk (cue: https://xkcd.com/2347/)
dependency

Our dependency on zstd-jni falls in the same category which makes me nervous. Nevertheless, coming back to the topic, I agree that releases on https://github.com/johnrengelman/shadow seems to have stalled and hence, it makes sense to use an alternative in the short term. Using https://github.com/Goooler/shadow sounds good to me.

Alternatively, can we get rid of usage of the shadow plugin? I observe that the use case for this plugin is to create a fat jar for jmh-benchmarks. I haven't explored this option, but from a quick look, it looks like we could use a few lines of vanilla gradle to achieve the same result (instead of relying on a dependency)? (see https://www.baeldung.com/gradle-fat-jar)

@Nancy-ksolves
Copy link
Contributor Author

So maybe we can consider this as a temporary solution and then think about removing that altogether later. Thoughts?

Copy link
Contributor

@gharris1727 gharris1727 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I quickly looked into replacing the shadow jar plugin with a vanilla Jar task.
It lacks the relocate method that we use to perform real shading (not just fat-jar) for the kafka-clients jar.
I don't think that replacing this dependency will be trivial, so i'm fine moving forward with just swapping out the upstream for now.

@Nancy-ksolves
Copy link
Contributor Author

Thanks, @gharris1727. Hope this can be merged now.

@gharris1727
Copy link
Contributor

I checked the upstream diff and didn't see anything out of the ordinary: GradleUp/shadow@8.1.0...Goooler:shadow:v8.1.7

I verified locally that the kafka-clients jar has the correct filename and contains the proper shaded classes. I also verified that the JMH benchmarks run as-expected.

@gharris1727
Copy link
Contributor

Test failures are unrelated.

@gharris1727 gharris1727 merged commit 391778b into apache:trunk Jun 20, 2024
1 check failed
@gharris1727
Copy link
Contributor

Thank you @Nancy-ksolves for fixing this!

@omkreddy
Copy link
Contributor

omkreddy commented Jun 28, 2024

@Nancy-ksolves @gharris1727 It looks like io.github.goooler.shadow:8.1.7 is not honouring archiveClassifier added in https://github.com/apache/kafka/blob/trunk/build.gradle#L1569. Due to this clients jar is getting published with '-all' classifier. (kafka-clients-3.9.0-SNAPSHOT-all.jar). Its working with 8.1.3 version.

We may want to fix the issue or downgrade the shadow plugin to 8.1.3.

@gharris1727
Copy link
Contributor

@omkreddy How are you seeing that classifier? This is what i'm seeing:

# ./gradlew clean clients:shadowJar
# ls clients/build/libs/
kafka-clients-3.9.0-SNAPSHOT.jar

@gharris1727
Copy link
Contributor

Okay I see that the publish results are different:

ls ~/.m2/repository/org/apache/kafka/kafka-clients/3.9.0-SNAPSHOT/
kafka-clients-3.9.0-SNAPSHOT-all.jar
...

@gharris1727
Copy link
Contributor

@omkreddy I confirmed that 8.1.3 prevents the -all classifier from being emitted. I did not expect that, because 8.1.3 lacks the classifier "fix" that I thought was necessary for us. After investigating further, I realized that we have an evaluation order problem.

The statement project.shadow.component(mavenJava) is executed before archiveClassifier = null, so the classifier change affects the filesystem but not the publishing build. I think this is a slight mistake in the upstream patch, as the archiveClassifier is eagerly evaluated rather than lazily evaluated.

We can immediately downgrade to 8.1.3 since that appears to work. I'll follow up with the upstream repo to see if we can change to lazy evaluation, or re-structure our build to accommodate the eager evaluation order.

Thanks again for finding this problem, it's unfortunate that I didn't find it in my pre-merge validation.

@gharris1727
Copy link
Contributor

@omkreddy Here's the downgrade PR: #16489

@divijvaidya
Copy link
Contributor

@gharris1727 do you have any suggestion on how could we have caught this regression?

One naive option could be to add a validation step in our build logic? In the validation we can start with a simple validation on the names of the files and add more complicated validations later on.

TaiJuWu pushed a commit to TaiJuWu/kafka that referenced this pull request Jul 4, 2024
cmccabe added a commit to cmccabe/kafka that referenced this pull request Sep 17, 2024
…pache#16295)"

This reverts commit 391778b.

Unfortunately that commit re-introduced bug apache#15127 which prevented the publishing of kafka-clients
artifacts to remote maven. As that bug says:

    The issue triggers only with publishMavenJavaPublicationToMavenRepository due to signing.
    Generating signed asc files error out for shadowed release artifacts as the module name
    (clients) differs from the artifact name (kafka-clients).

    The fix is basically to explicitly define artifact of shadowJar to signing and publish plugin.
    project.shadow.component(mavenJava) previously outputs the name as client-<version>-all.jar
    though the classifier and archivesBaseName are already defined correctly in :clients and
    shadowJar construction.
cmccabe added a commit that referenced this pull request Sep 17, 2024
…16295)" (#17218)

This reverts commit 391778b.

Unfortunately that commit re-introduced bug #15127 which prevented the publishing of kafka-clients
artifacts to remote maven. As that bug says:

    The issue triggers only with publishMavenJavaPublicationToMavenRepository due to signing.
    Generating signed asc files error out for shadowed release artifacts as the module name
    (clients) differs from the artifact name (kafka-clients).

    The fix is basically to explicitly define artifact of shadowJar to signing and publish plugin.
    project.shadow.component(mavenJava) previously outputs the name as client-<version>-all.jar
    though the classifier and archivesBaseName are already defined correctly in :clients and
    shadowJar construction.

Reviewers: David Arthur <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants