lein 2.9.2 regression: default profiles not removed from pom/jar/uberjar #2721
Comments
|
Perhaps the recent doc in 8fb39db helps, at least as a work-around? |
|
Hi folks, Just confirming that I'm also running into this problem with Here's another minimal reproducible project in case it's helpful: (defproject com.taoensso.tests/clojars-test "0.1.0-SNAPSHOT"
:dependencies [[org.clojure/clojure "1.10.1"]]
:profiles
{:ring {:dependencies [[ring "1.8.2"]]}
:dev [:ring]})Running
Nothing in my lein profiles, no plugins. Running on macOS Big Sur 11.1. Thanks! |
|
@technomancy all right, will check |
|
Much thanks to you both!! (And for all your work generally on Leiningen!) 🙏 🙏 |
|
The change in #2586 was actually really tiny (apart from the minor refactoring), and you can bring back the old behaviour simply by commenting one form: diff --git a/leiningen-core/src/leiningen/core/project.clj b/leiningen-core/src/leiningen/core/project.clj
index bce9ba90..7b3f55fc 100644
--- a/leiningen-core/src/leiningen/core/project.clj
+++ b/leiningen-core/src/leiningen/core/project.clj
@@ -904,7 +904,7 @@
(defn- apply-profile-meta [default-meta profile]
(cond-> profile
(or (map? profile)
- (composite-profile? profile))
+ #_(composite-profile? profile))
(vary-meta (fn [m] (merge default-meta m)))
(map? profile) set-dependencies-pom-scope))
Unfortunately the profiles code is super complicated and I don't (yet) see why it impacted |
This is a workaround for technomancy/leiningen#2721 Probably best to leave this change in place for some time, since it will be very easy to use an outdated version of leiningen and accidentally include the dev profile again during the deploy.
|
Correct me if I'm wrong, but this seems like a very serious issue. It means for a couple of years now Leiningen has been silently including all dev dependencies in the pom of Clojure library releases. I guess this means an increasing number of projects on clojars.org now have dev dependencies listed in the pom and therefore these dev dependencies are being pulled into applications when the library is used. This seems a lot more of a serious problem than #2132, which makes me wonder, should we comment out the call to Sorry if I have misunderstood the scope of this issue. I didn't notice the problem until an eagle-eyed user told me that a new release I had made included some dev dependencies. I'm concerned about how many projects this will affect. |
|
No, you're right; this is a more serious problem than it looked. I was hoping we'd hear back with more about how this is related to the other change, but I'd much rather have the other thing broken than this. If you want to submit a patch with the change suggested above along with a test for the broken composite pom behavior that'd be fantastic; otherwise I will get to this next week or so. |
|
@joelittlejohn @technomancy I cannot spend time on this, so restoring the old behaviour is fine with me. Of course, if someone is motivated and wants to take this opportunity to look into this in depth, that would be great too. |
|
@glts As you say above, it's a tricky area. I think I'll try to work out if we can fix this properly. Clearly there is some additional check we should make, but not sure what that is right now. I will have a look. |
|
Took care of this and added a test so it doesn't have a regression. Will see if we can do something about the other issue in a way that doesn't break this one. |
|
I have an issue that is derivative of this one (I think) whereby if the dev profile is itself a composite then it breaks other profiles when creating an uberjar in strange ways. I'll provide a reproducer next week if that's of interest. Basically it boils down to the dev profile not being removed from uberjar but the behaviour slightly more odd because the composite nature of dev. I'm guessing your fix above probably wraps that up as well. |
Honestly I'm more interested in knowing whether you can reproduce the problem on the latest dev version; please let me know about that. If it still happens, then a repro case would be helpful, yeah, but if you haven't tried it yet there's no reason to bother with a repro. |
Initial debugging steps
Before creating a report, especially around exceptions being thrown when running Leiningen, please check if the error still occurs after:
lein upgrade).~/.lein/profiles.clj(if present) out of the way. This contains third-party dependencies and plugins that can cause problems inside Leiningen.project.clj, especially if the problem is with a plugin not working. Old versions of plugins like nREPL and CIDER (as well as others) can cause problems with newer versions of Leiningen.Describe the bug
Leiningen does not clear default profiles settings when executing tasks pom/jar/uberjar
To Reproduce
Steps to reproduce the behavior:
lein new dummy:profiles {:foo {:dependencies [[criterium "0.4.6"]]} :dev [:foo]}lein pomActual behavior
A dev dependency was transitively pulled in
Expected behavior
I expect from the documentation that everything brought in by
:devto be removedLink to sample project
https://gist.github.com/bsless/e1f17bf8cfd1968f783c2d9b545e30ea
Environment
OpenJDK Runtime Environment (build 1.8.0_275-8u275-b01-0ubuntu1~20.04-b01)
OpenJDK 64-Bit Server VM (build 25.275-b01, mixed mode)
Additional context
This worked for every version of lein I tried before 2.9.2
The text was updated successfully, but these errors were encountered: