maven-shade-plugin icon indicating copy to clipboard operation
maven-shade-plugin copied to clipboard

Published 20 hours ago verified publisher icon apache

[MSHADE-419] createDependencyReducedPom should not replace original pom when shadedArtifactAttached

Open XN137 opened this issue 3 years ago • 1 comments
trafficstars

Description:

The problem was introduced by MSHADE-321 in 3.3.0 because before, the createDependencyReducedPom method was only ever called when shadedArtifactAttached is false.

The createDependencyReducedPom method not only writes the dependency reduced pom file but also modifies the current project to use it as replacement for its original pom. This has an effect on all maven build logic being executed afterwards.

Thus, in multi module builds, when a module attaches a shaded jar, its non-shaded artifact no longer contains transitive dependencies when used from other modules, even though the pom in its jar still declares them.

Checklist

Following this checklist to help us incorporate your contribution quickly and easily:

  • [x] Make sure there is a JIRA issue filed for the change (usually before you start working on it). Trivial changes like typos do not require a JIRA issue. Your pull request should address just this issue, without pulling in other changes.
  • [x] Each commit in the pull request should have a meaningful subject line and body.
  • [x] Format the pull request title like [MSHADE-XXX] - Fixes bug in ApproximateQuantiles, where you replace MSHADE-XXX with the appropriate JIRA issue. Best practice is to use the JIRA issue title in the pull request title and in the first line of the commit message.
  • [x] Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
  • [x] Run mvn clean verify to make sure basic checks pass. A more thorough check will be performed on your pull request automatically.
  • [x] You have run the integration tests successfully (mvn -Prun-its clean verify).

If your pull request is about ~20 lines of code you don't need to sign an Individual Contributor License Agreement if you are unsure please ask on the developers list.

To make clear that you license your contribution under the Apache License Version 2.0, January 2004 you have to acknowledge this by using the following check-box.

XN137 avatar Aug 31 '22 13:08 XN137

@khmarbaise sorry for the ping, but whats the best way to find someone to review this? thank you

XN137 avatar Oct 02 '22 10:10 XN137

The problem seems to have been fixed in 3.4.1 according to #162 which seems to pass on master.

gnodet avatar Oct 22 '22 22:10 gnodet

FYI, @gnodet, we are using 3.4.1, and this issue is NOT fixed (i.e., non-shaded pom excludes transitive compile dependencies)

buyukim avatar Mar 28 '23 15:03 buyukim

@gnodet the test here and in #162 is incomplete - it should also check what pom was installed into the local repository.

frant-hartm avatar Jun 07 '23 11:06 frant-hartm