[jira] [Commented] (MNG-7097) Plugin Dependency Resolution: don't download Maven-provided artifacts
[ https://issues.apache.org/jira/browse/MNG-7097?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17725764#comment-17725764 ] Christoph Läubrich commented on MNG-7097: - > "fake" resolution of artifacts present in core: collect them, but Artifact > should point to Maven lib? This is dangerous, as plugin would have access to > Files comprising Maven I think any maven process has enough power to harm the system and finding out the maven home for a plugin is not really anything require special power. I would even expect that the maven install itself is read-only to the user as well... so this sounds like a very interesting idea indeed. > Plugin Dependency Resolution: don't download Maven-provided artifacts > - > > Key: MNG-7097 > URL: https://issues.apache.org/jira/browse/MNG-7097 > Project: Maven > Issue Type: Task > Components: Performance, Plugins and Lifecycle >Reporter: Tamas Cservenak >Assignee: Tamas Cservenak >Priority: Major > > Current Maven behavior for resolving plugin dependencies is to download full > transitive graph of plugin dependency, but for executing plugin it filters > out core artifacts from graph (excludes them). > This results in unnecessary downloads of core artifacts, multiplied by > multiple versions used by different plugins, and local repository end up > having artifacts that may even surprise users. > Most notable examples: maven-core (user: "Why did Maven download maven-core-X > when I use maven-Y?"), plexus-container-default (user: "Why does Maven > download 10+ versions of this legacy artifact (adv user: when > sisu-inject-plexus shim is used instead)?"), multiple versions of > plexus-utils etc... > We need to investigate what exactly happens with downloaded, but unused core > artifacts (if they are completely excluded based on GAV, we are safest), and > simply exclude them even from resolution/collection, as they are really not > needed. > This will not "improve build speed", but does lessen "bandwidth", as > experiments shows that cutting plugin dependencies for core artifacts for > Maven project itself makes about 1k less remote requests (artifact and > artifact checksum downloads). -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MNG-7097) Plugin Dependency Resolution: don't download Maven-provided artifacts
[ https://issues.apache.org/jira/browse/MNG-7097?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17642148#comment-17642148 ] ASF GitHub Bot commented on MNG-7097: - cstamas closed pull request #450: [MNG-7097] Plugin Dependency Resolution Improvement URL: https://github.com/apache/maven/pull/450 > Plugin Dependency Resolution: don't download Maven-provided artifacts > - > > Key: MNG-7097 > URL: https://issues.apache.org/jira/browse/MNG-7097 > Project: Maven > Issue Type: Task > Components: Performance, Plugins and Lifecycle >Reporter: Tamas Cservenak >Assignee: Tamas Cservenak >Priority: Major > > Current Maven behavior for resolving plugin dependencies is to download full > transitive graph of plugin dependency, but for executing plugin it filters > out core artifacts from graph (excludes them). > This results in unnecessary downloads of core artifacts, multiplied by > multiple versions used by different plugins, and local repository end up > having artifacts that may even surprise users. > Most notable examples: maven-core (user: "Why did Maven download maven-core-X > when I use maven-Y?"), plexus-container-default (user: "Why does Maven > download 10+ versions of this legacy artifact (adv user: when > sisu-inject-plexus shim is used instead)?"), multiple versions of > plexus-utils etc... > We need to investigate what exactly happens with downloaded, but unused core > artifacts (if they are completely excluded based on GAV, we are safest), and > simply exclude them even from resolution/collection, as they are really not > needed. > This will not "improve build speed", but does lessen "bandwidth", as > experiments shows that cutting plugin dependencies for core artifacts for > Maven project itself makes about 1k less remote requests (artifact and > artifact checksum downloads). -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MNG-7097) Plugin Dependency Resolution: don't download Maven-provided artifacts
[ https://issues.apache.org/jira/browse/MNG-7097?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17642147#comment-17642147 ] ASF GitHub Bot commented on MNG-7097: - cstamas commented on PR #450: URL: https://github.com/apache/maven/pull/450#issuecomment-1334328876 Closing as https://issues.apache.org/jira/browse/MPLUGIN-372 solves all this. > Plugin Dependency Resolution: don't download Maven-provided artifacts > - > > Key: MNG-7097 > URL: https://issues.apache.org/jira/browse/MNG-7097 > Project: Maven > Issue Type: Task > Components: Performance, Plugins and Lifecycle >Reporter: Tamas Cservenak >Assignee: Tamas Cservenak >Priority: Major > > Current Maven behavior for resolving plugin dependencies is to download full > transitive graph of plugin dependency, but for executing plugin it filters > out core artifacts from graph (excludes them). > This results in unnecessary downloads of core artifacts, multiplied by > multiple versions used by different plugins, and local repository end up > having artifacts that may even surprise users. > Most notable examples: maven-core (user: "Why did Maven download maven-core-X > when I use maven-Y?"), plexus-container-default (user: "Why does Maven > download 10+ versions of this legacy artifact (adv user: when > sisu-inject-plexus shim is used instead)?"), multiple versions of > plexus-utils etc... > We need to investigate what exactly happens with downloaded, but unused core > artifacts (if they are completely excluded based on GAV, we are safest), and > simply exclude them even from resolution/collection, as they are really not > needed. > This will not "improve build speed", but does lessen "bandwidth", as > experiments shows that cutting plugin dependencies for core artifacts for > Maven project itself makes about 1k less remote requests (artifact and > artifact checksum downloads). -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MNG-7097) Plugin Dependency Resolution: don't download Maven-provided artifacts
