Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Revert Google HTTP Client upgrade #1980
Revert Google HTTP Client upgrade #1980
Changes from 2 commits
0eb91da
cb3a279
bf0ddbb
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
does this still create a conflict?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just realized it pulls in
google-http-client
and upgrading 1.27.0 to 1.30.1, so I think I should excludegoogle-http-client
.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder if that'll break at runtime then?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
https:/googleapis/google-cloud-java/blob/v0.80.0/google-cloud-clients/pom.xml recommends
guava.version 26.0 (down from 28.0)
http-client.version 1.27.0 (from 1.31.0)
google.auth.version 0.12.0 (from 0.16.2)
I'll first trying excluding
google-http-client
fromgoogle-auth-library-oauth2-http
rather than downgrading it. Will do some test if ADC works on GCB.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ADC on GCB works at least.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you can remove this, and guava, and jackson
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can there be any possibility that removing these is OK with compilation but causes trouble when the user actually uses our plugin by defining Jib in their builds, like not pulling in required dependencies at their run-time?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
those dependencies are inherited as
runtimeimplementation
from the parent modules.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the reason dependencies still need to be
jib-plugins-common
is because that library doesn't bring in jib-core as a "sourceProject" (which is defined by us as included). This might be easier to explain in person though since it's all proprietary.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
although now that I look at it again, it's pretty dumb, jib-plugins-common shouldn't have to redefine those dependencies. There must be a better way, I'll fix that later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And as of now,
jib-plugins-common
definesgoogle-http-client
,guava
, andjackson-databind
but notgoogle-auth-library-oauth2-http
. Why is that?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it's because it is defined as a regular project dependency (the gradle) way, it doesn't need to include
google-auth....
because it doesn't use it.a dependency defined as
implementation
on a project is exposed to dependency project asruntime
. So they can't use it as a compile time dependency unless they redefine it. The waysourceProject
works is that it takes anything defined asimplementation
and makes it available asimplementation
on the dependent project as well.Given that this is confusing, it might be an area to improve the build.