search

spring-gradle-plugins / dependency-management-plugin

A Gradle plugin that provides Maven-like dependency management functionality
684 stars 85 forks source link

NullPointerException when Maven-style exclusions are enabled and a dependency has a pom which Maven's Model Builder considers to be invalid #365

Closed bratkartoffel closed 11 months ago

bratkartoffel commented 11 months ago

Hi,

after upgrading the plugin to the latest released version, 1.1.0 to 1.1.1, the build fails due to a NPE: Buildscan available at: https://scans.gradle.com/s/6ygpyymluwloq

Caused by: java.lang.NullPointerException: Cannot invoke "io.spring.gradle.dependencymanagement.org.apache.maven.model.Model.getGroupId()" because "effectiveModel" is null
at io.spring.gradle.dependencymanagement.internal.maven.MavenPomResolver.createPoms(MavenPomResolver.java:136)  
at io.spring.gradle.dependencymanagement.internal.maven.MavenPomResolver.createPoms(MavenPomResolver.java:129)  
at io.spring.gradle.dependencymanagement.internal.maven.MavenPomResolver.resolvePomsLeniently(MavenPomResolver.java:79) 
at io.spring.gradle.dependencymanagement.internal.ExclusionResolver.resolveExclusions(ExclusionResolver.java:75)    
at io.spring.gradle.dependencymanagement.internal.ExclusionConfiguringAction.findExcludedDependencies(ExclusionConfiguringAction.java:121)  
at io.spring.gradle.dependencymanagement.internal.ExclusionConfiguringAction.applyMavenExclusions(ExclusionConfiguringAction.java:92)   
at io.spring.gradle.dependencymanagement.internal.ExclusionConfiguringAction.execute(ExclusionConfiguringAction.java:87)    
at io.spring.gradle.dependencymanagement.internal.ExclusionConfiguringAction.execute(ExclusionConfiguringAction.java:56)    
at org.gradle.configuration.internal.DefaultUserCodeApplicationContext$CurrentApplication$1.execute(DefaultUserCodeApplicationContext.java:123) 
at org.gradle.internal.event.BroadcastDispatch$ActionvocationHandler.dispatch(BroadcastDispatch.java:97)    
at org.gradle.internal.event.BroadcastDispatch$ActionvocationHandler.dispatch(BroadcastDispatch.java:85)    
at org.gradle.internal.event.AbstractBroadcastDispatch.dispatch(AbstractBroadcastDispatch.java:43)  
at org.gradle.internal.event.BroadcastDispatch$SingletonDispatch.dispatch(BroadcastDispatch.java:257)   
at org.gradle.internal.event.BroadcastDispatch$SingletonDispatch.dispatch(BroadcastDispatch.java:164)   
at org.gradle.internal.event.AbstractBroadcastDispatch.dispatch(AbstractBroadcastDispatch.java:83)  
at org.gradle.internal.event.AbstractBroadcastDispatch.dispatch(AbstractBroadcastDispatch.java:69)  
at org.gradle.internal.event.BroadcastDispatch$CompositeDispatch.dispatch(BroadcastDispatch.java:363)   
at org.gradle.internal.event.BroadcastDispatch$CompositeDispatch.dispatch(BroadcastDispatch.java:261)   
at org.gradle.internal.event.ListenerBroadcast.dispatch(ListenerBroadcast.java:148) 
at org.gradle.internal.event.ListenerBroadcast.dispatch(ListenerBroadcast.java:37)  
at org.gradle.internal.dispatch.ProxyDispatchAdapter$DispatchingevocationHandler.invoke(ProxyDispatchAdapter.java:94)   
[...]

The repository with the sources is private, but I can give a maintainer access to it for analyzing.

Thanks, bk

wilkinsona commented 11 months ago

Thanks for the report. Looking at the build scan, I can see that the plugin's support for Maven-style exclusions encounters a problem when processing the pom for eu.fraho.spring:security-jwt-base-spring-boot-starter:5.0.5. It can be reproduced with the following build script:

plugins {
    id "java"
    id "io.spring.dependency-management" version "1.1.2"
}

repositories {
    mavenCentral()
}

dependencies {
    implementation("eu.fraho.spring:security-jwt-base-spring-boot-starter:5.0.5")
}

Running with --debug shows the problem:

