-
Notifications
You must be signed in to change notification settings - Fork 337
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Also exclude omitted dependencies #4563
base: main
Are you sure you want to change the base?
Conversation
Signed-off-by: Kun Chang <[email protected]>
Thanks for the work here @ckcd ! Great to see you've found a way around the problem of omitted dependencies. The only thing giving me pause here is that we try to limit change to the |
@timtebeek Thanks for your reply! Sure for the And just confirm, do you mean we can't add new field to |
Thanks! I think that's preferred over adding a collection field to
Some addition is possible, but indeed backwards compatible and ideally with minimal surface API changes if we can. That way there's less to review and maintain going forward. |
Add @SiBorea |
@timtebeek I suggest we create new classes that extend |
@NonFinal | ||
@EqualsAndHashCode.Exclude | ||
List<GroupArtifactVersion> omitDependencies; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One thing to note here is that omitDependencies
is technically @Nullable
, since we serialize LSTs at Moderne, which mean folks might deserialize an older ResolvedDependency
class without any omitDepedencies
field, which can then lead to a null pointer exception further down. Let's make that explicit by adding that annotation here to be safe, and then handle the usage site below to guard against a null value.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have did a little defensive programming for it
} | ||
} | ||
|
||
for (GroupArtifactVersion omit : omitDependencies) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is where we'd have to handle a possible null
omitDependencies
field.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
use getOmitDependencies()
instead here
if (includedBy.getOmitDependencies().isEmpty()) { | ||
includedBy.unsafeSetOmitDependencies(new ArrayList<>()); | ||
} | ||
includedBy.getOmitDependencies().add(new GroupArtifactVersion(d.getGroupId(), d.getArtifactId(), d.getVersion())); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also here the generated getter might return null; as an alternative we could create an explicit getter that always returns a collection.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
getOmitDependencies()
never return null now.
The root cause should be when parse resolved pom, we ignore the omitted dependencies so that these information is lost.
rewrite/rewrite-maven/src/main/java/org/openrewrite/maven/tree/ResolvedPom.java
Line 913 in ed13f4a
So I try to add a new
omitDependencies
list forResolvedDependency
to record these omitted information. And uses thisomitDependencies
when search for potential relation inExcludeDependency
. To avoid affecting other logic, I added a new methodfindDependencyWithOmit
.What's changed?
ExcludeDependency
also exclude omitted dependencies.What's your motivation?
When conflicts occur dependencies are omitted; when we then exclude from the conflict, the omitted dependency can resurface. The goal of ExcludeDependency is to fully exclude a dependency, not to see the omitted conflict being used. We should then also add
<exclusion>
where dependencies are omitted.Anything in particular you'd like reviewers to focus on?
Anyone you would like to review specifically?
Have you considered any alternatives or workarounds?
Any additional context
Checklist