search

gradle / gradle

Adaptable, fast automation for all
https://gradle.org
Apache License 2.0
16.8k stars 4.7k forks source link

Inconsistency in transitive dependency exclusion between maven-publish and com.gradle.plugin-publish plugins #4168

Closed psibre closed 6 years ago

psibre commented 6 years ago

Expected Behavior

Publishing a plugin to the Gradle Plugin Portal using the com.gradle.plugin-publish version 0.9.9 plugin should produce the same POM as when performing a normal publish using the maven-publish plugin (except for the gradle.plugin group prefix).

Current Behavior

Publishing a plugin with transitive dependencies excluded causes different POMs to be generated and published. For our plugin https://github.com/marytts/gradle-marytts-voicebuilding-plugin/tree/v5.3.1, this is the POM published using the maven-publish plugin:

<?xml version="1.0" encoding="UTF-8"?>
<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <modelVersion>4.0.0</modelVersion>
  <groupId>de.dfki.mary</groupId>
  <artifactId>gradle-marytts-voicebuilding-plugin</artifactId>
  <version>5.3.1</version>
  <dependencies>
    <dependency>
      <groupId>de.dfki.mary</groupId>
      <artifactId>marytts-runtime</artifactId>
      <version>5.2</version>
      <scope>compile</scope>
      <exclusions>
        <exclusion>
          <artifactId>groovy-all</artifactId>
          <groupId>*</groupId>
        </exclusion>
      </exclusions>
    </dependency>
    <dependency>
      <groupId>de.dfki.mary</groupId>
      <artifactId>marytts-common</artifactId>
      <version>5.2</version>
      <scope>compile</scope>
      <exclusions>
        <exclusion>
          <artifactId>groovy-all</artifactId>
          <groupId>*</groupId>
        </exclusion>
      </exclusions>
    </dependency>
    <dependency>
      <groupId>org.m2ci.msp</groupId>
      <artifactId>gradle-praat-wrapper-plugin</artifactId>
      <version>0.5.1</version>
      <scope>compile</scope>
    </dependency>
  </dependencies>
</project>

It is online at https://dl.bintray.com/marytts/marytts/de/dfki/mary/gradle-marytts-voicebuilding-plugin/5.3.1/gradle-marytts-voicebuilding-plugin-5.3.1.pom

The same plugin published from the same repo/tag to the Gradle plugin portal gets this POM generated:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0">
  <modelVersion>4.0.0</modelVersion>
  <groupId>gradle.plugin.de.dfki.mary</groupId>
  <artifactId>gradle-marytts-voicebuilding-plugin</artifactId>
  <version>5.3.1</version>
  <dependencies>
    <dependency>
      <groupId>de.dfki.mary</groupId>
      <artifactId>marytts-runtime</artifactId>
      <version>5.2</version>
      <scope>compile</scope>
      <type>jar</type>
      <optional>false</optional>
      <exclusions>
        <exclusion>
          <artifactId>groovy-all</artifactId>
        </exclusion>
      </exclusions>
    </dependency>
    <dependency>
      <groupId>de.dfki.mary</groupId>
      <artifactId>marytts-common</artifactId>
      <version>5.2</version>
      <scope>compile</scope>
      <type>jar</type>
      <optional>false</optional>
      <exclusions>
        <exclusion>
          <artifactId>groovy-all</artifactId>
        </exclusion>
      </exclusions>
    </dependency>
    <dependency>
      <groupId>org.m2ci.msp</groupId>
      <artifactId>gradle-praat-wrapper-plugin</artifactId>
      <version>0.5.1</version>
      <scope>compile</scope>
      <type>jar</type>
      <optional>false</optional>
    </dependency>
  </dependencies>
</project>

This is online at https://plugins-artifacts.gradle.org/gradle.plugin.de.dfki.mary/gradle-marytts-voicebuilding-plugin/5.3.1/de548924749d147da0cf4ec1077c93d52193d2aa181d6fcb6e595987b9908ddf/gradle-marytts-voicebuilding-plugin-5.3.1.pom

To highlight the differences:

1,3c1,2
< <?xml version="1.0" encoding="UTF-8"?>
< <project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
<     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
---
> <?xml version="1.0" encoding="UTF-8" standalone="no"?>
> <project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0">
5c4
<   <groupId>de.dfki.mary</groupId>
---
>   <groupId>gradle.plugin.de.dfki.mary</groupId>
13a13,14
>       <type>jar</type>
>       <optional>false</optional>
17d17
<           <groupId>*</groupId>
25a26,27
>       <type>jar</type>
>       <optional>false</optional>
29d30
<           <groupId>*</groupId>
37a39,40
>       <type>jar</type>
>       <optional>false</optional>

Context

As mentioned in marytts/gradle-marytts-voicebuilding-plugin#95, the exclusion of the leaked, transitive groovy-all dependency causes a project applying this plugin to fail with errors when the Gradle Worker API is used.

