Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ISSUE #4700] Remove logging backends from runtime deps #4719

Merged
merged 23 commits into from
Apr 18, 2024

Conversation

ppkarwasz
Copy link
Contributor

Fixes #4700.

Motivation

As explained in #4700 libraries should only depend on logging APIs (log4j-api, slf4j-api), not logging implementations (log4j-core, logback-classic).

This allows application developers to add the logging backend of their choice, without having to exclude multiple transitive dependencies.

Modifications

This PR:

  • Moves logging backends from the runtimeClasspath to testRuntimeOnly in EventMesh artifacts,
  • Adds exclusion rules to dependencies that force a specific logging backend: RocketMQ and Spring Boot Starter depend on Logback, while Pulsar depends on Log4j Core,
  • Adds a generic exclusion rule for all known logging backends and bridges between APIs,
  • Rewrites the dist task to include Log4j Core and bridges from SLF4J and JUL to the Log4j API.

Documentation

  • Does this pull request introduce a new feature? no

This PR removes all the logging backends from the Maven artifacts. As
explained in apache#4700 libraries should only depend on logging APIs, not
logging implementations the same way web applications depend on the
Servlet API, not its implementations.

The logging backends are added to the `dist` folder to be included in
the TAR binary distribution.
Copy link

codecov bot commented Jan 4, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (b3f5375) 17.44% compared to head (6b0c122) 17.44%.

Additional details and impacted files
@@            Coverage Diff            @@
##             master    #4719   +/-   ##
=========================================
  Coverage     17.44%   17.44%           
  Complexity     1768     1768           
=========================================
  Files           797      797           
  Lines         29845    29845           
  Branches       2563     2563           
=========================================
  Hits           5206     5206           
  Misses        24159    24159           
  Partials        480      480           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

tools/dependency-check/check-dependencies.sh Show resolved Hide resolved
tools/dependency-check/known-dependencies.txt Outdated Show resolved Hide resolved
build.gradle Outdated Show resolved Hide resolved
build.gradle Outdated Show resolved Hide resolved
@ppkarwasz ppkarwasz marked this pull request as draft January 5, 2024 15:36
@ppkarwasz
Copy link
Contributor Author

Something is wrong with Java 11 tests. I am switching this to a "draft" to work out the issues.

@Pil0tXia
Copy link
Member

Pil0tXia commented Jan 5, 2024

Something is wrong with Java 11 tests. I am switching this to a "draft" to work out the issues.

It seems to be a problem with the third party platform. Not your code.

Copy link
Contributor

github-actions bot commented Apr 5, 2024

It has been 60 days since the last activity on this pull request. I am reaching out here to gently remind you that the Apache EventMesh community values every pull request, and please feel free to get in touch with the reviewers at any time. They are available to assist you in advancing the progress of your pull request and offering the latest feedback.

If you encounter any challenges during development, seeking support within the community is encouraged. We sincerely appreciate your contributions to Apache EventMesh.

@github-actions github-actions bot added the Stale label Apr 5, 2024
@codecov-commenter
Copy link

codecov-commenter commented Apr 5, 2024

Codecov Report

Attention: Patch coverage is 0% with 6 lines in your changes are missing coverage. Please review.

Project coverage is 16.20%. Comparing base (e04156b) to head (246fc87).
Report is 9 commits behind head on master.

❗ Current head 246fc87 differs from pull request most recent head e771010. Consider uploading reports for the commit e771010 to get more accurate results

Files Patch % Lines
...e/core/protocol/http/processor/HandlerService.java 0.00% 6 Missing ⚠️
Additional details and impacted files
@@             Coverage Diff              @@
##             master    #4719      +/-   ##
============================================
- Coverage     16.20%   16.20%   -0.01%     
  Complexity     1710     1710              
============================================
  Files           857      858       +1     
  Lines         30883    30885       +2     
  Branches       2685     2694       +9     
============================================
  Hits           5005     5005              
- Misses        25410    25412       +2     
  Partials        468      468              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@ppkarwasz ppkarwasz marked this pull request as ready for review April 5, 2024 22:01
@ppkarwasz ppkarwasz requested a review from Pil0tXia April 5, 2024 22:03
@Pil0tXia Pil0tXia removed the Stale label Apr 6, 2024
build.gradle Show resolved Hide resolved
build.gradle Outdated Show resolved Hide resolved
build.gradle Outdated Show resolved Hide resolved
build.gradle Outdated Show resolved Hide resolved
eventmesh-starter/build.gradle Outdated Show resolved Hide resolved
build.gradle Outdated Show resolved Hide resolved
@ppkarwasz
Copy link
Contributor Author

@Pil0tXia,

Given your explanations above, I'll refactor this PR so that:

  • your artifacts do not have transitive dependencies on logging backends. I'll explicitly exclude both Logback and Log4j Core from the external projects that break this rule (RocketMQ and Zookeeper),
  • exclude logging backends from the direct dependencies of eventmesh-jdk-java, so that consumers of that artifact can choose their own logging backend,
  • I'll keep the logging backends that are explicitly declared in your other artifacts.

