简体繁体 English

维护第三方Java库依赖项的补丁

[英]Maintaining patches of third-party Java library dependencies

原文 2013-07-21 18:05:34 1 2 java/ git/ maven/ jar/ gradle

My Java project has a dependency on a third-party library, let's call it xyz.jar. 我的Java项目依赖第三方库，我们称其为xyz.jar。 My project is maintained in git and xyz in svn. 我的项目在svn中的git和xyz中维护。 xyz is included in my project as a Maven dependency so that it gets downloaded automatically as part of the build process. xyz作为Maven依赖项包含在我的项目中，因此在构建过程中会自动下载xyz。

I need to make minor tweaks to the source of xyz, but still want to get updates from the project maintainers. 我需要对xyz的源代码进行细微调整，但仍想从项目维护者那里获取更新。 What options do I have? 我有什么选择？

Currently, the best option seems to be to this: 当前，最好的选择似乎是这样的：

Fork the svn repo for xyz into a new git repo using git svn clone . 使用git svn clone xyz的svn repo分叉到新的 git repo中。
Hack on the git repo. 破解git repo。
Build xyz-hacked.jar from the git repo and export the artifact to a maven library server. 从git repo构建xyz-hacked.jar并将工件导出到Maven库服务器。

When new changes come out for xyz, I can do a git svn rebase to keep my git repo up to date. 当xyz出现新变化时，我可以执行git svn rebase来保持git repo处于最新状态。

What are the best practices here? 这里的最佳做法是什么？ Can I improve on this approach? 我可以改进这种方法吗？

Edit 编辑

I know there will be some manual work involved, eg resolving merge conflicts and ensuring my patches are compatible with the latest xyz. 我知道将涉及一些手动工作，例如解决合并冲突并确保我的补丁程序与最新的xyz兼容。 I'm not looking for a general, automated code merge solution. 我不是在寻找通用的自动化代码合并解决方案。 I'm trying to find out what the best practices and tools are in this situation. 我正在尝试找出在这种情况下的最佳实践和工具。

Gradle 摇篮

I don't think this is a Gradle-specific question, but just in case there's a Gradle-specific answer: I'm using Gradle to include xyz.jar as a 'compile' dependency. 我不认为这是特定于Gradle的问题，但以防万一有特定于Gradle的答案：我正在使用Gradle将xyz.jar包含为“编译”依赖项。

2 个解决方案

No matter what approach you use, it will always be labor-intensive. 无论您使用哪种方法，都将总是劳动密集型的。

Explicit conflicts will occur, but more insidious, any change anywhere in the base can totally break your local mods, even a change in a source file your local mods don't touch (ie an interface signature you depend on). 将会发生明确的冲突，但是更隐蔽的是，基础上任何地方的任何更改都可能完全破坏您的本地mod，甚至您本地mod不会触摸的源文件的更改（即您依赖的接口签名）。

Each and every rebase will require manual merging and complete regression testing on the 3rd party library AND your applciations that depend on the library. 每个基准库都需要对第三方库以及依赖该库的应用进行手动合并和完整的回归测试。

By definition, this is not automatable. 根据定义，这不是自动的。

I think you should consider the following points in respect to your approach: 我认为您应该针对您的方法考虑以下几点：

You don't know how exacltyy project maintainters will change the source code. 您不知道专业的项目维护人员将如何更改源代码。 Therefore, while you will be able to apply most updates using rebase, at some point you will eventually face a conflict which you will have to resovle manually. 因此，尽管您将能够使用rebase来应用大多数更新，但是在某些时候，您最终将面临一个冲突，您必须手动重新解决。
This 3rd party library probably do not change very often. 该第三方库可能不会经常更改。 Even if it does, it doesn't mean that you have to update your dependency immeidately. 即使这样做，也并不意味着您必须立即更新依赖关系。 What for? 做什么的？ There could be lots and lots of updates to that library which doesn't affect your code anyhow. 该库可能会有很多更新，这些更新无论如何都不会影响您的代码。 So why bothering with it? 那么，为什么要打扰呢？

My opinion is that such kind of problems should not be automated anyhow since this happens pretty rare and require your manual intervention anyway. 我的意见是，这类问题无论如何都不应自动解决，因为这种情况很少发生，并且无论如何都需要您的手动干预。 Ie you will spend much more time trying to automate this than in case you parform manual rebuilds, say, once in half-a-year. 也就是说，与每半年进行一次手动重建相比，您将花费更多的时间来尝试实现自动化。