[
https://issues.apache.org/jira/browse/BEAM-4302?focusedWorklogId=114015&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-114015
]
ASF GitHub Bot logged work on BEAM-4302:
----------------------------------------
Author: ASF GitHub Bot
Created on: 21/Jun/18 01:57
Start Date: 21/Jun/18 01:57
Worklog Time Spent: 10m
Work Description: chamikaramj commented on a change in pull request
#5406: [BEAM-4302] add beam dependency checks
URL: https://github.com/apache/beam/pull/5406#discussion_r196982328
##########
File path:
.test-infra/jenkins/dependency_check/dependency_check_report_generator.py
##########
@@ -0,0 +1,279 @@
+#!/usr/bin/env python
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+import sys
+import os.path
+import re
+import traceback
+from datetime import datetime
+from bigquery_client_utils import BigQueryClientUtils
+
+
+_MAX_STALE_DAYS = 360
+_MAX_MINOR_VERSION_DIFF = 3
+_PYPI_URL = "https://pypi.org/project/";
+_MAVEN_CENTRAL_URL = "http://search.maven.org/#search|gav|1|"
+
+class InvalidFormatError(Exception):
+ def __init__(self, message):
+ super(InvalidFormatError, self).__init__(message)
+
+
+def extract_results(file_path):
+ """
+ Extract the Java/Python dependency reports and return a collection of
out-of-date dependencies.
+ Args:
+ file_path: the path of the raw reports
+ Return:
+ outdated_deps: a collection of dependencies who has updates
+ """
+ outdated_deps = []
+ try:
+ with open(file_path) as raw_report:
+ see_oudated_deps = False
+ for line in raw_report:
+ if see_oudated_deps:
+ outdated_deps.append(line)
+ if line.startswith('The following dependencies have later '):
+ see_oudated_deps = True
+ raw_report.close()
+ return outdated_deps
+ except Exception, e:
+ raise
+
+
+def extract_single_dep(dep):
+ """
+ Extract a single dependency check record from Java and Python reports.
+ Args:
+ dep: e.g "- org.assertj:assertj-core [2.5.0 -> 3.10.0]".
+ Return:
+ dependency name, current version, latest version.
+ """
+ pattern = " - ([\s\S]*)\[([\s\S]*) -> ([\s\S]*)\]"
+ match = re.match(pattern, dep)
+ if match is None:
+ raise InvalidFormatError("Failed to extract the dependency information:
{}".format(dep))
+ return match.group(1).strip(), match.group(2).strip(), match.group(3).strip()
+
+
+def prioritize_dependencies(deps, sdk_type, project_id, dataset_id, table_id):
+ """
+ Extracts and analyze dependency versions and release dates.
+ Returns a collection of dependencies which is "high priority" in html format:
+ 1. dependency has major release. e.g org.assertj:assertj-core [2.5.0 ->
3.10.0]
+ 2. dependency is 3 sub-versions behind the newest one. e.g org.tukaani:xz
[1.5 -> 1.8]
+ 3. dependency has not been updated for more than 6 months.
+
+ Args:
+ deps: A collection of outdated dependencies.
+ Return:
+ high_priority_deps: A collection of dependencies which need to be taken
care of before next release.
+ """
+ high_priority_deps = []
+ bigquery_client = BigQueryClientUtils(project_id, dataset_id, table_id)
+
+ for dep in deps:
+ try:
+ dep_name, curr_ver, latest_ver = extract_single_dep(dep)
+ curr_release_date, latest_release_date =
query_dependency_release_dates(bigquery_client,
+
dep_name,
+
curr_ver,
+
latest_ver)
+ if sdk_type == 'Java':
+ # extract the groupid and artifactid
+ group_id, artifact_id = dep_name.split(":")
+ dep_details_url = "{0}g:\"{1}\" AND
a:\"{2}\"".format(_MAVEN_CENTRAL_URL, group_id, artifact_id)
+ else:
+ dep_details_url = _PYPI_URL + dep_name
+
+ dep_info = """<tr>
+ <td><a href=\'{0}\'>{1}</a></td>
+ <td>{2}</td>
+ <td>{3}</td>
+ <td>{4}</td>
+ <td>{5}</td>
+ </tr>\n""".format(dep_details_url,
+ dep_name,
+ curr_ver,
+ latest_ver,
+ curr_release_date,
+ latest_release_date)
+ if compare_dependency_versions(curr_ver, latest_ver):
+ high_priority_deps.append(dep_info)
+ elif compare_dependency_release_dates(curr_release_date,
latest_release_date):
+ high_priority_deps.append(dep_info)
+ except:
+ traceback.print_exc()
+ continue
+
+ return high_priority_deps
+
+
+def compare_dependency_versions(curr_ver, latest_ver):
+ """
+ Compare the current using version and the latest version.
+ Return true if a major version change was found, or 3 minor versions that
the current version is behind.
+ Args:
+ curr_ver
+ latest_ver
+ Return:
+ boolean
+ """
+ if curr_ver is None or latest_ver is None:
+ return True
+ else:
+ curr_ver_splitted = curr_ver.split('.')
+ latest_ver_splitted = latest_ver.split('.')
+ curr_major_ver = curr_ver_splitted[0]
+ latest_major_ver = latest_ver_splitted[0]
+ # compare major versions
Review comment:
Please make sure that this and other non-trivial logic are covered by unit
tests.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 114015)
Time Spent: 59h 40m (was: 59.5h)
> Fix to dependency hell
> ----------------------
>
> Key: BEAM-4302
> URL: https://issues.apache.org/jira/browse/BEAM-4302
> Project: Beam
> Issue Type: New Feature
> Components: testing
> Reporter: yifan zou
> Assignee: yifan zou
> Priority: Major
> Time Spent: 59h 40m
> Remaining Estimate: 0h
>
> # For Java, a daily Jenkins test to compare version of all Beam dependencies
> to the latest version available in Maven Central.
> # For Python, a daily Jenkins test to compare versions of all Beam
> dependencies to the latest version available in PyPI.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
