rojyates opened a new issue, #1119:
URL: https://github.com/apache/maven-plugin-tools/issues/1119
### Affected version
3.15.1, 3.15.2
### Bug description
`maven-plugin-plugin:descriptor` intermittently fails with a
`ProvisionException` when run under parallel builds (`-T 1C` or `-T <N>`). The
failure is a threading race in Guice's `SessionScope` when resolving
`MavenSession` for `DescriptorGeneratorMojo`.
**Frequency:** ~30% failure rate with 3.15.2 (8-core agents, `-T 1C`). ~10%
with 3.12.0–3.15.1 (`@Component` field injection races less often than
`@Inject` constructor injection, but both fail).
**Workaround:** Downgrade to 3.11.0 (last version that does not inject
`MavenSession` at all).
## Error Output
```java
[ERROR] Failed to execute goal
org.apache.maven.plugins:maven-plugin-plugin:3.15.2:descriptor
(default-descriptor) on project my-plugin:
Execution default-descriptor of goal
org.apache.maven.plugins:maven-plugin-plugin:3.15.2:descriptor failed:
Unable to load the mojo 'descriptor' (or one of its required components)
from the plugin 'org.apache.maven.plugins:maven-plugin-plugin:3.15.2'
com.google.inject.ProvisionException: Unable to provision, see the following
errors:
1) Error in custom provider, java.lang.IllegalStateException
at
org.apache.maven.session.scope.internal.SessionScopeModule.configure(SessionScopeModule.java:64)
(via modules: org.eclipse.sisu.wire.WireModule -> SessionScopeModule)
while locating org.apache.maven.execution.MavenSession
while locating org.apache.maven.plugin.plugin.DescriptorGeneratorMojo
```
### Steps to reproduce
1. Have a multi-module Maven project where one or more modules have
`<packaging>maven-plugin</packaging>`
2. Build with parallel threads: `mvn clean install -T 1C`
3. Repeat 5–10 times (failure is probabilistic — more CPU cores = higher
failure rate)
### Environment
- Maven: 3.8.5 (also reproducible on 3.9.x)
- JDK: 21 (Zulu 21.0.1 and 21.0.7 confirmed)
- OS: Windows (8-core agents), but likely platform-independent
- Build command: `mvn clean install -DskipTests -T 1C`
### Root cause analysis
Starting in 3.12.0, `DescriptorGeneratorMojo` gained a `@Component private
MavenSession mavenSession` field. In 3.15.2, this was changed to `@Inject`
constructor injection.
Both injection styles resolve `MavenSession` through Guice's `SessionScope`
provider. Under `-T 1C`, worker threads may attempt to resolve `MavenSession`
from `SessionScope` before it has been bound for that thread's execution
context.
Version | How MavenSession is accessed | Affected?
-- | -- | --
≤ 3.11.0 | @Parameter(defaultValue = "${repositorySystemSession}") —
resolved by Maven lifecycle, not Guice | No
3.12.0–3.15.1 | @Component private MavenSession — field injection via Guice
SessionScope | Yes (~10% failure rate)
3.15.2 | @Inject constructor parameter — constructor injection via Guice
SessionScope | Yes (~30% failure rate)
The safe pattern (used in ≤ 3.11.0) resolves session-related objects via
<code>@Parameter</code> expressions which are populated by the Maven lifecycle
per-execution, outside of Guice's scoping mechanism.
### Suggested fix
Either:
1. Revert `DescriptorGeneratorMojo` to use `@Parameter`-based access for
session-scoped objects (as in ≤ 3.11.0), or
2. Ensure `SessionScope` is properly propagated to worker threads before
mojo instantiation under `-T`
### Related
- PR #253 (MPLUGIN-495) — closed/abandoned — discussed warnings about
`@Component` usage for `MavenSession`/`MavenProject`
- PR #1000, #1002 — the Guice constructor injection migration in 3.15.2
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
