jitpack.io
jitpack.io copied to clipboard
jitpack
Jitpack duplicates artifact name for project with com.github.... groupId
Describe the bug
I cannot build a project, which uses a dependency N from JitPack, which in turn uses a dependency J where the groupId starts with com.github. Although, dependency J is on Maven Central, Maven wants to pull dependency J from JitPack, where the dependency's pom points to another pom with the end of the groupId duplicated. Eventually, the build fails. I could image some magic in place at JitPack that interferes with dependencies whose groupId starts with com.github, hence I report this here. Moreover, compiling worked in the past.
To Reproduce Steps to reproduce the behavior (here is a pom for reproducing the problem: pom.xml.gz).
- Have the following dependency (dependency N) in your pom and include the JitPack repository.
<dependency>
<groupId>com.github.nxparser.nxparser</groupId>
<artifactId>nxparser-parsers-external-jsonld-jsonld_java</artifactId>
<version>b9dd453dea60e4a0d271f2756613a7ed77fcba50</version>
</dependency>
- Build
mvn package
- Watch the build fail
It says that
com.github.jsonld-java.jsonld-java:jsonld-java:bundle:0.8.3cannot be found.
Expected behavior I expect a successful build like when I work without JitPack, ie. compile the dependency N from the source myself and then add it to the pom with the normal groupId and snapshot version etc.
Additional context The dependency N above depends on dependency J
<dependency>
<groupId>com.github.jsonld-java</groupId>
<artifactId>jsonld-java</artifactId>
<version>0.8.3</version>
</dependency>
where on Maven central, there is the pom from the dependency com.github.jsonld-java:jsonld-java I would expect, but on Jitpack, the pom for com.github.jsonld-java:jsonld-java points to a pom com.github.jsonld-java.jsonld-java:jsonld-java:bundle:0.8.3, which does not exist. FWIW, the pom for com.github.jsonld-java.jsonld-java:jsonld-java:pom:0.8.3 would be there and is the one found on Maven central mentioned above but with groupId com.github.jsonld-java.jsonld-java.
I like the amount of traction this got over the years. It seems that this is not the only transgression that folks do to packages reuploaded to JitPack from other Maven repositories. I haven't pinpointed another just yet, but this one is a gem on its own. I wonder who's doing this, i.e.; does someone upload the modified packages to JitPack, or JitPack mines for those somehow, and that's an automated process?
Specifically what happens with jsonld-java (I'm trying with 0.13.4):
- Original package has
com.github.jsonld-java:jsonld-java:0.13.4, which depends on its parent (com.github.jsonld-java:jsonld-java-parent:0.13.4), but it uses bundle packaging (that's the key of why this is breaking apart) - What JitPack package has:
- a synthetic package that is created at
com.github.jsonld-java:jsonld-java:0.13.4 - the synthetic package depends on
com.github.jsonld-java:jsonld-java-parent:0.13.4andcom.github.jsonld-java:jsonld-java:bundle:0.13.4 - Boom. The "bundle" packaging is not the same as "bundle" type. The packaging doesn't equal type in general (AFAIU). So without "type", the package is treated as JAR, but if a
<type>is specified, Maven tries to find the "bundle" file instead, and it can't, because there isn't one. - If there was no "type" specified in the dependency, the package will depend on itself anyway.
- a synthetic package that is created at
This issue is stale because it has been open for 30 days with no activity.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue was closed because it has been inactive for 14 days since being marked as stale.