Closed bratkartoffel closed 11 months ago
Thanks for the report. Looking at the build scan, I can see that the plugin's support for Maven-style exclusions encounters a problem when processing the pom for eu.fraho.spring:security-jwt-base-spring-boot-starter:5.0.5
. It can be reproduced with the following build script:
plugins {
id "java"
id "io.spring.dependency-management" version "1.1.2"
}
repositories {
mavenCentral()
}
dependencies {
implementation("eu.fraho.spring:security-jwt-base-spring-boot-starter:5.0.5")
}
Running with --debug
shows the problem:
[FATAL] 'dependencies.dependency[eu.fraho.spring:security-jwt-base-spring-boot-starter:5.0.5]' for eu.fraho.spring:security-jwt-base-spring-boot-starter:5.0.5 is referencing itself. @
at io.spring.gradle.dependencymanagement.org.apache.maven.model.building.DefaultModelProblemCollector.newModelBuildingException(DefaultModelProblemCollector.java:197)
at io.spring.gradle.dependencymanagement.org.apache.maven.model.building.DefaultModelBuilder.readModel(DefaultModelBuilder.java:697)
at io.spring.gradle.dependencymanagement.org.apache.maven.model.building.DefaultModelBuilder.build(DefaultModelBuilder.java:303)
at io.spring.gradle.dependencymanagement.org.apache.maven.model.building.DefaultModelBuilder.build(DefaultModelBuilder.java:267)
at io.spring.gradle.dependencymanagement.internal.maven.EffectiveModelBuilder.buildModel(EffectiveModelBuilder.java:72)
at io.spring.gradle.dependencymanagement.internal.maven.EffectiveModelBuilder.buildModels(EffectiveModelBuilder.java:60)
at io.spring.gradle.dependencymanagement.internal.maven.MavenPomResolver.createPoms(MavenPomResolver.java:133)
at io.spring.gradle.dependencymanagement.internal.maven.MavenPomResolver.createPoms(MavenPomResolver.java:129)
at io.spring.gradle.dependencymanagement.internal.maven.MavenPomResolver.resolvePomsLeniently(MavenPomResolver.java:79)
at io.spring.gradle.dependencymanagement.internal.ExclusionResolver.resolveExclusions(ExclusionResolver.java:75)
at io.spring.gradle.dependencymanagement.internal.ExclusionConfiguringAction.findExcludedDependencies(ExclusionConfiguringAction.java:123)
at io.spring.gradle.dependencymanagement.internal.ExclusionConfiguringAction.applyMavenExclusions(ExclusionConfiguringAction.java:92)
at io.spring.gradle.dependencymanagement.internal.ExclusionConfiguringAction.execute(ExclusionConfiguringAction.java:87)
at io.spring.gradle.dependencymanagement.internal.ExclusionConfiguringAction.execute(ExclusionConfiguringAction.java:56)
…
There's a similar problem with eu.fraho.spring:security-jwt-base:5.0.5
as its pom also references itself.
I suspect that this is now causing a failure due to an upgrade of the version of Maven's model builder that the dependency management plugin embeds. This upgrade was done to fix #350 and picked up the changes for MNG-6123.
Please report the invalid poms to the maintainers of eu.fraho.spring:security-jwt-base
and eu.fraho.spring:security-jwt-base-spring-boot-starter
.
You can work around the failure that the invalid pom is now causing in the dependency management plugin by disabling Maven-style exclusions:
dependencyManagement {
applyMavenExclusions = false
}
I'll take a look at tolerating self-referential poms that Maven's model builder considers to be invalid.
Thank you very much for analyizing this. I'm the maintainer of the mentioned artifact and I have no idea how / when the pom became invalid and why I didn't notice it earlier.
// edit: ok, it broke with 4.3.0 (https://github.com/bratkartoffel/security-jwt/compare/4.2.0...4.3.0). After digging in and analyzing the pom it seems, that the 'java-test-fixtures' plugin is causing the problem. As soon as I enable that plugin, the pom-file contains a self-reference.
// edit-2: seems like I'm not the only one with that issue: https://stackoverflow.com/q/69877418
// edit-3: I've found a workaround to remove the self referential dependencies when using the testFixtures: https://github.com/bratkartoffel/security-jwt/commit/48a7e8421aa15c18baab5816d9ddfd75132ae719
We're also experiencing issues w/ the update from 1.1.1/1.1.2 (1.1.0 works fine). Initially it gives the same error @bratkartoffel got above, e.g.
Cannot invoke "io.spring.gradle.dependencymanagement.org.apache.maven.model.Model.getGroupId()" because "effectiveModel" is null
But with --debug, we get the following:
io.spring.gradle.dependencymanagement.org.apache.maven.model.building.ModelBuildingException: 1 problem was encountered while building the effective model for org.eclipse.platform:org.eclipse.core.contenttype:3.8.200
[FATAL] 'modelVersion' of '4.0' is newer than the versions supported by this version of Maven: [4.0.0]. Building this project requires a newer version of Maven. @
at io.spring.gradle.dependencymanagement.org.apache.maven.model.building.DefaultModelProblemCollector.newModelBuildingException(DefaultModelProblemCollector.java:197)
EDIT: Related to eclipse-platform/eclipse.platform#180
Hi,
after upgrading the plugin to the latest released version, 1.1.0 to 1.1.1, the build fails due to a NPE: Buildscan available at: https://scans.gradle.com/s/6ygpyymluwloq
The repository with the sources is private, but I can give a maintainer access to it for analyzing.
Thanks, bk