Hi,
there's this basic rule: always specify your direct dependencies if you
use them in your code, never rely on transitive dependencies.
So in this case commons-io is not directly used by the main classes, but
it is by the test-classes.
It is very likely that a previous version of maven-shared-utils did not
depend on commons-io, which made it required to specify commons-io with
the test-scope for this project.
With this in mind it seems weird to me to remove commons-io as a direct
test-scoped dependency. If for some reason we don't need
maven-shared-utils anymore the tests of this project won't build anymore.
What I would expect to see for the *runtime* plugin classpath are the
direct dependencies with scopes compile, runtime and system, and all their
transitive dependencies with the scopes compile, runtime and system.
The interesting thing that will happen here is that when testing it'll
have commons-io:2.5 on its classpath, whereas at runtime it'll have
commons-io:2.4 on its classpath. Based on the docs that can't be right
(every dependency can only have one version and one scope) but I think it
is.
thanks,
Robert
On Fri, 01 Jul 2016 09:16:47 +0200, Christian Schulte <[email protected]>
wrote:
Hi,
I am currently stumbling upon the following issue. Maven resolves
plugins as if they were a direct dependency of Maven core. That means it
will not consider any 'test' or 'provided' scope dependencies of plugins
when building plugin runtime classpaths. I am not sure if this is the
correct way to go. If it would resolve plugins the same way it resolves
projects, things like the following will start to happen.
Execution default-resources of goal
org.apache.maven.plugins:maven-resources-plugin:3.0.1:resources failed:
A required class was missing while executing
org.apache.maven.plugins:maven-resources-plugin:3.0.1:resources:
org/apache/commons/io/input/XmlStreamReader
Caused by: java.lang.ClassNotFoundException:
org.apache.commons.io.input.XmlStreamReader
Here is the plugin's classpath resolved by Maven <= 3.4.0-SNAPSHOT:
[DEBUG] Dependency collection stats: {ConflictMarker.analyzeTime=4,
ConflictMarker.markTime=4, ConflictMarker.nodeCount=69,
ConflictIdSorter.graphTime=2, ConflictIdSorter.topsortTime=1,
ConflictIdSorter.conflictIdCount=28,
ConflictIdSorter.conflictIdCycleCount=0, ConflictResolver.totalTime=17,
ConflictResolver.conflictItemCount=68,
DefaultDependencyCollector.collectTime=850,
DefaultDependencyCollector.transformTime=36}
[DEBUG] org.apache.maven.plugins:maven-resources-plugin:jar:3.0.1:
[DEBUG] org.apache.maven:maven-plugin-api:jar:3.0:compile
[DEBUG] org.sonatype.sisu:sisu-inject-plexus:jar:1.4.2:compile
[DEBUG] org.sonatype.sisu:sisu-inject-bean:jar:1.4.2:compile
[DEBUG] org.sonatype.sisu:sisu-guice:jar:noaop:2.1.7:compile
[DEBUG] org.apache.maven:maven-core:jar:3.0:compile
[DEBUG] org.apache.maven:maven-settings-builder:jar:3.0:compile
[DEBUG] org.apache.maven:maven-repository-metadata:jar:3.0:compile
[DEBUG] org.apache.maven:maven-model-builder:jar:3.0:compile
[DEBUG] org.apache.maven:maven-aether-provider:jar:3.0:runtime
[DEBUG] org.sonatype.aether:aether-impl:jar:1.7:compile
[DEBUG] org.sonatype.aether:aether-spi:jar:1.7:compile
[DEBUG] org.sonatype.aether:aether-api:jar:1.7:compile
[DEBUG] org.sonatype.aether:aether-util:jar:1.7:compile
[DEBUG] org.codehaus.plexus:plexus-classworlds:jar:2.2.3:compile
[DEBUG]
org.codehaus.plexus:plexus-component-annotations:jar:1.6:compile
[DEBUG] org.sonatype.plexus:plexus-sec-dispatcher:jar:1.3:compile
[DEBUG] org.sonatype.plexus:plexus-cipher:jar:1.4:compile
[DEBUG] org.apache.maven:maven-artifact:jar:3.0:compile
[DEBUG] org.apache.maven:maven-settings:jar:3.0:compile
[DEBUG] org.apache.maven:maven-model:jar:3.0:compile
[DEBUG] org.codehaus.plexus:plexus-utils:jar:3.0.24:compile
[DEBUG] org.apache.maven.shared:maven-filtering:jar:3.1.1:compile
[DEBUG]
org.apache.maven.shared:maven-shared-utils:jar:3.0.0:compile
[DEBUG] commons-io:commons-io:jar:2.4:compile
[DEBUG] com.google.code.findbugs:jsr305:jar:2.0.1:compile
[DEBUG] org.sonatype.plexus:plexus-build-api:jar:0.0.7:compile
