Copilot commented on code in PR #4140:
URL: https://github.com/apache/solr/pull/4140#discussion_r2816182009
##########
solr/modules/opentelemetry/gradle.lockfile:
##########
@@ -65,10 +65,8 @@
io.netty:netty-common:4.2.6.Final=compileClasspath,jarValidation,runtimeClasspat
io.netty:netty-handler-proxy:4.2.6.Final=jarValidation,runtimeClasspath,runtimeLibs,testRuntimeClasspath
io.netty:netty-handler:4.2.6.Final=compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,solrPlatformLibs,testCompileClasspath,testRuntimeClasspath
io.netty:netty-resolver:4.2.6.Final=compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,solrPlatformLibs,testCompileClasspath,testRuntimeClasspath
-io.netty:netty-tcnative-boringssl-static:2.0.70.Final=solrPlatformLibs
-io.netty:netty-tcnative-boringssl-static:2.0.73.Final=compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,testCompileClasspath,testRuntimeClasspath
-io.netty:netty-tcnative-classes:2.0.70.Final=solrPlatformLibs
-io.netty:netty-tcnative-classes:2.0.73.Final=compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,testCompileClasspath,testRuntimeClasspath
+io.netty:netty-tcnative-boringssl-static:2.0.73.Final=compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,solrPlatformLibs,testCompileClasspath,testRuntimeClasspath
+io.netty:netty-tcnative-classes:2.0.73.Final=compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,solrPlatformLibs,testCompileClasspath,testRuntimeClasspath
Review Comment:
The build’s checksum validation expects a corresponding
`solr/licenses/<jarName>.sha1` for every resolved dependency (see
`gradle/validation/jar-checks.gradle`). This lockfile still pins
`netty-tcnative-*-2.0.73.Final`, but the PR deletes the
`solr/licenses/netty-tcnative-*-2.0.73.Final.jar.sha1` files, so
`validateJarChecksums` will fail. Either restore/update the missing `.sha1`
files (via `./gradlew updateLicenses`) or align this module away from
2.0.73.Final.
```suggestion
io.netty:netty-tcnative-boringssl-static:2.0.73.Final=compileClasspath,runtimeClasspath,runtimeLibs,solrPlatformLibs,testCompileClasspath,testRuntimeClasspath
io.netty:netty-tcnative-classes:2.0.73.Final=compileClasspath,runtimeClasspath,runtimeLibs,solrPlatformLibs,testCompileClasspath,testRuntimeClasspath
```
##########
gradle/validation/dependencies.gradle:
##########
@@ -41,6 +41,27 @@ allprojects {
ignoredDependencies.add("org.jetbrains.skiko:skiko-awt-runtime-*")
}
+ // Configure consistent dependency resolution across configurations
+ plugins.withType(JavaPlugin) {
+ project.java {
+ consistentResolution {
+ useCompileClasspathVersions()
+ }
+ }
+ }
+
+ // Helper to force a configuration to use the same dependency versions as
runtimeClasspath.
+ // This ensures that packaging/distribution and validation use the same
versions that were tested.
+ ext.alignWithRuntimeClasspath = { Configuration conf ->
+ conf.incoming.beforeResolve {
+
configurations.runtimeClasspath.resolvedConfiguration.resolvedArtifacts.each {
artifact ->
+ conf.resolutionStrategy.force(
+
"${artifact.moduleVersion.id.group}:${artifact.moduleVersion.id.name}:${artifact.moduleVersion.id.version}"
+ )
+ }
+ }
Review Comment:
`alignWithRuntimeClasspath` resolves `runtimeClasspath` inside
`incoming.beforeResolve` and then forces every resolved artifact version via
`resolutionStrategy.force(...)`. This adds an extra full resolution step and
relies on the legacy `resolvedConfiguration` API, making the build logic harder
to reason about and potentially slower. Since this build uses Gradle 8.10,
consider using
`Configuration.shouldResolveConsistentlyWith(configurations.runtimeClasspath)`
(or an equivalent consistent-resolution mechanism) for custom configurations
instead of forcing versions from resolved artifacts.
```suggestion
// Helper to align a configuration with the same dependency graph as
runtimeClasspath.
// This ensures that packaging/distribution and validation use the same
versions that were tested.
ext.alignWithRuntimeClasspath = { Configuration conf ->
conf.shouldResolveConsistentlyWith(configurations.runtimeClasspath)
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
