search

bazel-contrib / rules_jvm_external

Bazel rules to resolve, fetch and export Maven artifacts
Apache License 2.0
336 stars 256 forks source link

Maven resolver creates diffs in the lock files even when nothing was changed #1163

Open tharakadesilva opened 5 months ago

tharakadesilva commented 5 months ago

I am running the pinning with:

RJE_MAX_THREADS=20 RJE_UNSAFE_CACHE=0 REPIN=1 bazel run @maven//:pin

Running the command multiple times could get you back to the original state as well...

Here's an example of a diff that I received:

diff --git a/maven/maven_install.json b/maven/maven_install.json
index 684385d88a..c19e701f01 100644
--- a/maven/maven_install.json
+++ b/maven/maven_install.json
@@ -1,7 +1,7 @@
 {
   "__AUTOGENERATED_FILE_DO_NOT_MODIFY_THIS_FILE_MANUALLY": "THERE_IS_NO_DATA_ONLY_ZUUL",
   "__INPUT_ARTIFACTS_HASH": 1654779380,
-  "__RESOLVED_ARTIFACTS_HASH": -1589180951,
+  "__RESOLVED_ARTIFACTS_HASH": -1212242366,
   "artifacts": {
     "ai.h2o:h2o-genmodel": {
       "shasums": {
@@ -4208,8 +4208,8 @@
     },
     "com.github.ben-manes.caffeine:caffeine": {
       "shasums": {
-        "jar": "1e0a7bbef1dd791653143f3f05d0e489934bf5481e58a87c9e619cd46b68729b",
-        "sources": "9c70fa3874ad26bca1e071b7eb69a96d37f6d544eda743b4b00ea050f377b0d0"
+        "jar": "432e3438ba91e173b19317415369dd755fb6bca292f62f122445ca84cad45b1e",
+        "sources": "af1a42001544ac593e31426851098831bdd22b2a24fc74d78066d047f6fa4424"
       },
       "version": "2.9.3"
     },
@@ -4257,14 +4257,14 @@
     },
     "com.github.java-json-tools:btf": {
       "shasums": {
-        "jar": "67c3e462eb50807f4e0a5f4dee304bbf17cd986a42ee5eb0b2f4c9bf64d130d9",
-        "sources": "97f8bfb9a8876534bf2832a5be4b913b695d72c6ff6f9c8c6719bd38fd4aeb73"
+        "jar": "d118aaac1629f27924edc0e1c0629f98f67bd1660c7050612db9f83bca308b56",
+        "sources": "6f5e0b9a228bb46ae795c0a2b3cfc9087cbcef13592c85afc93605f87b10f5bb"
       },
       "version": "1.3"
     },
     "com.github.java-json-tools:jackson-coreutils": {
       "shasums": {
-        "jar": "16b3aabd3a9eb25655dda433e35f9bd9c7c1aa7991427702f5f11f000813dbb0",
+        "jar": "41091c2b2f9ad422c6951da992b6b8e8476b918981e9df30a35362ca08589648",
         "sources": "6f39b6beed5b000702ade7014be2ca21f895a0b70ab6c199f6ca5bebc1807080"
       },
       "version": "2.0"
@@ -4278,36 +4278,36 @@
     },
     "com.github.java-json-tools:json-patch": {
       "shasums": {
-        "jar": "1f794d256965b53ef37e70b55505e2ed00ddc0184d44e2e8e1fdce5a3cacc7de",
-        "sources": "f4ba54ca57611123fe972f05537d44d4b61fd8ed6f71541b3ca37e09a6e3e318"
+        "jar": "767281e8a22ebc7958c553256b54ca25f65852f60e402c678cf1ebb61e62d207",
+        "sources": "c64578796f855c9416e12d112d1af9631574f6b8f3d0e6954ad3280da2ade626"
       },
       "version": "1.13"
     },
     "com.github.java-json-tools:json-schema-core": {
       "shasums": {
-        "jar": "c859942fdda29c26ccb2be83a8453a130de35fde6f88ae189785516b5d14f81c",
-        "sources": "c48b20fa77e378609668cbb90ab5538d4913660d8c819a6f7a7e8f9e90926d6b"
+        "jar": "ddf47874fc0042fa42a71afb1511c5e9ee71d0820f42addb1701792a73ae5e88",
+        "sources": "38127e949c52b2d8b6c85f8e66b631b52f0515eb28c34fa3c67c8f19982262ca"
       },
       "version": "1.2.14"
     },
     "com.github.java-json-tools:json-schema-validator": {
       "shasums": {
-        "jar": "cd9e3c599bb32296517fd3ac38beeac709f0a6ab81b2d4289495d0361ba59899",
-        "sources": "f8b90da05f849f57636bf8be399eab4869985f4067d5baad92758a6e5c2c9078"
+        "jar": "61e9e81fe7f4dee0d14fbd6dd476d91ce20ed50ed5f9252cccac5230eae7a59b",
+        "sources": "d29011e53b997fc58446b5e023bc584519a46741f9a4ee7f096a7685c21e1069"
       },
       "version": "2.2.14"
     },
     "com.github.java-json-tools:msg-simple": {
       "shasums": {
-        "jar": "bef4111b993a5b3e6148d8f585621cceac2a1889cdbc34448b11632e0d8a9a8f",
