The upgrading of the vendored dependencies should be performed in two steps:
The linkage tool is useful for the vendored dependency upgrades. It reports the linkage errors across multiple Apache Beam artifact ids.
For example, when we upgrade the version of gRPC to 1.36.0 and the version of the vendored gRPC is 0.1-SNAPSHOT, we could run the linkage tool as following:
# The check task depends on shadowJar task $ ./gradlew :vendor:grpc-1_36_0:check $ find vendor/grpc-1_36_0/build -name '*.jar' vendor/grpc-1_36_0/build/libs/beam-vendor-grpc-1_36_0-0.1.jar $ mvn install:install-file \ -Dpackaging=jar \ -DgroupId=org.apache.beam \ -DartifactId=beam-vendor-grpc-1_36_0 \ -Dversion=0.1 \ -Dfile=vendor/grpc-1_36_0/build/libs/beam-vendor-grpc-1_36_0-0.1.jar $ ./gradlew -PvendoredDependenciesOnly -Ppublishing -PjavaLinkageArtifactIds=beam-vendor-grpc-1_36_0:0.1 :checkJavaLinkage
It's expected that the task outputs some linkage errors. While the
checkJavaLinkage task does not retrieve optional dependencies to avoid bloated dependency trees, Netty (one of gRPC dependencies) has various optional features through optional dependencies. Therefore the task outputs the linkage errors on the references to missing classes in the optional dependencies when applied for the vendored gRPC artifact.
As long as Beam‘s use of gRPC does not touch these optional Netty features or the classes are available at runtime, it’s fine to have the references to the missing classes. Here are the known linkage errors:
io.grpc.testing.GrpcCleanupRuleuses JUnit classes, which are present when we run Beam's tests.
io.netty.handler.ssl: Netty users can choose SSL implementation based on the platform (Netty documentation). Beam's vendored gRPC uses
netty-tcnative-boringssl-static, which contains the static libraries for all supported OS architectures (x86_64 and aarch64). The
io.netty.handler.sslpackage has classes that have references to missing classes in other unused optional SSL implementations.
io.netty.handler.codec.compression: Beam does not use the optional dependencies for compression algorithms (jzlib, lzma, and lzf) through Netty's features.
org.jboss.marshalling: Beam does not use the optional serialization algorithms.
io.netty.util.internal.logging: Netty‘s logging framework can choose available loggers at runtime. The logging implementations are optional dependencies and thus are not needed to be included in the vendored artifact. Slf4j-api is available at Beam’s runtime.
reactor.blockhound: When enabled, Netty's BlockHound integration can detect unexpected blocking calls. Beam does not use it.