Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Recipe to search and provide a report of relocated dependencies #58

Closed
yeikel opened this issue Sep 14, 2023 · 8 comments · Fixed by #59
Closed

Recipe to search and provide a report of relocated dependencies #58

yeikel opened this issue Sep 14, 2023 · 8 comments · Fixed by #59
Assignees
@timtebeek
Labels
enhancement New feature or request recipe

Comments

@yeikel
Copy link

yeikel commented Sep 14, 2023
edited
Loading

What problem are you trying to solve?

In Maven, there is a concept of relocation where library maintainers can publish a version of an artifact and provide additional metadata explaining the new coordinates where it was relocated to:

Example :

https://repo.maven.apache.org/maven2/ant/ant/1.7.0/ant-1.7.0.pom

<project>
    <modelVersion>4.0.0</modelVersion>
    <groupId>ant</groupId>
    <artifactId>ant</artifactId>
    <version>1.7.0</version>
    <distributionManagement>
        <relocation>
            <groupId>org.apache.ant</groupId>
        </relocation>
    </distributionManagement>
</project>

In this case, ant moved from the group id ant -> org.apache.ant so users would normally need to change this manually

Describe the solution you'd like

I would like a search recipe to scan the direct dependencies in my pom file, detect and report the dependencies where this happened.

In the future, we can create a separate recipes to also do the change but that's outside of the scope of this recipe as that's likely more complex. An example is described here openrewrite/rewrite-migrate-java#289

Have you considered any alternatives or workarounds?

I am not aware of any alternative. Users need to watch out for this with every upgrade.

Many library maintainers do not include this metadata(or are aware of this feature), but that's a different problem

Additional context

These changes tend to puts users at risks. it would be ideal to identify these changes automatically as part of the build process/a search recipe

Maven guide : https://maven.apache.org/guides/mini/guide-relocation.html
@yeikel yeikel added the enhancement New feature or request label Sep 14, 2023
@yeikel yeikel changed the title Recipe to search and report of relocated dependencies Recipe to search and provide a report of relocated dependencies Sep 14, 2023
@timtebeek
Copy link
Contributor

I like this suggestion, and would definitely help to get folks un-stuck from older dependencies. Thanks!

@yeikel
Copy link
Author

yeikel commented Sep 14, 2023
edited
Loading

I like this suggestion, and would definitely help to get folks un-stuck from older dependencies. Thanks!

Definitely. Awareness is the hardest part, and finding the newer coordinates is usually detective work

openrewrite/rewrite-migrate-java#286 is one recent example of this and it took me a while to read their docs to find this out

@timtebeek
Copy link
Contributor

Had a quick look; we don't yet map distributionManagement, nor the relocation within that, which has fields for groupId, artifactId, version and message. Not sure if that's necessary, but I'd think so since the dependency poms are not Xml documents we parse as source files, but only into the model of org.openrewrite.maven.internal.RawPom and org.openrewrite.maven.tree.Pom that we pass around.
https://github.com/openrewrite/rewrite/blob/abf6339c0b26e0c40455c3de7bcd41d56471f339/rewrite-maven/src/main/java/org/openrewrite/maven/internal/RawPom.java#L50
https://github.com/openrewrite/rewrite/blob/abf6339c0b26e0c40455c3de7bcd41d56471f339/rewrite-maven/src/main/java/org/openrewrite/maven/tree/Pom.java#L41

I'll move this ticket to openrewrite/rewrite, since it looks to best fit in there given the search recipes we already have there.

@timtebeek timtebeek transferred this issue from openrewrite/rewrite-migrate-java Sep 14, 2023
@timtebeek
Copy link
Contributor

Had a first look for this one; attached a test of where we want to go

package org.openrewrite.maven.cleanup;

import org.junit.jupiter.api.Test;
import org.openrewrite.test.RecipeSpec;
import org.openrewrite.test.RewriteTest;

import static org.openrewrite.maven.Assertions.pomXml;

class RelocateArtifactsTest implements RewriteTest {
    @Override
    public void defaults(RecipeSpec spec) {
        spec.recipe(new RelocateArtifacts());
    }