-        "sources": "eeb0ecd504611cec75f261a6d282bb8b80214e473ef235481c8067b6b121f1cd"
+        "jar": "44c4290214a4f81c4c4ded0b79a82797d6a0255e257c239815281e56677d5272",
+        "sources": "baf971905867a49cc3c4ca8f4b20cb410395d2c90e818fe3293110e2930aae9f"
       },
       "version": "1.2"
     },
     "com.github.java-json-tools:uri-template": {
       "shasums": {
-        "jar": "3936f67d8e7dfa3eedefe450ff58871749308982c6b8b706535a884391df4fb0",
-        "sources": "0a6879ce9842df2c63ed4ae52dfab20e74ea7f8b5bc3c8b87b80d82d07439ea8"
+        "jar": "403862eb3c7989f10468b790ac36857bbaa9fa1d7bcbc10b336fcfbf5004b4a2",
+        "sources": "c874e954e0d278548a485a6c9c1ac89e765e4fe4f1e367721be53262787e0a6b"
       },
       "version": "0.10"
     },
@@ -4370,8 +4370,8 @@
     },
     "com.github.jnr:jnr-x86asm": {
       "shasums": {
-        "jar": "39f3675b910e6e9b93825f8284bec9f4ad3044cd20a6f7c8ff9e2f8695ebf21e",
-        "sources": "3c983efd496f95ea5382ca014f96613786826136e0ce13d5c1cbc3097ea92ca0"
+        "jar": "af689a35e9850731dff5e19397d83e1190b3d65546fb71741874207f23afa47c",
+        "sources": "290abf9183563a2e52fc48b4db6a8fd5c98af4d42f8fb941d74ac0354a5880fb"
       },
       "version": "1.0.2"
     },
@@ -4384,8 +4384,8 @@
     },
     "com.github.mifmif:generex": {
       "shasums": {
-        "jar": "8f8ce233c335e08e113a3f9579de1046fb19927e82468b1bbebcd6cba8760b81",
-        "sources": "541a99924bbdb1d6d897f82e7d9f526101d1ee7858173aaec17c0a70ab2165be"
+        "jar": "8bc044e7c4370f069a9e7de34f214eab9df30cbdb3de4731579de8b3b512df7f",
+        "sources": "d2706e0ab0cbb170c339f9c814ad9390e533f81e5c35acdabeeb42b396ccb6f6"
       },
       "version": "1.0.2"
     },
@@ -4398,8 +4398,8 @@
     },
     "com.github.scopt:scopt_2.12": {
       "shasums": {
-        "jar": "2cb8ead3823aafef8d91ba1968c71548242f8b2ec9466c4f25ee2ee5b0fb98e7",
-        "sources": "009182afff1f384233aa66a4e6d6bf6b632084abe4ddb73f5b235f979e181eea"
+        "jar": "8c4395a72eda0180fd8e9177af0810126030fce46f543d3a5ce00645d7f8ec3b",
+        "sources": "94b7a14ee2c7fee28b8f25d8da911609ed772982c45c661ab56d02e22db43d2a"
       },
       "version": "3.5.0"
     },
@@ -5708,8 +5708,8 @@
     },
     "io.github.kobylynskyi:graphql-java-codegen": {
       "shasums": {
-        "jar": "c8a4f9ec9badf9f4ca2aaa0e43d466175e7c73e00e16ca0cb70ef9c7edf293b7",
-        "sources": "5d882160bed59d8a18934ad001839c13054ce4c8594312734a25be2dd5928720"
+        "jar": "e2273334bd5da1bcb395fc7018105ca8ea25775a896559dfb34f642af94d437e",
+        "sources": "d6e864068332ee1571324f441384e36d3da4c7fe1afee96d0bf1589c8f7218ce"
       },
       "version": "5.6.0"
     },
@@ -24070,10 +24070,6 @@
     "com.github.java-json-tools:btf": [
       "com.github.fge"
     ],
-    "com.github.java-json-tools:jackson-coreutils": [
-      "com.github.fge.jackson",
-      "com.github.fge.jackson.jsonpointer"
-    ],
     "com.github.java-json-tools:jackson-coreutils-equivalence": [
       "com.github.fge.jackson"
     ],
tharakadesilva commented 5 months ago

Not sure if relevant, but we have more than one repository configured. I assumed that the first repo in the list was honored.

cheister commented 4 months ago

Looking at com.github.ben-manes.caffeine:caffeine:2.9.3 from https://repo1.maven.org/maven2/com/github/ben-manes/caffeine/caffeine/2.9.3/caffeine-2.9.3.jar, the shasum is 1e0a7bbef1dd791653143f3f05d0e489934bf5481e58a87c9e619cd46b68729b

Do you have this artifact in a different repo with a different shasum for the same version?

tharakadesilva commented 4 months ago

We had configured jitpack as a repo and I think it might have a conflicting SHA: https://jitpack.io/#ben-manes/caffeine/v2.9.3.

I removed it today, I can keep you posted if I see this again.

But, shouldn't the repository that is listed first be given priority?