Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable Maven Enforcer checks #147

Merged
merged 1 commit into from
Jul 23, 2019
Merged

Enable Maven Enforcer checks #147

merged 1 commit into from
Jul 23, 2019

Conversation

basil
Copy link
Member

@basil basil commented Jul 20, 2019

Problem

pom.xml currently has the enforcer.skip property set to true. This completely disables the Enforcer checks, which hides useful warnings. Unfortunately, re-enabling the Enforcer checks reveals this RequireUpperBoundDeps warning:

[INFO] --- maven-enforcer-plugin:3.0.0-M2:enforce (display-info) @ jenkins-test-harness ---
[WARNING] Rule 3: org.apache.maven.plugins.enforcer.RequireUpperBoundDeps failed with message:
Failed while enforcing RequireUpperBoundDeps. The error(s) are [
Require upper bound dependencies error for com.google.guava:guava:11.0.1 paths to dependency are:
+-org.jenkins-ci.main:jenkins-test-harness:2.54-SNAPSHOT
  +-org.jenkins-ci.main:jenkins-war:2.60.3
    +-org.jenkins-ci.main:jenkins-core:2.60.3
      +-com.google.guava:guava:11.0.1
and
+-org.jenkins-ci.main:jenkins-test-harness:2.54-SNAPSHOT
  +-org.jenkins-ci.main:jenkins-war:2.60.3
    +-org.jenkins-ci.main:jenkins-core:2.60.3
      +-com.google.inject:guice:4.0
        +-com.google.guava:guava:16.0.1
and
+-org.jenkins-ci.main:jenkins-test-harness:2.54-SNAPSHOT
  +-org.jenkins-ci.main:jenkins-war:2.60.3
    +-org.jenkins-ci.main:jenkins-core:2.60.3
      +-org.kohsuke.stapler:stapler-jrebel:1.250
        +-org.kohsuke.stapler:stapler:1.250
          +-com.google.guava:guava:14.0

Evaluation

Normally, the solution to such conflicts is to add a dependencyManagement section explicitly selecting the highest version of the dependency that is required. Unfortunately, that solution isn't quite feasible for Jenkins's Guava dependency, which has a complicated history due to the way Jenkins does class loading. Bumping Guava in the test harness to 16.0.1 would represent significant risk, since Jenkins core actually delivers Guava 11.0.1 today. The test harness currently delivers a version matching Jenkins core, as can be seen by this output:

$ mvn dependency:tree | grep guava
[INFO] |  |  +- com.google.guava:guava:jar:11.0.1:compile (optional)

To avoid the risk of any possible regressions, we want the version of Guava used in the test harness to match the version of Guava used in Jenkins core in production. However, selecting that version won't satisfy the RequireUpperBoundDeps check.

Solution

The long-term fix is far beyond the realm of a single PR and is tracked in JENKINS-36779. This PR merely adds an exclusion for Guava to the RequireUpperBoundDeps check in the test harness. This allows the remaining Enforcer checks to run, which is a net improvement from the current code (where all Enforcer checks are disabled).

@oleg-nenashev oleg-nenashev changed the title Enable Enforcer checks Enable Maven Enforcer checks Jul 22, 2019
@oleg-nenashev
Copy link
Member

It definitely does not make the situation worse, so 🚢 🇮🇹

@oleg-nenashev oleg-nenashev self-assigned this Jul 22, 2019
@oleg-nenashev oleg-nenashev merged commit 4d1d212 into jenkinsci:master Jul 23, 2019
@basil basil deleted the enforcer branch July 29, 2019 18:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oleg-nenashev oleg-nenashev oleg-nenashev approved these changes

Assignees

@oleg-nenashev oleg-nenashev

Labels
internal
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@basil @oleg-nenashev