    @Test
    void shouldRelocateLatestVersion() {
        rewriteRun(
          pomXml(
            """
              <project>
                <modelVersion>4.0.0</modelVersion>
                <groupId>com.mycompany.app</groupId>
                <artifactId>my-app</artifactId>
                <version>1.0</version>
                <dependencies>
                  <!-- relocation in https://repo.maven.apache.org/maven2/ant/ant/1.7.0/ant-1.7.0.pom -->
                  <dependency>
                    <groupId>ant</groupId>
                    <artifactId>ant</artifactId>
                    <version>1.6.5</version>
                  </dependency>
                  <!-- relocation in https://repo.maven.apache.org/maven2/poi/poi/3.0.2-FINAL/poi-3.0.2-FINAL.pom -->
                  <dependency>
                    <groupId>poi</groupId>
                    <artifactId>poi</artifactId>
                    <version>3.0.2-FINAL</version>
                  </dependency>
                </dependencies>
              </project>
              """,
            """
              <project>
                <modelVersion>4.0.0</modelVersion>
                <groupId>com.mycompany.app</groupId>
                <artifactId>my-app</artifactId>
                <version>1.0</version>
                <dependencies>
                  <!-- relocation in https://repo.maven.apache.org/maven2/ant/ant/1.7.0/ant-1.7.0.pom -->
                  <dependency>
                    <groupId>org.apache.ant</groupId>
                    <artifactId>ant</artifactId>
                    <version>1.6.5</version>
                  </dependency>
                  <!-- relocation in https://repo.maven.apache.org/maven2/poi/poi/3.0.2-FINAL/poi-3.0.2-FINAL.pom -->
                  <dependency>
                    <groupId>org.apache.poi</groupId>
                    <artifactId>poi</artifactId>
                    <version>3.0.2-FINAL</version>
                  </dependency>
                </dependencies>
              </project>
              """
          )
        );
    }
}

@timtebeek
Copy link
Contributor

Implementation is slightly more complicated since the meta data that we download does not show the version numbers that contain the relocation:

https://github.com/openrewrite/rewrite/blob/fd27b0e4da6ca362c758621f8dc52fba8ac19638/rewrite-maven/src/main/java/org/openrewrite/maven/internal/MavenPomDownloader.java#L226-L230

So then that complicates reuse if the discovery of newer versions as we usually do in
https://github.com/openrewrite/rewrite/blob/744baf2b0d2a733453e5eccddb05d37ba441187c/rewrite-maven/src/main/java/org/openrewrite/maven/MavenVisitor.java#L334-L337

@yeikel yeikel mentioned this issue Nov 20, 2023
Open
@timtebeek
Copy link
Contributor

So perhaps a better example is https://repo1.maven.org/maven2/mysql/mysql-connector-java/maven-metadata.xml
which does show https://repo1.maven.org/maven2/mysql/mysql-connector-java/8.0.33/mysql-connector-java-8.0.33.pom

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <groupId>mysql</groupId>
  <artifactId>mysql-connector-java</artifactId>
  <version>8.0.33</version>
  <distributionManagement>
    <relocation>
      <groupId>com.mysql</groupId>
      <artifactId>mysql-connector-j</artifactId>
      <message>MySQL Connector/J artifacts moved to reverse-DNS compliant Maven 2+ coordinates.</message>
    </relocation>
  </distributionManagement>
</project>

@fabapp2 fabapp2 mentioned this issue Nov 21, 2023
Draft
@timtebeek
Copy link
Contributor

There's also a separate plugin solely focused on migrating outdated groupIds; they maintain a list at:
https://github.com/jonathanlermitage/oga-maven-plugin/blob/master/uc/og-definitions.json

@timtebeek timtebeek transferred this issue from openrewrite/rewrite Jan 20, 2024
@timtebeek timtebeek self-assigned this Jan 20, 2024
@timtebeek timtebeek moved this from Recipes Wanted to In Progress in OpenRewrite Jan 20, 2024
@timtebeek timtebeek mentioned this issue Jan 20, 2024
Merged
@timtebeek
Copy link
Contributor

@yeikel You can find (and critique) my approach in #59 :)

@timtebeek timtebeek moved this from In Progress to Ready to Review in OpenRewrite Jan 20, 2024
@github-project-automation github-project-automation bot moved this from Ready to Review to Done in OpenRewrite Jan 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@timtebeek timtebeek

Labels
enhancement New feature or request recipe
Projects
OpenRewrite
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Find relocated dependencies openrewrite/rewrite-java-dependencies
2 participants
@timtebeek @yeikel