Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[MENFORCER-426] DependencyConvergence transitive dependencies with version range #259

Merged
merged 1 commit into from
May 22, 2023

Conversation

slawekjaranowski
Copy link
Member

@slawekjaranowski slawekjaranowski commented Mar 20, 2023

Following this checklist to help us incorporate your
contribution quickly and easily:

  • Make sure there is a JIRA issue filed
    for the change (usually before you start working on it). Trivial changes like typos do not
    require a JIRA issue. Your pull request should address just this issue, without
    pulling in other changes.
  • Each commit in the pull request should have a meaningful subject line and body.
  • Format the pull request title like [MENFORCER-XXX] - Fixes bug in ApproximateQuantiles,
    where you replace MENFORCER-XXX with the appropriate JIRA issue. Best practice
    is to use the JIRA issue title in the pull request title and in the first line of the
    commit message.
  • Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
  • Run mvn clean verify to make sure basic checks pass. A more thorough check will
    be performed on your pull request automatically.
  • You have run the integration tests successfully (mvn -Prun-its clean verify).

If your pull request is about ~20 lines of code you don't need to sign an
Individual Contributor License Agreement if you are unsure
please ask on the developers list.

To make clear that you license your contribution under
the Apache License Version 2.0, January 2004
you have to acknowledge this by using the following check-box.

@slawekjaranowski slawekjaranowski marked this pull request as draft March 20, 2023 23:35
cstamas added a commit to apache/maven-resolver that referenced this pull request Mar 24, 2023
…ersion ordering (#271)

Our two collector implementations produce slightly different dirty trees when in transitive dependencies ranges are in use. The new BF produces (w/ and w/o skipper) produces this dirty tree:
```
menforcer426:aid:ext:1 compile
+- menforcer426:bid:ext:1 compile
|  +- menforcer426:cid:ext:3 compile
|  +- menforcer426:cid:ext:2 compile
|  \- menforcer426:cid:ext:1 compile
+- menforcer426:cid:ext:3 compile
+- menforcer426:cid:ext:2 compile
\- menforcer426:cid:ext:1 compile
```
The "old" DF produces this one:
```
menforcer426:aid:ext:1 compile
+- menforcer426:bid:ext:1 compile
|  +- menforcer426:cid:ext:1 compile
|  +- menforcer426:cid:ext:2 compile
|  \- menforcer426:cid:ext:3 compile
+- menforcer426:cid:ext:1 compile
+- menforcer426:cid:ext:2 compile
\- menforcer426:cid:ext:3 compile
```

Spot the difference: the two dirty trees are "semantically" (or content-wise?) equal/same, except for the artifact ordering, where there was a version range (collector in this case discovers available versions that "fits" range and created nodes for them, one for each version that lies within version constraint). DF collector relies and provides "metadata based" ordering (as metadata contained the versions), while BF explicitly sorts them in descending order (for internal optimization purposes). Point is, both dirty trees are ok.

But, Conflict resolver in verbose mode for two inputs above produces different outputs. For DF with "divergence found",  while for BF "no divergence found" (correctly).

Overall changes in this PR:
* most are test and test related resources
* cosmetic changes like javadoc typos, adding override etc
* added reusable `DependencyGraphDumper`
* key changes are in `ConflictResolver` covered by `ConflictResolverTest` UT changes
* overall fix is to make `ConflictResolver` insensitive to input dirty tree version ordering, make sure output is same for "semantically" (or content-wise?) same inputs.

How tested this:
* built/installed this PR
* built maven-3.9.x with this resolver
* ran maven IT suite -- OK
* ran apache/maven-enforcer#259 w/ built maven (so fixed resolver is used). This PR contains only one reproducer IT that fails with any released Maven version -- OK w/ maven built as above.

Just realized how enforcer ITs are good source of inspiration for resolver use cases, so many if not all of new tests are actually inspired by enforcer ITs.

---

https://issues.apache.org/jira/browse/MRESOLVER-345
…rsion range

IT for ensure that DependencyConvergence with transitive dependencies with version range works correctly
Root cause was fixed in Maven 3.9.2
@slawekjaranowski slawekjaranowski changed the title [MENFORCER-426] Reproduce issue [MENFORCER-426] DependencyConvergence transitive dependencies with version range May 19, 2023
@slawekjaranowski slawekjaranowski marked this pull request as ready for review May 19, 2023 06:15
@slawekjaranowski slawekjaranowski merged commit cd8b7fa into master May 22, 2023
@slawekjaranowski slawekjaranowski deleted the MENFORCER-426 branch May 22, 2023 17:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants