Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Artifact is resolved incorrectly - v5.46.3 #915

Open
torsten-liermann opened this issue Dec 20, 2024 · 3 comments
Open

Artifact is resolved incorrectly - v5.46.3 #915

torsten-liermann opened this issue Dec 20, 2024 · 3 comments
Labels
bug Something isn't working question Further information is requested

Comments

@torsten-liermann
Copy link

torsten-liermann commented Dec 20, 2024

I am working on a larger Maven project and would find it difficult to provide the problem as a test case. However, perhaps the implementers of the Maven plugin might have an idea where the root cause of the issue lies. The task is the migration of pom.xml files.

The Maven plugin is invoked via the command line:
mvn org.openrewrite.maven:rewrite-maven-plugin:5.46.3:run -Drewrite.configLocation=https://raw.githubusercontent.com/torsten-liermann/openrewrite-pom-manipulation/refs/heads/main/rewrite.yml -Drewrite.activeRecipes=MigrateEAPDependencies

At the 80th pom.xml file, OpenRewrite fails with the following error:

[ERROR] Failed to execute goal org.openrewrite.maven:rewrite-maven-plugin:5.46.3:run (default-cli) on project ok-cash-produkt: Failed to parse or resolve the Maven POM file or one of its dependencies; We can not reliably continue without this information. Failed to parse or resolve the Maven POM file or one of its dependencies; We can not reliably continue without this information. 

The actual issue is that OpenRewrite uses an incorrect version number for this artifact. The correct version, set via a property in a parent pom.xml, is 1.6.1.

In the dependency management section of the parent pom.xml, it is defined as follows:

<dependency>
    <groupId>org.swinglabs</groupId>
    <artifactId>swingx</artifactId>
    <version>${version.org.swinglabs.swingx}</version>
</dependency>

The version property is defined in the same parent pom.xml as:

<version.org.swinglabs.swingx>1.6.1</version.org.swinglabs.swingx>

It's not an issue with the version property in dependency management. Even when I specify a fixed version there, the problem persists unchanged.

If the version is specified explicitly, it works.

The build runs successfully without OpenRewrite and correctly uses version 1.6.1 as expected.

It is worth mentioning this transitive dependency (from the effective-pom):

<dependency>
    <groupId>de.domain.bundles.org.swinglabs</groupId>
    <artifactId>swingx</artifactId>
    <version>1.6.5</version>
    <scope>provided</scope>
</dependency>

Is it possible that the artifact being checked is only identified by the artifactId and/or that the groupId is only checked using "contains"?

@torsten-liermann torsten-liermann added the bug Something isn't working label Dec 20, 2024
@timtebeek
Copy link
Contributor

hi @torsten-liermann ; that "We can not reliably continue without this information." error is something we have addressed in
https://github.com/openrewrite/rewrite-maven-plugin/releases/tag/v5.47.0

That specific message such no longer occur when it was previously caused by dependencies where the .jar was present, but the pom.xml file is missing.

I hope that already helps you there!

@timtebeek timtebeek added the question Further information is requested label Dec 20, 2024
@torsten-liermann
Copy link
Author

Hi Tim,

This is not the cause of the issue reported here. The problem is that OpenRewrite attempts to check a dependency, org.swinglabs:swingx:1.6.5, which is not part of the build.
In the build, there is org.swinglabs:swingx:1.6.1 and de.domain.bundles.org.swinglabs:swingx:1.6.5.

What is noteworthy about these two artifacts is that they have the same artifactId and similar groupIds.

I tested version 5.47.0 with the same result. Even different maven versions, 3.8.8 and 3.9.9, show the same error pattern.

I believe I have a good understanding of maven and was trying to avoid debugging the maven process. But if you have no idea, I suppose I have no choice but to bite the bullet and dive into debugging. :-(

Here’s the stack trace as the maven plugin outputs it to the console as an ERROR:

[ERROR] org.openrewrite.maven.MavenDownloadingException: org.swinglabs:swingx:1.6.5 failed. Unable to download POM: org.swinglabs:swingx:1.6.5. Tried repositories: 
[ERROR] https://repo-domain.de/repository/allrepos/: HTTP 404 
[ERROR]   org.openrewrite.maven.internal.MavenPomDownloader.download(MavenPomDownloader.java:660) 
[ERROR]   org.openrewrite.maven.tree.ResolvedPom.resolveDependencies(ResolvedPom.java:929) 
[ERROR]   org.openrewrite.maven.tree.ResolvedPom.resolveDependencies(ResolvedPom.java:851) 
[ERROR]   org.openrewrite.maven.tree.MavenResolutionResult.resolveDependencies(MavenResolutionResult.java:175) 

@torsten-liermann
Copy link
Author

So far, I have not been able to reproduce the issue in a small example. This small example here https://github.com/torsten-liermann/swingx-reproduce was meant to demonstrate the problem, but it is not sufficient yet.

In the actual project, the parent hierarchy consists of four parents, with the two topmost parents being external. In the topmost parent, a property version.org.swinglabs.swingx is defined with the value 1.6.5. This property is not intended to be overridden by a child. I know this is not ideal, but let's set that aside for now.

In the project's parent, the property version.org.swinglabs.swingx is redefined with the value 1.6.1—which might be a workaround for the aforementioned issue. This value is correct. Maven itself resolves the property correctly, giving priority to the property defined in the project. Unfortunately, in OpenRewrite, the property from the external parent takes precedence.

The project is so large that I cannot fully analyze the hundreds of calls to the mergeProperties() method in ResolvedPom.java.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working question Further information is requested
Projects
Status: No status
Development

No branches or pull requests

2 participants