Maven dependency conversion issues

[dconnelly]

Please answer these questions before submitting your issue.

What version of gRPC are you using?

1.3.0

What JVM are you using (java -version)?

1.8.0_121

What did you do?

mvn compile

If possible, provide a recipe for reproducing the error.

Have the following dependencies in Maven:

<dependency>
  <groupId>io.grpc</groupId>
  <artifactId>grpc-netty</artifactId>
  <version>1.3.0</version> 
</dependency>
<dependency>
  <groupId>io.grpc</groupId>
  <artifactId>grpc-protobuf</artifactId>
  <version>1.3.0</version>
</dependency>
<dependency>
  <groupId>io.grpc</groupId>
  <artifactId>grpc-stub</artifactId>
  <version>1.3.0</version>
</dependency>

Looks like artifact com.google.api.grpc:grpc-google-common-protos has a dependency
on grpc-all:1.0.1 which causes a convergence issue if you have the above dependencies and you use the dependency enforcer plugin in Maven.

The workaround is to add grpc-all as an exclusion for that dependency which is always a bit scary.

What did you expect to see?

No dependency conversion issues.

What did you see instead?

Dependency conversion failure in Maven.

[pambrose]

I am seeing the same issue.

[ejona86]

Your example did not include your Maven enforcer configuration. As an aside, Maven enforcer's requireSameVersions rule is silly. requireUpperBoundDeps is quite sensible though, because it verifies that Maven is doing what it should have done to begin with.

Eww... grpc-google-common-protos:0.1.6 depends on grpc-all. We should upgrade to the latest (0.1.9) which depends on grpc-stub instead. But even better, the grpc and proto artifacts have been split so we can use proto-google-common-protos instead, which has no grpc dependency.

[ejona86]

Hmm... actually, we do have an exclusion in place:

    <dependency>
      <groupId>com.google.api.grpc</groupId>
      <artifactId>grpc-google-common-protos</artifactId>
      <version>0.1.6</version>
      <scope>compile</scope>
      <exclusions>
        <exclusion>
          <artifactId>*</artifactId>
          <groupId>io.grpc</groupId>
        </exclusion>
        <exclusion>
          <artifactId>*</artifactId>
          <groupId>com.google.api</groupId>
        </exclusion>
      </exclusions>
    </dependency>

But it uses wildcards, so maybe it is a wildcard issue. I see wildcards were apparently added in Maven 3 (ish). Simply updating Maven may fix the issue for you.

[dconnelly]

Yeah, we are running enforcer with the dependencyConvergence rule enabled. I will try switching to requireUpperBoundDeps which definitely seems more sensible.

Also, we are running Maven 3.3.9 which I believe has the wildcard fix. I wonder if the exclusion is not being picked up transitively somehow?

[ejona86]

@dconnelly, well, I guess it doesn't matter why the wildcard doesn't work, since it isn't really necessary. My only concern is that the problem won't be resolved since it seems we have an incomplete understanding of what is causing the breakage. I just uploaded a 1.4.0-SNAPSHOT to https://oss.sonatype.org/content/repositories/snapshots/ . Could you try it out? If things look good, then we can release a 1.3.1 at some point.

(Note: When you try it out, there should be no reason that you need to upgrade the code generator.)

[ejona86]

Closing, since this was resolved in #2965.