Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You cannot do this a compile time dependency due to the license (LGPL) of findbugs/spotbugs. So far I think we have gotten around it because of the scope.
beam/buildSrc/src/main/groovy/org/apache/beam/gradle/BeamModulePlugin.groovy
Lines 738 to 741 in 8066d78
CC: @kennknowles who probably knows more of the details.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For extra ref the licenses we cannot include in Apache Software Foundations (ASF) projects is known as the Category X dependencies.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Responded to you in JIRA ticket.
https://issues.apache.org/jira/browse/BEAM-8917?focusedCommentId=16991659&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-16991659
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good info thanks! We probably still would need to go with spotbugs anyway to be consistent with the previous upgrade, but maybe it is worth to focus on the big issue that's on https://issues.apache.org/jira/browse/BEAM-8858
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, I can wait for BEAM-8858 cleared.
What is "the previous upgrade" you're referring?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you add it to the list of
compileOnlyAnnotationDeps
where you seespotbugs-annotations
?I am actually sort of surprised this works, since spotbugs operates on bytecode, not during compilation. I guess the annotations are retained and inspected in a way that does not require having the annotation library present. I have heard that any annotation with a class name (insensitive) of "nullable" will work, for example.
Noting in yet another place that spotbugs nullability analysis appears to be nonfunctional anyhow.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In findbugsproject/findbugs#128 (comment), iloveeclipse confirmed that JSR305 has BSD license and was unexpectedly uploaded to Maven Central with a wrong license.
I moved the JSR305 explanation closer to spotbugs-annotations.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The issue is that it is not a
compileOnlyAnnotation
anymore because it is used to resolve nullability of Schema based fields per 788ce61#diff-504e2e0131eda09163b086becec92f3cR91 so it is needed at runtime too, or am I misreading this?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@iemejia That explanation is correct.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Makes sense. The LGPL annotations are spotbugs-annotations which have things like SuppresFBWarnings and a few other utility annotations. jsr305 is fine. The landscape of these annotations and what they do is actually quite strange, incomplete, and also changed.