-
Notifications
You must be signed in to change notification settings - Fork 355
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CELEBORN-906][BUILD] Aligning dependencies between SBT and Maven #1831
Conversation
Codecov Report
@@ Coverage Diff @@
## main #1831 +/- ##
==========================================
+ Coverage 46.43% 46.48% +0.06%
==========================================
Files 163 163
Lines 10135 10143 +8
Branches 934 934
==========================================
+ Hits 4705 4714 +9
Misses 5118 5118
+ Partials 312 311 -1 see 2 files with indirect coverage changes 📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
project/CelebornBuild.scala
Outdated
val ioDropwizardMetricsJvm = "io.dropwizard.metrics" % "metrics-jvm" % metricsVersion | ||
val ioNetty = "io.netty" % "netty-all" % nettyVersion | ||
val hadoopClientApi = "org.apache.hadoop" % "hadoop-client-api" % hadoopVersion excludeAll( | ||
ExclusionRule("org.slf4j", "slf4j-api")) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
does sbt support globally pin dep's version?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Certainly, the SBT does allow for the specification of a forced dependency revision, e.g.
libraryDependencies ++= Seq(
"log4j" % "log4j" % "1.2.14" force()
)
However, the docs also point out it is advised against, as indicated by the following considerations:
- Forcing can create logical inconsistencies so it’s no longer recommended.
- this is an Ivy-only feature and cannot be included in a published pom.xml.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
another approach, Disable Transitivity
By default, these declarations fetch all project dependencies, transitively. In some instances, you may find that the dependencies listed for a project aren’t necessary for it to build. Projects using the Felix OSGI framework, for instance, only explicitly require its main jar to compile and run. Avoid fetching artifact dependencies with either intransitive() or notTransitive(), as in this example:
libraryDependencies += "org.apache.felix" % "org.apache.felix.framework" % "1.8.0" intransitive()
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perform local testing. the intransitive()
cannot achieve this functionality.
[warn] Found intransitive dependency (org.apache.hadoop:hadoop-client-api:3.2.4 intransitive) while publishMavenStyle is true, but Maven repositories
[warn] do not support intransitive dependencies. Use exclusions instead so transitive dependencies
[warn] will be correctly excluded in dependent projects.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's use force()
way.
- Forcing can create logical inconsistencies so it’s no longer recommended.
We know what we are doing, IMO, rules-based dependency derivation is more unpredictable.
- this is an Ivy-only feature and cannot be included in a published pom.xml.
It does not affect our use case, since we only publish client-shaded modules, without transitive deps.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Explicitly Exclude from all deps looks ugly. dependencyOverrides
seems as clean as force()
? if yes, let's try this way.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
addressed in 269b9ce, it looks more clearly now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
$ ./build/sbt -Pspark-3.3 celeborn-client-spark-3/dependencyTree | grep slf4j-api
[info] | | | +-org.slf4j:slf4j-api:1.7.36
[info] | | | | +-org.slf4j:slf4j-api:1.7.36
[info] | | | +-org.slf4j:slf4j-api:1.7.36
[info] | | | | +-org.slf4j:slf4j-api:1.7.36
...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nice
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
BTW, dependencyOverrides
seems does not support pattern, e.g. io.netty:*
, right?
FYI: Learn more: SBT Library Management - Eviction Warning. |
pom.xml
Outdated
<exclusions> | ||
<exclusion> | ||
<groupId>io.netty</groupId> | ||
<artifactId>netty-transport-native-epoll</artifactId> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
seems we can simply exclude io.netty:*
as we manage netty deps by ourselves
23a8396
to
269b9ce
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks! Merging to main. BTW, does this change dependencies? If so, maybe we should modify licenses accordingly.