Excluding groovy-all fixes this issue, but only if the plugin is resolved from Bintray. Apparently the subtly different exclusion syntax in the POM generated by the plugin-publish plugin causes groovy-all to not be excluded as intended.

Steps to Reproduce (for bugs)

  1. Create a build.gradle:

    plugins {
id "de.dfki.mary.voicebuilding-data" version "5.3.1"
}

  2. Run gradle buildEnvironment

    
> Task :buildEnvironment

Root project

classpath +--- de.dfki.mary.voicebuilding-legacy:de.dfki.mary.voicebuilding-legacy.gradle.plugin:5.3.1 | --- gradle.plugin.de.dfki.mary:gradle-marytts-voicebuilding-plugin:5.3.1 | +--- de.dfki.mary:marytts-runtime:5.2 | | +--- de.dfki.mary:marytts-common:5.2 | | | +--- commons-lang:commons-lang:2.6 | | | +--- commons-io:commons-io:2.5 | | | +--- log4j:log4j:1.2.16 | | | +--- com.twmacinta:fast-md5:2.7.1 | | | --- org.codehaus.groovy:groovy-all:2.4.5 | | +--- de.dfki.mary:marytts-signalproc:5.2 | | | +--- de.dfki.mary:marytts-common:5.2 (*) | | | +--- gov.nist.math:Jampack:1.0 | | | +--- gov.nist.math:jama:1.0.3 | | | --- org.swinglabs:swing-layout:1.0.3

[etc.]
Notice the leaked `groovy-all` dependency that should have been excluded.

3. Create a `settings.gradle`:
```groovy
pluginManagement.repositories {
    maven {
        url 'https://dl.bintray.com/marytts/marytts'
    }
    gradlePluginPortal()
}
  1. Run gradle buildEnvironment again 
    
Download https://dl.bintray.com/marytts/marytts/de/dfki/mary/voicebuilding-legacy/de.dfki.mary.voicebuilding-legacy.gradle.plugin/5.3.1/de.dfki.mary.voicebuilding-legacy.gradle.plugin-5.3.1.pom
Download https://dl.bintray.com/marytts/marytts/de/dfki/mary/voicebuilding-festvox/de.dfki.mary.voicebuilding-festvox.gradle.plugin/5.3.1/de.dfki.mary.voicebuilding-festvox.gradle.plugin-5.3.1.pom
Download https://dl.bintray.com/marytts/marytts/de/dfki/mary/gradle-marytts-voicebuilding-plugin/5.3.1/gradle-marytts-voicebuilding-plugin-5.3.1.pom
Download https://dl.bintray.com/marytts/marytts/de/dfki/mary/gradle-marytts-voicebuilding-plugin/5.3.1/gradle-marytts-voicebuilding-plugin-5.3.1.jar

Task :buildEnvironment

Root project

classpath +--- de.dfki.mary.voicebuilding-legacy:de.dfki.mary.voicebuilding-legacy.gradle.plugin:5.3.1 | --- de.dfki.mary:gradle-marytts-voicebuilding-plugin:5.3.1 | +--- de.dfki.mary:marytts-runtime:5.2 | | +--- de.dfki.mary:marytts-common:5.2 | | | +--- commons-lang:commons-lang:2.6 | | | +--- commons-io:commons-io:2.5 | | | +--- log4j:log4j:1.2.16 | | | --- com.twmacinta:fast-md5:2.7.1 | | +--- de.dfki.mary:marytts-signalproc:5.2 | | | +--- de.dfki.mary:marytts-common:5.2 (*) | | | +--- gov.nist.math:Jampack:1.0 | | | +--- gov.nist.math:jama:1.0.3 | | | --- org.swinglabs:swing-layout:1.0.3


[etc.]
The transitive `groovy-all` dependency is missing as desired.

### Your Environment
1. Run `docker -it ubuntu:trusty /bin/bash`
2. `apt update && apt install -y git sox speech-tools curl unzip zip`
3. Install SDKMAN: `curl -s "https://get.sdkman.io" | bash` and `sdk install java 8u152-zulu`
4. `git clone https://github.com/psibre/voice-cmu-awb-time.git`
5. `git checkout 6806e05785d476522c0f2cd4bd2e3437fad514d2`, this resolves from Bintray and works.
6. `./gradlew wav --scan` generated https://gradle.com/s/jgfe4hk2mzarm
7. `rm -rf ~/.gradle && git clean -xdf` for good measure
8. `git checkout 4002cbc2c2d0a357c651910c417dcb55c7699728`, this resolves from Gradle plugin portal and breaks.
9. `./gradlew wav --scan` generated https://gradle.com/s/m3fh56p75cegy
oehme commented 6 years ago

Duplicate of https://github.com/gradle/gradle/issues/2650. There's also a workaround there. Let me know if that helps.

psibre commented 6 years ago

@oehme Thanks so much for your fast response! The workaround pointed me to the solution of adding an explicit group: '*' to the groovy-all dependency exclusion.