JinwooHwang opened a new pull request, #7969:
URL: https://github.com/apache/geode/pull/7969
### Problem
The published `geode-core-2.0.0.pom` was invalid, causing Maven to refuse
processing ANY transitive dependencies. Users had to manually add all
dependencies that should have been transitive.
**Maven Error:**
```
[WARNING] The POM for org.apache.geode:geode-core:jar:2.0.0 is invalid,
transitive dependencies (if any) will not be available
[ERROR] 'dependencies.dependency.version' for
com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:jar is missing
```
**Dependency Tree (broken):**
```
test:app:jar:1.0
\- org.apache.geode:geode-core:jar:2.0.0:compile
(NO TRANSITIVE DEPENDENCIES!)
```
### Root Cause
`geode-core/build.gradle` line 207 declares `jackson-dataformat-yaml`
without a version:
```groovy
runtimeOnly('com.fasterxml.jackson.dataformat:jackson-dataformat-yaml')
```
This relies on `DependencyConstraints.groovy` to provide the version via the
BOM. However, `DependencyConstraints.groovy` defined constraints for:
- `com.fasterxml.jackson.core.*`
- `com.fasterxml.jackson.datatype.*`
- `com.fasterxml.jackson.dataformat.*` **(MISSING!)**
Result: The published POM had a dependency with no `<version>` tag, making
it invalid per Maven spec. Maven rejects invalid POMs and refuses to process
their transitive dependencies.
### Solution
Added the missing dependency constraint to `DependencyConstraints.groovy`:
```groovy
dependencySet(group: 'com.fasterxml.jackson.dataformat', version:
get('jackson.version')) {
entry('jackson-dataformat-yaml')
}
```
This adds `jackson-dataformat-yaml:2.17.0` to the `geode-all-bom` dependency
management, ensuring the published `geode-core` POM is valid.
### Verification
**After fix, dependency tree works correctly:**
```
test:app:jar:1.0
\- org.apache.geode:geode-core:jar:2.0.0:compile
+- commons-io:commons-io:jar:2.19.0:compile
+- io.micrometer:micrometer-core:jar:1.14.0:compile
+- jakarta.transaction:jakarta.transaction-api:jar:2.0.1:compile
+- org.apache.shiro:shiro-core:jar:1.13.0:compile
+- org.apache.geode:geode-common:jar:2.0.0:compile
... (all transitive dependencies working)
```
No invalid POM warnings. All transitive dependencies are pulled correctly.
### Impact
This fixes the invalid POM that was blocking all transitive dependencies,
including:
- antlr
- jopt-simple
- micrometer-core
- shiro-core
- jakarta.transaction-api
- geode-management
- geode-deployment-legacy
- rmiio
Users no longer need to manually declare these dependencies.
### Testing
- Verified `geode-all-bom` contains `jackson-dataformat-yaml:2.17.0`
- Published `geode-core` POM imports BOM in `<dependencyManagement>`
- Maven accepts the POM as valid (no warnings)
- All transitive dependencies resolve correctly
---
**Issue discovered by:** Leon during 2.0.0.RC2 testing
<!-- Thank you for submitting a contribution to Apache Geode. -->
<!-- In order to streamline review of your contribution we ask that you
ensure you've taken the following steps. -->
### For all changes, please confirm:
- [ ] Is there a JIRA ticket associated with this PR? Is it referenced in
the commit message?
- [x] Has your PR been rebased against the latest commit within the target
branch (typically `develop`)?
- [x] Is your initial contribution a single, squashed commit?
- [x] Does `gradlew build` run cleanly?
- [ ] Have you written or updated unit tests to verify your changes?
- [ ] If adding new dependencies to the code, are these dependencies
licensed in a way that is compatible for inclusion under [ASF
2.0](http://www.apache.org/legal/resolved.html#category-a)?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