…2-impl` from SBT profile `spark-3.4` ### What changes were proposed in this pull request? As title ### Why are the changes needed? To address the CI failure introduced in #1831, this pull request resolves the issue by removing the `log4j-slf4j2-impl` dependency from SBT profile `spark-3.4`. This change is prompted by the pinning of `slf4j-api` to version 1.7.36, rendering `log4j-slf4j2-impl` unnecessary. ``` [error] Test org.apache.spark.shuffle.celeborn.SortBasedPusherSuiteJ failed: java.lang.NoSuchMethodError: org.apache.logging.slf4j.Log4jLoggerFactory: method <init>()V not found, took 0.0 sec [error] at org.slf4j.impl.StaticLoggerBinder.<init>(StaticLoggerBinder.java:53) [error] at org.slf4j.impl.StaticLoggerBinder.<clinit>(StaticLoggerBinder.java:41) [error] at org.slf4j.LoggerFactory.bind(LoggerFactory.java:150) [error] at org.slf4j.LoggerFactory.performInitialization(LoggerFactory.java:124) [error] at org.slf4j.LoggerFactory.getILoggerFactory(LoggerFactory.java:417) [error] at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:362) [error] at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:3[88](https://github.com/apache/incubator-celeborn/actions/runs/5974971986/job/16210071148#step:4:89)) [error] at org.apache.spark.shuffle.celeborn.SortBasedPusherSuiteJ.<clinit>(SortBasedPusherSuiteJ.java:51) [error] ... [error] Test org.apache.spark.shuffle.celeborn.SortBasedPusherSuiteJ failed: java.lang.NoClassDefFoundError: Could not initialize class org.apache.spark.shuffle.celeborn.SortBasedPusherSuiteJ, took 0.0 sec [error] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [error] ... ``` ### Does this PR introduce _any_ user-facing change? No ### How was this patch tested? Pass GA Closes #1844 from cfmcgrady/celeborn-906-followup. Authored-by: Fu Chen <[email protected]> Signed-off-by: Cheng Pan <[email protected]>
…2-impl` from SBT profile `spark-3.4` ### What changes were proposed in this pull request? As title ### Why are the changes needed? To address the CI failure introduced in apache/celeborn#1831, this pull request resolves the issue by removing the `log4j-slf4j2-impl` dependency from SBT profile `spark-3.4`. This change is prompted by the pinning of `slf4j-api` to version 1.7.36, rendering `log4j-slf4j2-impl` unnecessary. ``` [error] Test org.apache.spark.shuffle.celeborn.SortBasedPusherSuiteJ failed: java.lang.NoSuchMethodError: org.apache.logging.slf4j.Log4jLoggerFactory: method <init>()V not found, took 0.0 sec [error] at org.slf4j.impl.StaticLoggerBinder.<init>(StaticLoggerBinder.java:53) [error] at org.slf4j.impl.StaticLoggerBinder.<clinit>(StaticLoggerBinder.java:41) [error] at org.slf4j.LoggerFactory.bind(LoggerFactory.java:150) [error] at org.slf4j.LoggerFactory.performInitialization(LoggerFactory.java:124) [error] at org.slf4j.LoggerFactory.getILoggerFactory(LoggerFactory.java:417) [error] at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:362) [error] at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:3[88](https://github.com/apache/incubator-celeborn/actions/runs/5974971986/job/16210071148#step:4:89)) [error] at org.apache.spark.shuffle.celeborn.SortBasedPusherSuiteJ.<clinit>(SortBasedPusherSuiteJ.java:51) [error] ... [error] Test org.apache.spark.shuffle.celeborn.SortBasedPusherSuiteJ failed: java.lang.NoClassDefFoundError: Could not initialize class org.apache.spark.shuffle.celeborn.SortBasedPusherSuiteJ, took 0.0 sec [error] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [error] ... ``` ### Does this PR introduce _any_ user-facing change? No ### How was this patch tested? Pass GA Closes #1844 from cfmcgrady/celeborn-906-followup. Authored-by: Fu Chen <[email protected]> Signed-off-by: Cheng Pan <[email protected]>
What changes were proposed in this pull request?
As title
Why are the changes needed?
This PR ensures dependency alignment between SBT and Maven, based on the audit results implemented in #1797
Does this PR introduce any user-facing change?
No
How was this patch tested?
Pass GA and Review