[
https://issues.apache.org/jira/browse/MNG-7097?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17288583#comment-17288583
]
Tamás Cservenák commented on MNG-7097:
--
So, it seems this PR as is, will not work with cases like described in MNG-5783
(plugin spawns separate JVM with class path), as class path with this kind of
filtering (as this PR introduces) will be "incomplete", it will be "complete"
ONLY within Maven, but never complete outside of Maven (to spawn a JVM for
example). So, several ideas:
* make possible to "tweak" plugin resolution by something (per plugin):
config? I bet in 99% of cases this PR is fine, but the 1% may need some
workaround, but being able to make plugin "resolve" FULL (instead of "filtered")
* "fake" resolution of artifacts present in core: collect them, but Artifact
should point to Maven lib? This is dangerous, as plugin would have access to
Files comprising Maven, also we lack _versions_, currently we have GA only (in
CoreExports).
* Leave all as is (drop PR)? I think this is huge "overall penalty", only to
support some (how many?) plugins using {{$\{plugin.artifacts}}} to do these
kinds of stuff...
> Plugin Dependency Resolution: don't download Maven-provided artifacts
> -
>
> Key: MNG-7097
> URL: https://issues.apache.org/jira/browse/MNG-7097
> Project: Maven
> Issue Type: Task
> Components: Performance, Plugins and Lifecycle
>Reporter: Tamás Cservenák
>Assignee: Tamás Cservenák
>Priority: Major
>
> Current Maven behavior for resolving plugin dependencies is to download full
> transitive graph of plugin dependency, but for executing plugin it filters
> out core artifacts from graph (excludes them).
> This results in unnecessary downloads of core artifacts, multiplied by
> multiple versions used by different plugins, and local repository end up
> having artifacts that may even surprise users.
> Most notable examples: maven-core (user: "Why did Maven download maven-core-X
> when I use maven-Y?"), plexus-container-default (user: "Why does Maven
> download 10+ versions of this legacy artifact (adv user: when
> sisu-inject-plexus shim is used instead)?"), multiple versions of
> plexus-utils etc...
> We need to investigate what exactly happens with downloaded, but unused core
> artifacts (if they are completely excluded based on GAV, we are safest), and
> simply exclude them even from resolution/collection, as they are really not
> needed.
> This will not "improve build speed", but does lessen "bandwidth", as
> experiments shows that cutting plugin dependencies for core artifacts for
> Maven project itself makes about 1k less remote requests (artifact and
> artifact checksum downloads).
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (MNG-7097) Plugin Dependency Resolution: don't download Maven-provided artifacts
[ https://issues.apache.org/jira/browse/MNG-7097?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17288077#comment-17288077 ] Tamás Cservenák commented on MNG-7097: -- So IT recap so far: * MNG5783 IT: fails for a reason (is good), as Maven with PR will NOT download nor provide slf4j while resolving plugin dependencies. We need to do something about this * MNG7045 IT: fails on GH and when locally run in IT suite, but the POM _works_ when invoked with locally built Maven with PR, so something is fishy here (or am doing something wrong). > Plugin Dependency Resolution: don't download Maven-provided artifacts > - > > Key: MNG-7097 > URL: https://issues.apache.org/jira/browse/MNG-7097 > Project: Maven > Issue Type: Task > Components: Performance, Plugins and Lifecycle >Reporter: Tamás Cservenák >Assignee: Tamás Cservenák >Priority: Major > > Current Maven behavior for resolving plugin dependencies is to download full > transitive graph of plugin dependency, but for executing plugin it filters > out core artifacts from graph (excludes them). > This results in unnecessary downloads of core artifacts, multiplied by > multiple versions used by different plugins, and local repository end up > having artifacts that may even surprise users. > Most notable examples: maven-core (user: "Why did Maven download maven-core-X > when I use maven-Y?"), plexus-container-default (user: "Why does Maven > download 10+ versions of this legacy artifact (adv user: when > sisu-inject-plexus shim is used instead)?"), multiple versions of > plexus-utils etc... > We need to investigate what exactly happens with downloaded, but unused core > artifacts (if they are completely excluded based on GAV, we are safest), and > simply exclude them even from resolution/collection, as they are really not > needed. > This will not "improve build speed", but does lessen "bandwidth", as > experiments shows that cutting plugin dependencies for core artifacts for > Maven project itself makes about 1k less remote requests (artifact and > artifact checksum downloads). -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (MNG-7097) Plugin Dependency Resolution: don't download Maven-provided artifacts
[
https://issues.apache.org/jira/browse/MNG-7097?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17288075#comment-17288075
]
Tamás Cservenák commented on MNG-7097:
--
So there's more to it: I found nice explanation WHY all this sub-optimal
(download more than really needed) things happen in MNG-5783. It seems there
are plugins using {{$\{plugin.artifacts\}}} to set up their classpath
circumventing Maven...
> Plugin Dependency Resolution: don't download Maven-provided artifacts
> -
>
> Key: MNG-7097
> URL: https://issues.apache.org/jira/browse/MNG-7097
> Project: Maven
> Issue Type: Task
> Components: Performance, Plugins and Lifecycle
>Reporter: Tamás Cservenák
>Assignee: Tamás Cservenák
>Priority: Major
>
> Current Maven behavior for resolving plugin dependencies is to download full
> transitive graph of plugin dependency, but for executing plugin it filters
> out core artifacts from graph (excludes them).
> This results in unnecessary downloads of core artifacts, multiplied by
> multiple versions used by different plugins, and local repository end up
> having artifacts that may even surprise users.
> Most notable examples: maven-core (user: "Why did Maven download maven-core-X
> when I use maven-Y?"), plexus-container-default (user: "Why does Maven
> download 10+ versions of this legacy artifact (adv user: when
> sisu-inject-plexus shim is used instead)?"), multiple versions of
> plexus-utils etc...
> We need to investigate what exactly happens with downloaded, but unused core
> artifacts (if they are completely excluded based on GAV, we are safest), and
> simply exclude them even from resolution/collection, as they are really not
> needed.
> This will not "improve build speed", but does lessen "bandwidth", as
> experiments shows that cutting plugin dependencies for core artifacts for
> Maven project itself makes about 1k less remote requests (artifact and
> artifact checksum downloads).
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (MNG-7097) Plugin Dependency Resolution: don't download Maven-provided artifacts
[ https://issues.apache.org/jira/browse/MNG-7097?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17288049#comment-17288049 ] Herve Boutemy commented on MNG-7097: MPLUGIN-370 created to improve Maven Plugin Plugin to ease detect when such provided scope can/should be defined (remain useful for older Maven versions) > Plugin Dependency Resolution: don't download Maven-provided artifacts > - > > Key: MNG-7097 > URL: https://issues.apache.org/jira/browse/MNG-7097 > Project: Maven > Issue Type: Task > Components: Performance, Plugins and Lifecycle >Reporter: Tamás Cservenák >Assignee: Tamás Cservenák >Priority: Major > > Current Maven behavior for resolving plugin dependencies is to download full > transitive graph of plugin dependency, but for executing plugin it filters > out core artifacts from graph (excludes them). > This results in unnecessary downloads of core artifacts, multiplied by > multiple versions used by different plugins, and local repository end up > having artifacts that may even surprise users. > Most notable examples: maven-core (user: "Why did Maven download maven-core-X > when I use maven-Y?"), plexus-container-default (user: "Why does Maven > download 10+ versions of this legacy artifact (adv user: when > sisu-inject-plexus shim is used instead)?"), multiple versions of > plexus-utils etc... > We need to investigate what exactly happens with downloaded, but unused core > artifacts (if they are completely excluded based on GAV, we are safest), and > simply exclude them even from resolution/collection, as they are really not > needed. > This will not "improve build speed", but does lessen "bandwidth", as > experiments shows that cutting plugin dependencies for core artifacts for > Maven project itself makes about 1k less remote requests (artifact and > artifact checksum downloads). -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (MNG-7097) Plugin Dependency Resolution: don't download Maven-provided artifacts
[ https://issues.apache.org/jira/browse/MNG-7097?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17288045#comment-17288045 ] Hudson commented on MNG-7097: - Build succeeded in Jenkins: Maven » Maven TLP » maven-site » master #131 See https://ci-builds.apache.org/job/Maven/job/maven-box/job/maven-site/job/master/131/ > Plugin Dependency Resolution: don't download Maven-provided artifacts > - > > Key: MNG-7097 > URL: https://issues.apache.org/jira/browse/MNG-7097 > Project: Maven > Issue Type: Task > Components: Performance, Plugins and Lifecycle >Reporter: Tamás Cservenák >Assignee: Tamás Cservenák >Priority: Major > > Current Maven behavior for resolving plugin dependencies is to download full > transitive graph of plugin dependency, but for executing plugin it filters > out core artifacts from graph (excludes them). > This results in unnecessary downloads of core artifacts, multiplied by > multiple versions used by different plugins, and local repository end up > having artifacts that may even surprise users. > Most notable examples: maven-core (user: "Why did Maven download maven-core-X > when I use maven-Y?"), plexus-container-default (user: "Why does Maven > download 10+ versions of this legacy artifact (adv user: when > sisu-inject-plexus shim is used instead)?"), multiple versions of > plexus-utils etc... > We need to investigate what exactly happens with downloaded, but unused core > artifacts (if they are completely excluded based on GAV, we are safest), and > simply exclude them even from resolution/collection, as they are really not > needed. > This will not "improve build speed", but does lessen "bandwidth", as > experiments shows that cutting plugin dependencies for core artifacts for > Maven project itself makes about 1k less remote requests (artifact and > artifact checksum downloads). -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (MNG-7097) Plugin Dependency Resolution: don't download Maven-provided artifacts
[ https://issues.apache.org/jira/browse/MNG-7097?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17287930#comment-17287930 ] Tamás Cservenák commented on MNG-7097: -- While the UTs of maven pass ok, this obviously fails IT, so it needs eyeballing why, and possibly adjusting ITs (if they for example enumerate things in local repo that after this change are not present anymore). > Plugin Dependency Resolution: don't download Maven-provided artifacts > - > > Key: MNG-7097 > URL: https://issues.apache.org/jira/browse/MNG-7097 > Project: Maven > Issue Type: Task > Components: Performance, Plugins and Lifecycle >Reporter: Tamás Cservenák >Assignee: Tamás Cservenák >Priority: Major > > Current Maven behavior for resolving plugin dependencies is to download full > transitive graph of plugin dependency, but for executing plugin it filters > out core artifacts from graph (excludes them). > This results in unnecessary downloads of core artifacts, multiplied by > multiple versions used by different plugins, and local repository end up > having artifacts that may even surprise users. > Most notable examples: maven-core (user: "Why did Maven download maven-core-X > when I use maven-Y?"), plexus-container-default (user: "Why does Maven > download 10+ versions of this legacy artifact (adv user: when > sisu-inject-plexus shim is used instead)?"), multiple versions of > plexus-utils etc... > We need to investigate what exactly happens with downloaded, but unused core > artifacts (if they are completely excluded based on GAV, we are safest), and > simply exclude them even from resolution/collection, as they are really not > needed. > This will not "improve build speed", but does lessen "bandwidth", as > experiments shows that cutting plugin dependencies for core artifacts for > Maven project itself makes about 1k less remote requests (artifact and > artifact checksum downloads). -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (MNG-7097) Plugin Dependency Resolution: don't download Maven-provided artifacts
[ https://issues.apache.org/jira/browse/MNG-7097?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17287927#comment-17287927 ] Herve Boutemy commented on MNG-7097: another topic: we should also document that plugins themselves should declare such Maven-provided dependencies as scope provided this will avoid the download for earlier Maven versions and we should update every Maven plugin we maintain... > Plugin Dependency Resolution: don't download Maven-provided artifacts > - > > Key: MNG-7097 > URL: https://issues.apache.org/jira/browse/MNG-7097 > Project: Maven > Issue Type: Task > Components: Performance, Plugins and Lifecycle >Reporter: Tamás Cservenák >Assignee: Tamás Cservenák >Priority: Major > > Current Maven behavior for resolving plugin dependencies is to download full > transitive graph of plugin dependency, but for executing plugin it filters > out core artifacts from graph (excludes them). > This results in unnecessary downloads of core artifacts, multiplied by > multiple versions used by different plugins, and local repository end up > having artifacts that may even surprise users. > Most notable examples: maven-core (user: "Why did Maven download maven-core-X > when I use maven-Y?"), plexus-container-default (user: "Why does Maven > download 10+ versions of this legacy artifact (adv user: when > sisu-inject-plexus shim is used instead)?"), multiple versions of > plexus-utils etc... > We need to investigate what exactly happens with downloaded, but unused core > artifacts (if they are completely excluded based on GAV, we are safest), and > simply exclude them even from resolution/collection, as they are really not > needed. > This will not "improve build speed", but does lessen "bandwidth", as > experiments shows that cutting plugin dependencies for core artifacts for > Maven project itself makes about 1k less remote requests (artifact and > artifact checksum downloads). -- This message was sent by Atlassian Jira (v8.3.4#803005)