[DEBUG] org.codehaus.plexus:plexus-interpolation:jar:1.22:compile
And here is the plugin's classpath resolved the same way projects are
resolved (3.5.0-SNAPSHOT):
[DEBUG] Dependency collection stats:
{ConflictMarker.analyzeTime=3907145, ConflictMarker.markTime=5714366,
ConflictMarker.nodeCount=172, ConflictIdSorter.graphTime=2411000,
ConflictIdSorter.topsortTime=1248278,
ConflictIdSorter.conflictIdCount=38,
ConflictIdSorter.conflictIdCycleCount=0,
ConflictResolver.totalTime=21802925,
ConflictResolver.conflictItemCount=90,
DefaultDependencyCollector.collectTime=1324192650,
DefaultDependencyCollector.transformTime=190157370}
[DEBUG] org.apache.maven.plugins:maven-resources-plugin:jar:3.0.1:
[DEBUG] org.apache.maven:maven-plugin-api:jar:3.0:compile
[DEBUG] org.sonatype.sisu:sisu-inject-plexus:jar:1.4.2:compile
[DEBUG] org.sonatype.sisu:sisu-inject-bean:jar:1.4.2:compile
[DEBUG] org.sonatype.sisu:sisu-guice:jar:noaop:2.1.7:compile
[DEBUG] org.apache.maven:maven-core:jar:3.0:compile
[DEBUG] org.apache.maven:maven-settings-builder:jar:3.0:compile
[DEBUG] org.apache.maven:maven-repository-metadata:jar:3.0:compile
[DEBUG] org.apache.maven:maven-model-builder:jar:3.0:compile
[DEBUG] org.apache.maven:maven-aether-provider:jar:3.0:runtime
[DEBUG] org.sonatype.aether:aether-impl:jar:1.7:compile
[DEBUG] org.sonatype.aether:aether-spi:jar:1.7:compile
[DEBUG] org.sonatype.aether:aether-api:jar:1.7:compile
[DEBUG] org.sonatype.aether:aether-util:jar:1.7:compile
[DEBUG] org.codehaus.plexus:plexus-classworlds:jar:2.2.3:compile
[DEBUG]
org.codehaus.plexus:plexus-component-annotations:jar:1.6:compile
[DEBUG] org.sonatype.plexus:plexus-sec-dispatcher:jar:1.3:compile
[DEBUG] org.sonatype.plexus:plexus-cipher:jar:1.4:compile
[DEBUG] org.apache.maven:maven-artifact:jar:3.0:compile
[DEBUG] org.apache.maven:maven-settings:jar:3.0:compile
[DEBUG] org.apache.maven:maven-model:jar:3.0:compile
[DEBUG]
org.apache.maven.plugin-tools:maven-plugin-annotations:jar:3.4:provided
[DEBUG] org.codehaus.plexus:plexus-utils:jar:3.0.24:compile
[DEBUG] org.apache.maven.shared:maven-filtering:jar:3.1.1:compile
[DEBUG]
org.apache.maven.shared:maven-shared-utils:jar:3.0.0:compile
[DEBUG] com.google.code.findbugs:jsr305:jar:2.0.1:compile
[DEBUG] org.sonatype.plexus:plexus-build-api:jar:0.0.7:compile
[DEBUG] org.codehaus.plexus:plexus-interpolation:jar:1.22:compile
[DEBUG] org.apache.maven:maven-compat:jar:3.0:test
[DEBUG]
org.apache.maven.wagon:wagon-provider-api:jar:1.0-beta-6:test
[DEBUG]
org.apache.maven.plugin-testing:maven-plugin-testing-harness:jar:2.1:test
[DEBUG] org.codehaus.plexus:plexus-archiver:jar:2.2:test
[DEBUG]
org.codehaus.plexus:plexus-container-default:jar:1.0-alpha-9-stable-1:test
[DEBUG] classworlds:classworlds:jar:1.1-alpha-2:test
[DEBUG] org.codehaus.plexus:plexus-io:jar:2.0.4:test
[DEBUG] commons-io:commons-io:jar:2.5:test
[DEBUG] junit:junit:jar:4.12:test
[DEBUG] org.hamcrest:hamcrest-core:jar:1.3:test
As you can see, the last classpath contains the direct 'test'
dependencies of the plugin. I think that is correct, btw. The reason
Maven will throw a ClassNotFoundException that way is the way the
plugin's dependencies have been set up.
The POM of the plugin contains 'commons-io:commons-io:jar:2.5:test'. If
the 'test' scope dependencies are not considered during resolution (as
it is), Maven will pull in 'commons-io:commons-io:jar:2.4:compile'
because that is a transitive dependency of
'org.apache.maven.shared:maven-filtering:jar:3.1.1:compile'. Just
compare the two classpath from where 'commons-io' is pulled in.
Simple question we would need to discuss. Would you say the plugin's POM
is incorrect because it contains that
'commons-io:commons-io:jar:2.5:test' dependency although that dependency
really should be a 'compile' dependency? If it would not be a plugin but
a library to depend on, we would all agree that the POM is incorrect. So
I would say it is a bug because if you were to write a reusable "base"
plugin to extend from (one of the reasons to use annotations), it would
break the build for plugins depending on that "base" plugin.
Regards,
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
