You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I noticed that versionPolicyAssessCompatibility (added in PR #184) always reports None compatibility for the aws-parameterstore-lambda submodule in the project play-secret-rotation (configured for sbt-version-policy with guardian/play-secret-rotation#416), while all other modules are BinaryAndSourceCompatible (in fact even when there have been no code or dependency changes to the project at all since the last release).
This module is the only one in the play-secret-rotation project that's an sbt-assembly über jar with all of its dependencies (configured in its submodule build.sbt - because it's used in an AWS Lambda, where having a single jar makes for easier deployment).
sbt "show versionPolicyAssessCompatibility"
[info] welcome to sbt 1.9.7 (Amazon.com Inc. Java 11.0.21)
...
[info] set current project to play-secret-rotation-root (in build file:/Users/Roberto_Tyley/code/play-secret-rotation/)
[info] aws-parameterstore-sdk-v1 / versionPolicyAssessCompatibility
[info] Vector((com.gu.play-secret-rotation:aws-parameterstore-sdk-v1:6.0.0,BinaryAndSourceCompatible))
[info] aws-parameterstore-lambda / versionPolicyAssessCompatibility
[info] Vector((com.gu.play-secret-rotation:aws-parameterstore-lambda:6.0.0,None))
[info] play-v28 / versionPolicyAssessCompatibility
[info] Vector((com.gu.play-secret-rotation:play-v28:6.0.0,BinaryAndSourceCompatible))
[info] secret-generator / versionPolicyAssessCompatibility
[info] Vector((com.gu.play-secret-rotation:secret-generator:6.0.0,BinaryAndSourceCompatible))
[info] core / versionPolicyAssessCompatibility
[info] Vector((com.gu.play-secret-rotation:core:6.0.0,BinaryAndSourceCompatible))
...
Running aws-parameterstore-lambda / versionPolicyCheck shows no 'dependency' issues, it's versionPolicyMimaCheck that fails, with hundreds of MissingClassProblems, one for each class from the dependencies that are later folded into the dependency by sbt-assembly:
...
[error] * class software.amazon.ion.util.IonTextUtils#SymbolVariant does not have a correspondent in current version
[error] filter with: ProblemFilters.exclude[MissingClassProblem]("software.amazon.ion.util.IonTextUtils$SymbolVariant")
[error] * class software.amazon.ion.util.IonValueUtils does not have a correspondent in current version
[error] filter with: ProblemFilters.exclude[MissingClassProblem]("software.amazon.ion.util.IonValueUtils")
[error] * class software.amazon.ion.util.JarInfo does not have a correspondent in current version
[error] filter with: ProblemFilters.exclude[MissingClassProblem]("software.amazon.ion.util.JarInfo")
[error] * interface software.amazon.ion.util.PrivateFastAppendable does not have a correspondent in current version
[error] filter with: ProblemFilters.exclude[MissingClassProblem]("software.amazon.ion.util.PrivateFastAppendable")
[error] * class software.amazon.ion.util.Spans does not have a correspondent in current version
[error] filter with: ProblemFilters.exclude[MissingClassProblem]("software.amazon.ion.util.Spans")
[error] versionPolicyMimaCheck failed
[error] (aws-parameterstore-lambda / versionPolicyMimaCheck) versionPolicyMimaCheck failed
Conceptually, I think it's possible that any über jar submodule is unlikely to ever suffer from the versioning issues that sbt-version-policy is designed to protect against - über jars are used as CLI tools, or AWS Lambdas - standalone programs. In the play-secret-rotation project I'm only publishing aws-parameterstore-lambda as a Maven artifact as it's a convenient place to publish to, for the purpose of distribution.
Workaround
I think a reasonable route is to set versionPolicyAssessCompatibility / skip := true in the submodule (as in guardian/play-secret-rotation#420), but it did take a bit of digging to work out what the problem was and fix it - I'm creating this issue to partly record my findings, and to think about a better developer experience for developers using sbt-version-policy.
The text was updated successfully, but these errors were encountered:
rtyley
changed the title
submodules released as über jars (eg from sbt-assembly) always have MissingClassProblems and show None compatibility
submodules released as über jars (eg from sbt-assembly) always have MissingClassProblems and None compatibility
Dec 7, 2023
rtyley
added a commit
to guardian/play-secret-rotation
that referenced
this issue
Dec 7, 2023
`sbt-version-policy` kept on deciding that every release (eg
https://github.com/guardian/play-secret-rotation/releases/tag/v6.0.0 )
needed a 'MAJOR' version bump, even when there were no changes between
releases:
v5.0.0...v6.0.0
This is due to our submodule `aws-parameterstore-lambda` being released
as an über jar (with `sbt-assembly`) and the issue
scalacenter/sbt-version-policy#190 .
I think setting `versionPolicyAssessCompatibility / skip := true` may
well be enough to fix the issue, though only if
`fromAggregatedAssessedCompatibilityWithLatestRelease()` respects it-
lets see if it will!
Thank you @rtyley for the investigation and detailed report!
As you have noticed, what happens is that Mima compares the project classfiles (without the project's dependencies folded in) with the über-jar.
Conceptually, I think it's possible that any über jar submodule is unlikely to ever suffer from the versioning issues that sbt-version-policy is designed to protect against - über jars are used as CLI tools, or AWS Lambdas - standalone programs.
Yes, I agree with that. If play-secret-rotation is not “consumed” as a library, the versioning scheme implemented by sbt-version-policy is irrelevant, and it should be skipped.
That being said, it is probably possible to configure Mima to work correctly by customizing the setting mimaCurrentClassfiles in the project play-secret-rotation.
To be honest, I believe the solutions to handle this situation should be documented in Mima itself. I see that a discussion was opened, but it does not contain a conclusion: lightbend-labs/mima#709.
I noticed that
versionPolicyAssessCompatibility
(added in PR #184) always reportsNone
compatibility for theaws-parameterstore-lambda
submodule in the projectplay-secret-rotation
(configured forsbt-version-policy
with guardian/play-secret-rotation#416), while all other modules areBinaryAndSourceCompatible
(in fact even when there have been no code or dependency changes to the project at all since the last release).This module is the only one in the
play-secret-rotation
project that's ansbt-assembly
über jar with all of its dependencies (configured in its submodule build.sbt - because it's used in an AWS Lambda, where having a single jar makes for easier deployment).Running
aws-parameterstore-lambda / versionPolicyCheck
shows no 'dependency' issues, it'sversionPolicyMimaCheck
that fails, with hundreds ofMissingClassProblem
s, one for each class from the dependencies that are later folded into the dependency bysbt-assembly
:Conceptually, I think it's possible that any über jar submodule is unlikely to ever suffer from the versioning issues that
sbt-version-policy
is designed to protect against - über jars are used as CLI tools, or AWS Lambdas - standalone programs. In theplay-secret-rotation
project I'm only publishingaws-parameterstore-lambda
as a Maven artifact as it's a convenient place to publish to, for the purpose of distribution.Workaround
I think a reasonable route is to set
versionPolicyAssessCompatibility / skip := true
in the submodule (as in guardian/play-secret-rotation#420), but it did take a bit of digging to work out what the problem was and fix it - I'm creating this issue to partly record my findings, and to think about a better developer experience for developers usingsbt-version-policy
.cc @julienrf
The text was updated successfully, but these errors were encountered: