Skip to content

SOLR-18296: DAGP external-lib api promotions — ILLUSTRATIVE, not for merge (part 3/3)#4614

Draft
serhiy-bzhezytskyy wants to merge 4 commits into
apache:mainfrom
serhiy-bzhezytskyy:dagp-pr3-external-api
Draft

SOLR-18296: DAGP external-lib api promotions — ILLUSTRATIVE, not for merge (part 3/3)#4614
serhiy-bzhezytskyy wants to merge 4 commits into
apache:mainfrom
serhiy-bzhezytskyy:dagp-pr3-external-api

Conversation

@serhiy-bzhezytskyy

Copy link
Copy Markdown
Contributor

Draft — NOT for merge. Part 3 of 3, for discussion only. Builds on #4613#4612.

This shows the ~76 external-library implementation -> api promotions DAGP suggests (slf4j, guava, junit, jakarta.*, jackson, log4j, opentelemetry, …), so the full picture is visible as code rather than a list.

I do not recommend merging this as-is. Per @dsmiley's point on the dev@ thread: liberal api is viral/transitive — it leaks each of these onto every downstream consumer's compile classpath, often for trivial exposure. The right call is human judgement on which (if any) are genuinely part of Solr's public contract.

Concrete evidence this advice is harmful, not just stylistically undesirable: DAGP also advised promoting jersey-core-server to api, but doing so fails to resolve — its version comes from the jersey BOM (declared implementation), so as api it has no version. I excluded it here to make the branch build. That's a real example of api-promotion breaking the build.

Proposed use: rather than accept/reject the whole set, pick any deps that are genuinely public API and I'll fold just those into #4613. Everything else stays implementation.

Layering: #4612 (safe advice, ready) → #4613 (inter-module project() api, draft) → this (external api, illustrative).

AI-assisted, human-reviewed per AGENTS.md.

Completes the dependency-analysis follow-up deferred from the Gradle 9 upgrade
(SOLR-18289), which dropped the Gradle-9-incompatible ca.cutterslade.analyze
plugin. Adds the Dependency Analysis Gradle Plugin (com.autonomousapps
build-health) configured to REPORT (warn), not fail — its advice is guidance
for human review, not enforcement.

Applies only the uncontroversial advice:
 - removal of genuinely-unused dependency declarations
 - a few test-scope corrections (implementation -> testImplementation)

Deliberately NOT included here (left for separate case-by-case review):
 - implementation -> api promotions (DAGP is aggressive here; per dev@ these
   need human judgement, as liberal api is viral/transitive)

Also forces kotlin-metadata-jvm to match Solr's Kotlin so DAGP can analyze the
:solr:ui (Compose/KMP) module. Lockfiles regenerated.
Applies DAGP's api advice ONLY for inter-module project() dependencies that are
genuinely part of the consuming module's public API (e.g. solr-core's public
types expose solrj), where 'api' is correct so downstream modules compile.

External-library api promotions are intentionally excluded here (see part 3/3);
per dev@ feedback those need case-by-case judgement rather than blanket promotion.

Builds on apache#4612. Lockfiles regenerated.
…ons (part 3/3)

Shows the ~76 external-library implementation->api promotions DAGP advises, for
discussion only. Per dev@ feedback these should NOT be applied wholesale: liberal
'api' is viral/transitive, leaking these deps onto every downstream consumer for
often-trivial exposure.

Concrete example of the harm: DAGP also advised promoting jersey-core-server to
api, but that FAILS to resolve — its version comes from the jersey BOM (declared
implementation), so as 'api' it has no version. Excluded here. This is exactly
the kind of breakage liberal api promotion causes.

Builds on apache#4613. Presented so reviewers can pick any genuinely-public ones
case-by-case rather than accept/reject the whole set.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant