qianye1001 commented on issue #10383:
URL: https://github.com/apache/rocketmq/issues/10383#issuecomment-4544221349

   ## Issue Analysis: Bazel Dependencies Out of Sync with Maven
   
   ### Verification Status: ✅ **Confirmed Bug**
   
   Analyzed against develop branch (commit 41a3a35). The issue is **valid** — 
Bazel dependency declarations have significantly drifted from Maven pom.xml.
   
   ### Key Findings
   
   **18 version mismatches** in WORKSPACE:
   
   | Artifact | Maven | Bazel | Status |
   |----------|-------|-------|--------|
   | netty-all | 4.1.130.Final | 4.1.65.Final | ⚠️ 65 patches behind |
   | fastjson | 1.2.83 | 1.2.76 | ⚠️ 7 versions behind |
   | guava | 32.0.1-jre | 31.0.1-jre | ⚠️ 1 major behind |
   | commons-lang3 | 3.20.0 | 3.12.0 | ⚠️ 8 minors behind |
   | commons-io | 2.14.0 | 2.7 | ⚠️ 7 minors behind |
   | bcpkix | jdk18on:1.83 | jdk15on:1.69 | ⚠️ artifact renamed + version |
   | grpc-* | 1.53.0 | 1.47.0 | ⚠️ 6 minors behind |
   | ... and 11 more | | | |
   
   **Missing from WORKSPACE:** grpc-netty, disruptor, sofa-jraft, 
jackson-databind, rocketmq-client-java, s3mock-junit4
   
   **Module drift (common/ example):** pom.xml has grpc-stub, 
grpc-netty-shaded, okio-jvm, annotations-api → missing from BUILD.bazel
   
   **3 modules without BUILD.bazel:** distribution, example, openmessaging
   
   **No CI guard** to prevent future drift.
   
   ### Recommended Fix (2 PRs)
   
   **PR1 — Quick win:**
   - Update all 18 version pins in WORKSPACE to match pom.xml
   - Add 6 missing artifacts to WORKSPACE
   - Regenerate lock file (`REPIN=1 bazel run @unpinned_maven//:pin`)
   
   **PR2 — Full alignment:**
   - Reconcile per-module BUILD.bazel deps against pom.xml
   - Add BUILD.bazel for example/ and openmessaging/
   - Add CI drift-check script to `bazel.yml`
   - Document alignment rules in contributor guide
   
   ### Labels
   
   Suggested: `bug`, `module/container` (build system)
   
   ---
   
   Full spec available as `spec_v1.md` in the issue workspace. Awaiting 
community feedback: `/approve`, `/revise`, or `/reject`.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to