Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

submodules released as über jars (eg from sbt-assembly) always have MissingClassProblems and None compatibility #190

Open
rtyley opened this issue Dec 7, 2023 · 1 comment

Comments

@rtyley
Copy link
Contributor

rtyley commented Dec 7, 2023

I noticed that versionPolicyAssessCompatibility (added in PR #184) always reports None compatibility for the aws-parameterstore-lambda submodule in the project play-secret-rotation (configured for sbt-version-policy with guardian/play-secret-rotation#416), while all other modules are BinaryAndSourceCompatible (in fact even when there have been no code or dependency changes to the project at all since the last release).

This module is the only one in the play-secret-rotation project that's an sbt-assembly über jar with all of its dependencies (configured in its submodule build.sbt - because it's used in an AWS Lambda, where having a single jar makes for easier deployment).

sbt "show versionPolicyAssessCompatibility"
[info] welcome to sbt 1.9.7 (Amazon.com Inc. Java 11.0.21)
...
[info] set current project to play-secret-rotation-root (in build file:/Users/Roberto_Tyley/code/play-secret-rotation/)
[info] aws-parameterstore-sdk-v1 / versionPolicyAssessCompatibility
[info] Vector((com.gu.play-secret-rotation:aws-parameterstore-sdk-v1:6.0.0,BinaryAndSourceCompatible))
[info] aws-parameterstore-lambda / versionPolicyAssessCompatibility
[info] Vector((com.gu.play-secret-rotation:aws-parameterstore-lambda:6.0.0,None))
[info] play-v28 / versionPolicyAssessCompatibility
[info] Vector((com.gu.play-secret-rotation:play-v28:6.0.0,BinaryAndSourceCompatible))
[info] secret-generator / versionPolicyAssessCompatibility
[info] Vector((com.gu.play-secret-rotation:secret-generator:6.0.0,BinaryAndSourceCompatible))
[info] core / versionPolicyAssessCompatibility
[info] Vector((com.gu.play-secret-rotation:core:6.0.0,BinaryAndSourceCompatible))
...

Running aws-parameterstore-lambda / versionPolicyCheck shows no 'dependency' issues, it's versionPolicyMimaCheck that fails, with hundreds of MissingClassProblems, one for each class from the dependencies that are later folded into the dependency by sbt-assembly:

...
[error]    * class software.amazon.ion.util.IonTextUtils#SymbolVariant does not have a correspondent in current version
[error]      filter with: ProblemFilters.exclude[MissingClassProblem]("software.amazon.ion.util.IonTextUtils$SymbolVariant")
[error]    * class software.amazon.ion.util.IonValueUtils does not have a correspondent in current version
[error]      filter with: ProblemFilters.exclude[MissingClassProblem]("software.amazon.ion.util.IonValueUtils")
[error]    * class software.amazon.ion.util.JarInfo does not have a correspondent in current version
[error]      filter with: ProblemFilters.exclude[MissingClassProblem]("software.amazon.ion.util.JarInfo")
[error]    * interface software.amazon.ion.util.PrivateFastAppendable does not have a correspondent in current version
[error]      filter with: ProblemFilters.exclude[MissingClassProblem]("software.amazon.ion.util.PrivateFastAppendable")
[error]    * class software.amazon.ion.util.Spans does not have a correspondent in current version
[error]      filter with: ProblemFilters.exclude[MissingClassProblem]("software.amazon.ion.util.Spans")
[error] versionPolicyMimaCheck failed
[error] (aws-parameterstore-lambda / versionPolicyMimaCheck) versionPolicyMimaCheck failed

Conceptually, I think it's possible that any über jar submodule is unlikely to ever suffer from the versioning issues that sbt-version-policy is designed to protect against - über jars are used as CLI tools, or AWS Lambdas - standalone programs. In the play-secret-rotation project I'm only publishing aws-parameterstore-lambda as a Maven artifact as it's a convenient place to publish to, for the purpose of distribution.

Workaround

I think a reasonable route is to set versionPolicyAssessCompatibility / skip := true in the submodule (as in guardian/play-secret-rotation#420), but it did take a bit of digging to work out what the problem was and fix it - I'm creating this issue to partly record my findings, and to think about a better developer experience for developers using sbt-version-policy.

cc @julienrf

@rtyley rtyley changed the title submodules released as über jars (eg from sbt-assembly) always have MissingClassProblems and show None compatibility submodules released as über jars (eg from sbt-assembly) always have MissingClassProblems and None compatibility Dec 7, 2023
rtyley added a commit to guardian/play-secret-rotation that referenced this issue Dec 7, 2023
`sbt-version-policy` kept on deciding that every release (eg
https://github.com/guardian/play-secret-rotation/releases/tag/v6.0.0 )
needed a 'MAJOR' version bump, even when there were no changes between
releases:

v5.0.0...v6.0.0

This is due to our submodule `aws-parameterstore-lambda` being released
as an über jar (with `sbt-assembly`) and the issue
scalacenter/sbt-version-policy#190 .

I think setting `versionPolicyAssessCompatibility / skip := true` may
well be enough to fix the issue, though only if
`fromAggregatedAssessedCompatibilityWithLatestRelease()` respects it-
lets see if it will!
@julienrf
Copy link
Collaborator

julienrf commented Dec 7, 2023

Thank you @rtyley for the investigation and detailed report!

As you have noticed, what happens is that Mima compares the project classfiles (without the project's dependencies folded in) with the über-jar.

Conceptually, I think it's possible that any über jar submodule is unlikely to ever suffer from the versioning issues that sbt-version-policy is designed to protect against - über jars are used as CLI tools, or AWS Lambdas - standalone programs.

Yes, I agree with that. If play-secret-rotation is not “consumed” as a library, the versioning scheme implemented by sbt-version-policy is irrelevant, and it should be skipped.

That being said, it is probably possible to configure Mima to work correctly by customizing the setting mimaCurrentClassfiles in the project play-secret-rotation.

To be honest, I believe the solutions to handle this situation should be documented in Mima itself. I see that a discussion was opened, but it does not contain a conclusion: lightbend-labs/mima#709.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants