tree: 42bad66c3eb0e327abc5c4f429eae1b7d3256943 [path history] [tgz]
  2. bytebuddy-1_10_8/
  3. calcite-1_26_0/
  4. grpc-1_26_0/
  5. grpc-1_36_0/
  6. guava-26_0-jre/

Vendored Dependencies Release

The upgrading of the vendored dependencies should be performed in two steps:

  • Firstly, we need to perform a formal release of the vendored dependency. The release process of the vendored dependency is separate from the release of Apache Beam.
  • When the release of the vendored dependency is out, we can migrate Apache Beam to use the newly released vendored dependency.

How to validate the vendored dependencies

The linkage tool is useful for the vendored dependency upgrades. It reports the linkage errors across multiple Apache Beam artifact ids.

For example, when we upgrade the version of gRPC to 1.36.0 and the version of the vendored gRPC is 0.1-SNAPSHOT, we could run the linkage tool as following:

# The check task depends on shadowJar task
$ ./gradlew :vendor:grpc-1_36_0:check
$ find vendor/grpc-1_36_0/build -name '*.jar'
$ mvn install:install-file \
      -Dpackaging=jar \
      -DgroupId=org.apache.beam \
      -DartifactId=beam-vendor-grpc-1_36_0 \
      -Dversion=0.1 \
$ ./gradlew -PvendoredDependenciesOnly -Ppublishing -PjavaLinkageArtifactIds=beam-vendor-grpc-1_36_0:0.1 :checkJavaLinkage

Known Linkage Errors in the Vendored gRPC Dependencies

It's expected that the task outputs some linkage errors. While the checkJavaLinkage task does not retrieve optional dependencies to avoid bloated dependency trees, Netty (one of gRPC dependencies) has various optional features through optional dependencies. Therefore the task outputs the linkage errors on the references to missing classes in the optional dependencies when applied for the vendored gRPC artifact.

As long as Beam‘s use of gRPC does not touch these optional Netty features or the classes are available at runtime, it’s fine to have the references to the missing classes. Here are the known linkage errors:

  • References to org.junit.runners: io.grpc.testing.GrpcCleanupRule uses JUnit classes, which are present when we run Beam's tests.
  • References from io.netty.handler.ssl: Netty users can choose SSL implementation based on the platform (Netty documentation). Beam's vendored gRPC uses netty-tcnative-boringssl-static, which contains the static libraries for all supported OS architectures (x86_64 and aarch64). The io.netty.handler.ssl package has classes that have references to missing classes in other unused optional SSL implementations.
  • References from io.netty.handler.codec.compression: Beam does not use the optional dependencies for compression algorithms (jzlib, lzma, and lzf) through Netty's features.
  • References to and org.jboss.marshalling: Beam does not use the optional serialization algorithms.
  • References from io.netty.util.internal.logging: Netty‘s logging framework can choose available loggers at runtime. The logging implementations are optional dependencies and thus are not needed to be included in the vendored artifact. Slf4j-api is available at Beam’s runtime.
  • References to reactor.blockhound: When enabled, Netty's BlockHound integration can detect unexpected blocking calls. Beam does not use it.