maven-shade-plugin
maven-shade-plugin copied to clipboard
apache
[MSHADE-419] Shade plugin causes pom to be created without compile dependencies
BM opened MSHADE-419 and commented
A project using shade-plugin 3.2.4 deploys with a pom containing all the dependencies as defined.
A project using shade-plugin 3.3.0 deploys with a pom containing only the 'test' and 'provided' dependencies. This causes transitive dependency issues for downstream projects.
<?xml version="1.0"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>test</groupId>
<artifactId>shade-apr-2022</artifactId>
<packaging>jar</packaging>
<version>1.0.0-SNAPSHOT</version>
<properties>
<jackson-version>2.9.6</jackson-version>
</properties>
<dependencies>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
<version>${jackson-version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>${jackson-version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
<version>${jackson-version}</version>
</dependency>
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream</artifactId>
<version>1.4.10</version>
</dependency>
<!-- Test dependencies -->
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.11</version>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.8.0</version>
<configuration>
<release>11</release>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-shade-plugin</artifactId>
<version>3.3.0</version>
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>shade</goal>
</goals>
<configuration>
<shadedArtifactAttached>true</shadedArtifactAttached>
<transformers>
<transformer
implementation="org.apache.maven.plugins.shade.resource.AppendingTransformer">
<resource>META-INF/spring.handlers</resource>
</transformer>
<transformer
implementation="org.apache.maven.plugins.shade.resource.AppendingTransformer">
<resource>META-INF/spring.factories</resource>
</transformer>
<transformer
implementation="org.apache.maven.plugins.shade.resource.AppendingTransformer">
<resource>META-INF/spring.schemas</resource>
</transformer>
<transformer
implementation="org.apache.maven.plugins.shade.resource.ServicesResourceTransformer" />
</transformers>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>
Dependencies in deployed pom with shade-plugin 3.2.4:
<dependencies>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
<version>${jackson-version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>${jackson-version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
<version>${jackson-version}</version>
</dependency>
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream</artifactId>
<version>1.4.10</version>
</dependency>
<!-- Test dependencies -->
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.11</version>
<scope>test</scope>
</dependency>
</dependencies>
Dependencies in deployed pom with shade-plugin 3.3.0:
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.11</version>
<scope>test</scope>
<exclusions>
<exclusion>
<artifactId>hamcrest-core</artifactId>
<groupId>org.hamcrest</groupId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
Note also an exclusion on hamcrest-core. I don't know where that is coming from.
It looks to be related to the dependency-reduced-pom.xml but the behaviour has changed in this plugin version.
Affects: 3.3.0
Remote Links:
5 votes, 10 watchers
Slawomir Jaranowski commented
Everything in your hands.
Please:
- add IT test to project which show such bug
- fix bug
- create PR
Christopher Lambert commented
i've created a PR with an IT and a proposed fix (but unsure about its general correctness):
https://github.com/apache/maven-shade-plugin/pull/149
We saw the problem as in the added IT in that module A attaches a shaded jar while module B tries to use the non-shaded jar from module A.
After upgrading to 3.3.0 B no longer receives the transitive dependencies of A (even though the pom in the jar of A is still correctly declaring them).
I am pretty sure it was introduced by MSHADE-321 https://github.com/apache/maven-shade-plugin/pull/22
I am guessing this is related to in-memory modifications of the maven project model during the execution.
This might explain why this ticket refers to "deployed pom" in that the pom is deployed from memory not extracted from the generated jar ... but i am just guessing on this part really.
Frantisek Hartman commented
I came across this issue when upgrading from shade plugin 3.2.x to 3.4.x.
The problem is with the use of createDependencyReducedPom=true (true by default) together with shadedArtifactAttached=true (false by default).
Previous behaviour with this setting was that DRP was created but not used for the main artifact. Now the DRP is used as pom (= installed to local repository and deployed) regardless of shadedArtifactAttached setting.
In my case I am able to work around this by setting createDependencyReducedPom=false because I use the shaded jars only in zip distribution, not via maven, so I don't really need the DRP.