cloud-opensource-java icon indicating copy to clipboard operation
cloud-opensource-java copied to clipboard
verified publisher icon GoogleCloudPlatform

Linkage Monitor does not detect errors when pom.xml has the same version as the one in libraries-bom

Open suztomo opened this issue 6 years ago • 3 comments

Linkage Monitor does not detect linkage errors when "-SNAPSHOT" is not added to pom.xml yet during a release cycle.

Case of java-cloud-bom

This PR https://github.com/googleapis/java-cloud-bom/pull/146 should have detected linkage errors by Linkage Monitor, but it did not. The log (http://sponge2/ed689c2b-ba00-4ea7-881f-a959ef01a151) had

...
[INFO] Installing /tmpfs/src/github/java-cloud-bom/pom.xml to /root/.m2/repository/com/google/cloud/google-cloud-bom/0.120.2-alpha/google-cloud-bom-0.120.2-alpha.pom
...

INFO: BOM Coordinates: com.google.cloud:libraries-bom:3.2.0
Dec 17, 2019 1:34:41 PM com.google.cloud.tools.dependencies.linkagemonitor.LinkageMonitor run
INFO: Could not find SNAPSHOT versions for the artifacts in the BOM. Not running comparison.

This presubmit check should have reported the error on google-auth-library-oauth2-http-0.17.1.jar. (link).

Why didn't Linkage Monitor work?

The commit https://github.com/googleapis/java-cloud-bom/pull/146/commits/00bf96454f6ebb4612e58ca829cadd4c86d59d9d had "0.120.2-alpha" as version. This does not have "-SNAPSHOT" yet.

suztomo@suxtomo24:~/java-cloud-bom$ git checkout 00bf96454f6ebb4612e58ca829cadd4c86d59d9d
HEAD is now at 00bf964 updates
suztomo@suxtomo24:~/java-cloud-bom$ grep '<version>' pom.xml |head -1
  <version>0.120.2-alpha</version><!-- {x-version-update:google-cloud-bom:current} -->

Because com.google.cloud:libraries-bom:3.2.0 already has "0.120.2-alpha" for google-cloud-java, Linkage Monitor did not compare the result of the change. Even if it compares the results, which contain the google-auth-library-oauth2-http errors, there's no diff to report.

(temporary) Solution

Do not rely on Linkage Monitor presubmit checks during a release, when "-SNAPSHOT" is stripped.

Update the version of pom.xml to have "-SNAPSHOT" soon after a release is finished. In the case of the example above, it took 11 days to update the version from 0.120.2 to 0.120.3-SNAPSHOT.

* 14fc838       release-please[bot]     Tue Dec 17 08:31:15 2019 -0800  chore: release 0.120.3-SNAPSHOT (#149)
* 797a131       Elliotte Rusty Harold   Tue Dec 17 11:30:54 2019 -0500  deps: update google-cloud-automl-bom to 0.115.1 (#150)
...
* a8d88a4       Renovate Bot    Tue Dec 17 15:33:16 2019 +0200  chore(deps): update dependency io.grafeas:grafeas to v0.23.0 (#134)
| * 00bf964     Elliotte Rusty Harold   Tue Dec 17 08:31:12 2019 -0500  updates
|/  
* 62544be       Anuraag Agrawal Tue Dec 17 21:53:11 2019 +0900  fix: bump trace to fix missing dependency (#142)
* 006a6da       release-please[bot]     Fri Dec 6 14:52:15 2019 -0800   chore: release 0.120.2 (#140)

suztomo avatar Dec 18 '19 18:12 suztomo

Or should linkage-monitor.sh fail if the version does not contain "SNAPSHOT"?

suztomo avatar Dec 18 '19 21:12 suztomo

IMHO Linkage monitor should not care what version is in the repo. Whatever it finds there should be swapped in instead of the version in the BOM.

elharo avatar Dec 18 '19 22:12 elharo

Similar symptom happened in gax-java, where the version in the repo is the same as the latest one in Maven Central. https://github.com/googleapis/gax-java/pull/864#issuecomment-585892992

suztomo avatar Feb 13 '20 18:02 suztomo