[FATAL] 'dependencies.dependency[eu.fraho.spring:security-jwt-base-spring-boot-starter:5.0.5]' for eu.fraho.spring:security-jwt-base-spring-boot-starter:5.0.5 is referencing itself. @ 

        at io.spring.gradle.dependencymanagement.org.apache.maven.model.building.DefaultModelProblemCollector.newModelBuildingException(DefaultModelProblemCollector.java:197)
        at io.spring.gradle.dependencymanagement.org.apache.maven.model.building.DefaultModelBuilder.readModel(DefaultModelBuilder.java:697)
        at io.spring.gradle.dependencymanagement.org.apache.maven.model.building.DefaultModelBuilder.build(DefaultModelBuilder.java:303)
        at io.spring.gradle.dependencymanagement.org.apache.maven.model.building.DefaultModelBuilder.build(DefaultModelBuilder.java:267)
        at io.spring.gradle.dependencymanagement.internal.maven.EffectiveModelBuilder.buildModel(EffectiveModelBuilder.java:72)
        at io.spring.gradle.dependencymanagement.internal.maven.EffectiveModelBuilder.buildModels(EffectiveModelBuilder.java:60)
        at io.spring.gradle.dependencymanagement.internal.maven.MavenPomResolver.createPoms(MavenPomResolver.java:133)
        at io.spring.gradle.dependencymanagement.internal.maven.MavenPomResolver.createPoms(MavenPomResolver.java:129)
        at io.spring.gradle.dependencymanagement.internal.maven.MavenPomResolver.resolvePomsLeniently(MavenPomResolver.java:79)
        at io.spring.gradle.dependencymanagement.internal.ExclusionResolver.resolveExclusions(ExclusionResolver.java:75)
        at io.spring.gradle.dependencymanagement.internal.ExclusionConfiguringAction.findExcludedDependencies(ExclusionConfiguringAction.java:123)
        at io.spring.gradle.dependencymanagement.internal.ExclusionConfiguringAction.applyMavenExclusions(ExclusionConfiguringAction.java:92)
        at io.spring.gradle.dependencymanagement.internal.ExclusionConfiguringAction.execute(ExclusionConfiguringAction.java:87)
        at io.spring.gradle.dependencymanagement.internal.ExclusionConfiguringAction.execute(ExclusionConfiguringAction.java:56)
        …

There's a similar problem with eu.fraho.spring:security-jwt-base:5.0.5 as its pom also references itself.

I suspect that this is now causing a failure due to an upgrade of the version of Maven's model builder that the dependency management plugin embeds. This upgrade was done to fix #350 and picked up the changes for MNG-6123.

Please report the invalid poms to the maintainers of eu.fraho.spring:security-jwt-base and eu.fraho.spring:security-jwt-base-spring-boot-starter.

You can work around the failure that the invalid pom is now causing in the dependency management plugin by disabling Maven-style exclusions:

dependencyManagement {
    applyMavenExclusions = false
}

I'll take a look at tolerating self-referential poms that Maven's model builder considers to be invalid.

bratkartoffel commented 11 months ago

Thank you very much for analyizing this. I'm the maintainer of the mentioned artifact and I have no idea how / when the pom became invalid and why I didn't notice it earlier.

// edit: ok, it broke with 4.3.0 (https://github.com/bratkartoffel/security-jwt/compare/4.2.0...4.3.0). After digging in and analyzing the pom it seems, that the 'java-test-fixtures' plugin is causing the problem. As soon as I enable that plugin, the pom-file contains a self-reference.

// edit-2: seems like I'm not the only one with that issue: https://stackoverflow.com/q/69877418

// edit-3: I've found a workaround to remove the self referential dependencies when using the testFixtures: https://github.com/bratkartoffel/security-jwt/commit/48a7e8421aa15c18baab5816d9ddfd75132ae719

jamesdh commented 11 months ago

We're also experiencing issues w/ the update from 1.1.1/1.1.2 (1.1.0 works fine). Initially it gives the same error @bratkartoffel got above, e.g. 

Cannot invoke "io.spring.gradle.dependencymanagement.org.apache.maven.model.Model.getGroupId()" because "effectiveModel" is null

But with --debug, we get the following: 

io.spring.gradle.dependencymanagement.org.apache.maven.model.building.ModelBuildingException: 1 problem was encountered while building the effective model for org.eclipse.platform:org.eclipse.core.contenttype:3.8.200
[FATAL] 'modelVersion' of '4.0' is newer than the versions supported by this version of Maven: [4.0.0]. Building this project requires a newer version of Maven. @

        at io.spring.gradle.dependencymanagement.org.apache.maven.model.building.DefaultModelProblemCollector.newModelBuildingException(DefaultModelProblemCollector.java:197)

EDIT: Related to eclipse-platform/eclipse.platform#180