Add shortcut for s01.oss.sonatype.org to Resolver
#392
Conversation
|
Overall LGTM. Once it passes the test, could you squash the commits and include the links to sbt/sbt#6787 and https://central.sonatype.org/news/20210223_new-users-on-s01/ into commit message please? |
armanbilge
force-pushed
the
feature/s01
branch
from
14d1b66 to
4269954
Compare
|
Randomly just stumbled on this because I'm currently on a repository rabbit hole, but I potentially see this as a large source of confusion for people. I can imagine the following situation may be somewhat common:
Is there any way to just get |
|
AFAIK step (2) as you write it currently does not happen—in order for publishing to s01 to work, users have to manually adjust the settings for the sonatype sbt plugin. So there is confusion, just earlier in the process. With that said, overall I agree with the sentiment it would be nice if this could be abstracted away. Especially for downstream consumers, who shouldn't have to know which host each of their dependencies happens to be publishing to. One way we could accomplish that here is by deprecating the current method and adding a new one that returns a collection of hosts. This doesn't seem unreasonable since sonatype has indicated they may add additional hosts if s01 also becomes over-populated. |
|
Ahh I missed this part of the ci-release docs
It's unfortunate all around that new publishers have to deal with this.
If this is a possibility I think this would be way better. |
In general though, I think using snapshot outside of short-term local testing is a bad practice that makes build unrepeatable, slow, and insecure, so making it easier to consume snapshots from some list of resolvers I don't think is a good idea. These are the kind of changes that would make 1s compile into 30s as it downloads maven-metadata.xml etc over slow network, and people would blame sbt for being slow. |
That's true, but I think that that problem is orthogonal to this one. IIUC the problem you are describing happens as soon as anyone adds a However, given that sbt will continue to offer |
|
Lets say in the next 5 years, Sonatype adds 5 shards S01, S02, .. S05. I don't think we should make it easier to check against all of them yet. Or maybe S01 would appease the current scaling concerns, and there would be a legitimate confusion around resolving against OSS vs S01. I think adding |
For sure, I agree with all these points except that last one. Because we can agree on them, but in practice there are valid usecases where snapshots are required or needed whether for testing, or whatever reason. Heck, right now even in Metals if you choose to use sbt as a BSP server, and you're using a snapshot of Metals, the Even for myself, someone who I think is at least pretty familiar with the Scala ecosystem had no idea about the differences of I understand the speed concerns, but I know for myself I'm always willing to pay a bit of cost in the speed of my tooling if it will avoid me getting confused and having to search around for a while to find the answer because my assumptions were wrong about how something would work. My assumption would have been |
I was motivated to open this PR because I'm hoping that we will migrate Typelevel to S01 in the near future, at which point I assume there will be increased confusion/need. |
armanbilge
force-pushed
the
feature/s01
branch
from
4269954 to
a561f3a
Compare
|
So it seems both of you are advocating for #393 so sbt would transparently resolve against both shards of Sonatype OSS repositories. My main concern is making it too easy to make the build slower. I wonder if the middle ground solution would be to go for #393, but with deprecation message warning that SNAPSHOT would make things slow because it needs to check the Internet for new versions everyday. This should allow debugging among the core developers, but hopefully normal end users would be scared away from adding it to their build thoughtlessly. wdyt? |
|
Thanks for following up! Unless I am misunderstanding, you want to deprecate the new method introduced in #393 right off-the-bat, not because it's actually deprecated but as a sort of warning to users? That seems confusing/awkward. I'm still not sure if I completely understand what exactly causes the slowness: is it having dependencies with "SNAPSHOT" in the version number that forces it to check for new versions, or is simply the presence of these resolvers that causes the slowness (regardless of the actual dependencies being resolved). In either case, could sbt log a warning about this to the console? Edit: it's worth noting that some sbt plugins add these snapshot resolvers automatically as a convenience. So there are ways this can happen without a user explicitly using one of these methods. But a warning will always appear. |
Scala Language Spec doesn't define what deprecation means but at least according to JEP 277 and The Java Language Specification:
So maybe this a pedantic position in Scala, but it doesn't necessarily mean "we're removing this in the future."
It's the combination of:
Maven Central version numbers do not change, and it's been optimized things resolve relatively fast. On the other hand, if you one instance of a repository like Sonatype Nexus, each hit is going to be a few hundred ms (US or EU) to a few seconds (Australia or India).
All the more reason it would be important to let the plugin developers know that we discourage the wide use of it even though it might be useful sometimes. |
|
Thanks for the informative response. I can't speak to the spec, but when I encounter a deprecated method, I operate under the assumption that new code should not use it at all. So personally, I think this would be confusing, but I see your point. Personally I'd still vote for sbt logging a warning if any of those aformentioned conditions are true, if possible. Especially when there are snapshot repositories present in the resolvers but no SNAPSHOT-versioned dependencies, because that's obviously suspect. This would help any user understand why things might be slow, especially if they're not setting these resolvers themselves. Many people also set resolvers manually like: resolvers +=
"Sonatype OSS Snapshots" at "https://oss.sonatype.org/content/repositories/snapshots"via copy-pasta from https://www.scala-sbt.org/1.x/docs/Resolvers.html. So they are in the same boat and a deprecation wouldn't help catch that. Edit: in fact, it's very possible that deprecating these helper methods will simply push users to the verbose syntax as the "better alternative" that isn't deprecated. |
Fixes sbt/sbt#6787.
I named it
sonatype01Repo(my guess is that's whats01stands for. edit: oh, perhaps it's "shard 01"...).