googleapis · suztomo · Feb 8, 2022 · Feb 1, 2022 · Feb 3, 2022 · Feb 3, 2022
diff --git a/.github/workflows/upper-bound-check.yaml b/.github/workflows/upper-bound-check.yaml
diff --git a/.github/workflows/version-check.yaml b/.github/workflows/version-check.yaml
@@ -0,0 +1,41 @@
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+name: version-check
+jobs:
+  upper-bound-check:
+    name: Upper-bound check
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: stCarolas/setup-maven@v4
+        with:
+          maven-version: 3.8.1
+      - uses: actions/setup-java@v1
+        with:
+          java-version: 8
+      - run: java -version
+      - name: Install the BOM to local Maven repository
+        run: .kokoro/build.sh
+      - name: Check the BOM content satisfies the upper-bound-check test case
+        run: mvn -B -V -ntp verify -Dcheckstyle.skip
+        working-directory: upper-bound-check
+  dependency-convergence-check:
+    name: Dependency convergence check for some (not all) artifacts
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - uses: stCarolas/setup-maven@v4
+      with:
+        maven-version: 3.8.1
+    - uses: actions/setup-java@v1
+      with:
+        java-version: 8
+    - run: java -version
+    - name: Install the BOM to local Maven repository
+      run: .kokoro/build.sh
+    - name: Check the BOM content satisfies the dependency-convergence-check test case
+      run: mvn -B -V -ntp verify -Dcheckstyle.skip
+      working-directory: dependency-convergence-check
diff --git a/dependency-convergence-check/README.md b/dependency-convergence-check/README.md
@@ -0,0 +1,6 @@
+# Dependency Convergence Check
+
+This project includes a test case for dependency convergence for some (not all)
+artifacts in the Google Cloud Shared Dependencies BOM.
+
+This project is not meant to be used by end-users or published to Maven Central.
diff --git a/dependency-convergence-check/pom.xml b/dependency-convergence-check/pom.xml
@@ -0,0 +1,76 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>com.google.cloud</groupId>
+  <artifactId>shared-dependencies-dependency-convergence-test</artifactId>
+  <version>2.7.0</version><!-- {x-version-update:google-cloud-shared-dependencies:current} -->
+  <name>Dependency convergence test for certain artifacts in Google Cloud Shared Dependencies</name>
+  <url>https://github.com/googleapis/java-shared-dependencies</url>
+  <description>
+    An dependency convergence test case for the shared dependencies BOM. A failure of this test case means
+    the shared dependencies BOM has outdated dependencies; there are newer version of artifacts
+    appearing in the dependency tree.
+  </description>
+
+  <organization>
+    <name>Google LLC</name>
+  </organization>
+
+  <scm>
+    <connection>scm:git:[email protected]:googleapis/java-shared-dependencies.git</connection>
+    <developerConnection>scm:git:[email protected]:googleapis/java-shared-dependencies.git</developerConnection>
+    <url>https://github.com/googleapis/java-shared-dependencies</url>
+    <tag>HEAD</tag>
+  </scm>
+
+  <issueManagement>
+    <url>https://github.com/googleapis/java-shared-dependencies/issues</url>
+    <system>GitHub Issues</system>
+  </issueManagement>
+
+  <licenses>
+    <license>
+      <name>Apache-2.0</name>
+      <url>https://www.apache.org/licenses/LICENSE-2.0.txt</url>
+    </license>
+  </licenses>
+
+  <properties>
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    <maven.compiler.source>1.8</maven.compiler.source>
+    <maven.compiler.target>1.8</maven.compiler.target>
+  </properties>
+
+  <dependencyManagement>
+    <dependencies>
+      <dependency>
+        <groupId>com.google.cloud</groupId>
+        <artifactId>google-cloud-shared-dependencies</artifactId>
+        <version>2.7.0</version><!-- {x-version-update:google-cloud-shared-dependencies:current} -->
+        <type>pom</type>
+        <scope>import</scope>
+      </dependency>
+    </dependencies>
+  </dependencyManagement>
+
+  <dependencies>
+    <dependency>
+      <groupId>com.google.guava</groupId>
+      <artifactId>guava</artifactId>
+      <version>31.0.1-jre</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>com.google.cloud.tools</groupId>
+      <artifactId>dependencies</artifactId>
+      <version>1.5.12</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <version>4.13.1</version>
+      <scope>test</scope>
+    </dependency>
+  </dependencies>
+</project>
diff --git a/dependency-convergence-check/src/test/java/com/google/cloud/DependencyConvergenceTest.java b/dependency-convergence-check/src/test/java/com/google/cloud/DependencyConvergenceTest.java
@@ -0,0 +1,111 @@
+/*
+ * Copyright 2022 Google LLC.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.cloud;
+
+import static org.junit.Assert.assertTrue;
+
+import com.google.cloud.tools.opensource.classpath.ClassPathBuilder;
+import com.google.cloud.tools.opensource.classpath.ClassPathEntry;
+import com.google.cloud.tools.opensource.classpath.ClassPathResult;
+import com.google.cloud.tools.opensource.classpath.DependencyMediation;
+import com.google.cloud.tools.opensource.dependencies.Bom;
+import com.google.cloud.tools.opensource.dependencies.DependencyPath;
+import com.google.common.base.Joiner;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableSet;
+import java.nio.file.Paths;
+import java.util.HashSet;
+import java.util.Set;
+import org.eclipse.aether.artifact.Artifact;
+import org.junit.Test;
+
+/**
+ * Test to ensure that certain artifacts in the dependency tree of each entry of the shared
+ * dependencies BOM have the same version.
+ */
+public class DependencyConvergenceTest {
+
+  @Test
+  public void testGrpcConvergence() throws Exception {
+    // There were cases where the gRPC version set in the shared dependencies BOM and the gRPC
+    // version declared in gax-grpc's dependency broke the build of downstream projects. Two
+    // artifacts were using version range to specify exact gRPC versions.
+    // https://github.com/googleapis/java-shared-dependencies/pull/595
+    Bom bom = Bom.readBom(Paths.get("../pom.xml"));
+    assertConvergence(
+        bom,
+        "io.grpc",
+        "grpc-netty-shaded",
+        ImmutableSet.of(
+            // Because OpenCensus's gRPC version does not use version range notation, it does not
+            // break downstream build
+            "opencensus-exporter-trace-stackdriver",
+            "opencensus-exporter-stats-stackdriver",
+            // Because grpc-gcp's gRPC version does not use version range notation, it does not
+            // break downstream build
+            "grpc-gcp"));
+  }
+
+  /**
+   * Asserts the artifact specified at {@code groupId} and {@code artifactId} have the same version
+   * across the dependency trees of the managed dependencies of {@code bom}.
+   *
+   * <p>Use {@code excludingArtifactIds} to ignore certain artifacts.
+   */
+  private void assertConvergence(
+      Bom bom, String groupId, String artifactId, Set<String> excludingArtifactIds)
+      throws Exception {
+    ImmutableList<Artifact> managedDependencies = bom.getManagedDependencies();
+
+    Set<DependencyPath> foundPaths = new HashSet<>();
+    Set<String> foundVersions = new HashSet<>();
+    for (Artifact managedDependency : managedDependencies) {
+      if (excludingArtifactIds.contains(managedDependency.getArtifactId())) {
+        continue;
+      }
+
+      ClassPathBuilder classPathBuilder = new ClassPathBuilder();
+      ClassPathResult result =
+          classPathBuilder.resolve(
+              ImmutableList.of(managedDependency), false, DependencyMediation.MAVEN);
+      ImmutableList<ClassPathEntry> classPath = result.getClassPath();
+      for (ClassPathEntry entry : classPath) {
+        Artifact artifact = entry.getArtifact();
+        if (artifactId.equals(artifact.getArtifactId()) && groupId.equals(artifact.getGroupId())) {
+          ImmutableList<DependencyPath> dependencyPaths = result.getDependencyPaths(entry);
+          foundPaths.add(dependencyPaths.get(0));
+          foundVersions.add(artifact.getVersion());
+        }
+      }
+    }
+
+    assertTrue(
+        "There should be at least one version in the graph but empty; "
+            + "please check the assertion is using correct groupID and artifactID.",
+        foundVersions.size() >= 1);
+
+    // Duplicate versions found in the dependency trees
+    assertTrue(
+        "The version for "
+            + groupId
+            + ":"
+            + artifactId
+            + " should be one but there are multiple of them: "
+            + Joiner.on(", ").join(foundPaths),
+        foundVersions.size() <= 1);
+  }
+}