Does this sound like a plan?

Pil0tXia added a commit to Pil0tXia/eventmesh that referenced this pull request Apr 11, 2024
build.gradle Outdated Show resolved Hide resolved
build.gradle Outdated Show resolved Hide resolved
Pil0tXia
Pil0tXia previously approved these changes Apr 13, 2024
Copy link
Member

@Pil0tXia Pil0tXia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks to @ppkarwasz for his contribution over time.

In summary: This PR mainly modernizes the project's dependency on the logging backends and some obsolete gradle syntax.

@Pil0tXia Pil0tXia added the ready for review PR is waiting for reviewer's approval or opinion (used as a strong reminder) label Apr 14, 2024
Copy link
Member

@Pil0tXia Pil0tXia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi~ I just found that two submodules are missing the dependency on eventmesh-common. It might have been overlooked while resolving #4719 (comment). It would be great if you could kindly consider committing it~

@Pil0tXia Pil0tXia removed the ready for review PR is waiting for reviewer's approval or opinion (used as a strong reminder) label Apr 15, 2024
@Pil0tXia Pil0tXia added the ready for review PR is waiting for reviewer's approval or opinion (used as a strong reminder) label Apr 15, 2024
@xwm1992 xwm1992 merged commit 1fdb5b2 into apache:master Apr 18, 2024
9 checks passed
@ppkarwasz ppkarwasz deleted the logging-deps branch April 18, 2024 07:11
Comment on lines +25 to 28
implementation('org.springframework.boot:spring-boot-starter') {
exclude module: 'spring-boot-starter-logging'
}
implementation 'org.springframework.boot:spring-boot-starter-web'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logback was introduced back by spring-boot-starter-web. I will remove it completely in be06ef7 and 0261ef6.

mxsm pushed a commit that referenced this pull request May 17, 2024
* Sync changes in #4719

* minor change

* Only keep the artifact name

* Run `sed -i 's/-[0-9].*\.jar//g'`

* Run `sort known-dependencies.txt | uniq > known-dependencies-unique.txt`

* Allow CI to run on branches with namespace in the branch name in forked repos

* Correct typo and remove useless command

* Use `sort -u -o` instead of `uniq` to remove duplicate artifacts with different version

* Enlarge open-pull-requests-limit

* minor: polish tips

* Test apache/skywalking-eyes/dependency CI result

* Fix 'unable to find version `0.6.0`'

* See debug log to prove it works

* skywalking-eyes/dependency doesn't support gradle, test basic actions/dependency-review-action

* Add all denied licenses

* Remove redundant check

* Remove not included SPDX: ASL, RSAL

* Add a useful printAllDependencyTrees task

* Exampt safe artifact under multiple licenses

* Exempt more safe artifacts (Looks like the last of them)

* 'allow-dependencies-licenses' attribute only supports single-line text

* Add a TODO comment

* Add more file extensions for checkstyle

* Resolve some checkstyle header violations

* Add back apache/skywalking-eyes

* Fix downloaded file didn't have a `.`

* Disable Go deps update & Must pass CI before merge

* No need to force up-to-date & Auto-approve only

* Remove the slash at the end of the homepage url in Repo GitHub desc

* Skip patch updates temporarily to reduce PR noise

* Logback removed after be06ef7

* Accept patch update

* Submit dependency graph

* Follow https://github.com/gradle/actions/blob/main/docs/dependency-submission.md#usage-with-pull-requests-from-public-forked-repositories

* try to sort dependency graph workflow exec seq

* `workflow_run` event will only trigger a workflow run if the workflow file is on the default branch

* Grant required permission of CodeQL

* Attempt to fix 'No dependency graph files found to submit'

* Attempt to fix 'No dependency graph files found to submit' try 2

* Attempt to fix 'No dependency graph files found to submit' try 3

* Attempt to fix 'No dependency graph files found to submit' try 4

* Try to check dependency-review

* Only check bundled dependencies

* Fix 'No snapshots were found for the head SHA' attempt 1

* Test runtimeClasspath dependencies

* Revert "Test runtimeClasspath dependencies"

This reverts commit 3de89a5.

* Try to retry 1 hr wo wait for snapshot update

* Test gradle/actions#196 (comment)

* Add todo comments

* Keep implementation and compileOnly for now

* Keep runtimeOnly deps

* [Breaking Change] Remove dependency-review-action and wait for its bugfix

* Add checkDeniedLicense into CI

* minor code optimization
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
ready for review PR is waiting for reviewer's approval or opinion (used as a strong reminder)
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[Bug] Maven artifacts should not depend on logging backend
4 participants