Skip to content

Can upperBoundCheck run as part of a presubmit in libraries' repositories? #971

New issue
New issue
Closed
googleapis/google-cloud-java
#6606
Closed
Can upperBoundCheck run as part of a presubmit in libraries' repositories?#971
googleapis/google-cloud-java
#6606
Assignees
suztomo
@suztomo

Description

@suztomo
suztomo
opened on Oct 21, 2019

Linkage Monitor runs Linkage Checker as part of a repository's presubmit check. This ensures that newer version of the library will not have conflicts with other members of the BOM. Good. However the Linkage Monitor presubmit does not run upperBoundCheck (cloud-opensource-java/boms/upper-bounds-check), which may block BOM update.

Can we run upperBoundCheck as part of a presubmit in libraries' repositories? The libraries in scope are the members of the Google Libraries BOM: gRPC, protobuf, google-cloud-java, etc.

Step

Find upperBoundCheck failure(s)

In Circle CI or kokoro, find a previously failed build due to upperBoundCheck. It worked with Google Cloud Java 103: #979

suztomo@suxtomo24:~/cloud-opensource-java/boms/cloud-oss-bom$ mvn install
...
[INFO] --- maven-install-plugin:2.4:install (default-install) @ libraries-bom ---
[INFO] Installing /usr/local/google/home/suztomo/cloud-opensource-java/boms/cloud-oss-bom/pom.xml to /usr/local/google/home/suztomo/.m2/repository/com/google/cloud/libraries-bom/2.7.1-SNAPSHOT/libraries-bom-2.7.1-SNAPSHOT.pom
...
suztomo@suxtomo24:~/cloud-opensource-java/boms/cloud-oss-bom$ cd ../upper-bounds-check/
suztomo@suxtomo24:~/cloud-opensource-java/boms/upper-bounds-check$ mvn install
...
[WARNING] Rule 0: org.apache.maven.plugins.enforcer.RequireUpperBoundDeps failed with message:
Failed while enforcing RequireUpperBoundDeps. The error(s) are [
Require upper bound dependencies error for io.opencensus:opencensus-api:0.21.0 paths to dependency are:
+-com.google.cloud.tools.opensource:upper-bounds-check:2.0.0-SNAPSHOT
  +-com.google.cloud:google-cloud-core:1.85.0
    +-com.google.api:gax:1.47.1
      +-io.opencensus:opencensus-api:0.21.0
and
+-com.google.cloud.tools.opensource:upper-bounds-check:2.0.0-SNAPSHOT
  +-com.google.cloud:google-cloud-storage:1.85.0
    +-com.google.cloud:google-cloud-core-http:1.85.0
      +-com.google.http-client:google-http-client:1.32.1
        +-io.opencensus:opencensus-api:0.24.0
and
+-com.google.cloud.tools.opensource:upper-bounds-check:2.0.0-SNAPSHOT
  +-com.google.cloud:google-cloud-storage:1.85.0
    +-com.google.cloud:google-cloud-core-http:1.85.0
      +-com.google.http-client:google-http-client:1.32.1
        +-io.opencensus:opencensus-contrib-http-util:0.24.0
          +-io.opencensus:opencensus-api:0.24.0

The error message says io.opencensus:opencensus-api:0.21.0 has depth 3, while io.opencensus:opencensus-api:0.24.0 has depth 4 or 5. Version 0.21.0 is closer to the root but it's not highest version.

The latest cloud-libraries-bom needs to be installed locally in the machine.

Create a case where upperBoundCheck fails

This may involve locally-installing a "-snapshot" version of a library with outdated (or too ahead) dependencies.

Come up with a proposal

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions