Skip to content

Fix 2.19.5 Build Failures#5195

Open
mengweieric wants to merge 3 commits intoopensearch-project:2.19from
mengweieric:2.19
Open

Fix 2.19.5 Build Failures#5195
mengweieric wants to merge 3 commits intoopensearch-project:2.19from
mengweieric:2.19

Conversation

@mengweieric
Copy link
Collaborator

Description

Fixed below build failure.

> Task :opensearch-sql-plugin:compileJava FAILED

FAILURE: Build failed with an exception.

* What went wrong:
Execution failed for task ':opensearch-sql-plugin:compileJava'.
> Could not resolve all dependencies for configuration ':opensearch-sql-plugin:compileClasspath'.
   > Conflict found for the following module:
       - com.google.errorprone:error_prone_annotations between versions 2.45.0, 2.21.1 and 2.38.0

* Try:
> Run with :opensearch-sql-plugin:dependencyInsight --configuration compileClasspath
  --dependency com.google.errorprone:error_prone_annotations to get more insight on how to solve the conflict.

Related Issues

Resolves #[Issue number to be closed when this PR is merged]

Check List

  • New functionality includes testing.
  • New functionality has been documented.
  • New functionality has javadoc added.
  • New functionality has a user manual doc added.
  • New PPL command checklist all confirmed.
  • API changes companion pull request created.
  • Commits are signed per the DCO using --signoff or -s.
  • Public documentation issue/PR created.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

Signed-off-by: Eric Wei <mengwei.eric@gmail.com>
@github-actions
Copy link
Contributor

PR Code Analyzer ❗

AI-powered 'Code-Diff-Analyzer' found issues on commit 0f77834.

PathLineSeverityDescription
plugin/build.gradle118mediumForces 'com.google.errorprone:error_prone_annotations' to version 2.45.0, which is an unusually high version number. As of early 2025, the latest known releases were in the 2.28-2.30 range. Forcing a non-existent or future version string is a known supply chain attack vector: if a malicious actor publishes a package at that exact version to a public registry, this pinned resolution would pull it in automatically. The change is unrelated to any described feature and error_prone_annotations (a compile-time annotation library) rarely requires forced version resolution. Verify this version exists in your artifact registry and that the dependency is genuinely needed.

The table above displays the top 10 most important findings.

Total: 1 | Critical: 0 | High: 0 | Medium: 1 | Low: 0


Pull Requests Author(s): Please update your Pull Request according to the report above.

Repository Maintainer(s): You can bypass diff analyzer by adding label skip-diff-analyzer after reviewing the changes carefully, then re-run failed actions. To re-enable the analyzer, remove the label, then re-run all actions.


⚠️ Note: The Code-Diff-Analyzer helps protect against potentially harmful code patterns. Please ensure you have thoroughly reviewed the changes beforehand.

Thanks.

@mengweieric mengweieric added the v2.19.5 Issues targeting release v2.19.5 label Feb 27, 2026
Signed-off-by: Eric Wei <mengwei.eric@gmail.com>
Copy link
Collaborator

@dai-chen dai-chen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please check CI failure.

Signed-off-by: Eric Wei <mengwei.eric@gmail.com>
@github-actions
Copy link
Contributor

PR Code Analyzer ❗

AI-powered 'Code-Diff-Analyzer' found issues on commit 845367e.

PathLineSeverityDescription
doctest/build.gradle28mediumBranch switched from 'main' to '1.0-legacy' for sql-cli dependency. Pinning to a legacy/unmaintained branch can introduce known vulnerabilities and may prevent security patches from being applied. While potentially legitimate for stability, it warrants review to confirm this is intentional and that the legacy branch is not compromised.
build.gradle126lowForcing com.google.errorprone:error_prone_annotations to version 2.45.0, which is an unusually high version number (latest known stable releases are in the 2.x low-to-mid range). If this version does not exist in official repositories, a malicious artifact with that version string could be substituted. Should be verified against the official Maven Central release history.

The table above displays the top 10 most important findings.

Total: 2 | Critical: 0 | High: 0 | Medium: 1 | Low: 1


Pull Requests Author(s): Please update your Pull Request according to the report above.

Repository Maintainer(s): You can bypass diff analyzer by adding label skip-diff-analyzer after reviewing the changes carefully, then re-run failed actions. To re-enable the analyzer, remove the label, then re-run all actions.


⚠️ Note: The Code-Diff-Analyzer helps protect against potentially harmful code patterns. Please ensure you have thoroughly reviewed the changes beforehand.

Thanks.

@github-actions
Copy link
Contributor

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

🧪 PR contains tests
🔒 No security concerns identified
✅ No TODO sections
🔀 Multiple PR themes

Sub-PR theme: Fix Prometheus test URI configuration

Relevant files:

  • prometheus/src/test/java/org/opensearch/sql/prometheus/storage/PrometheusStorageFactoryTest.java

Sub-PR theme: Fix sql-cli install path in bootstrap script

Relevant files:

  • doctest/bootstrap.sh

⚡ Recommended focus areas for review

URI Change

The test URI was changed from https://test.com to http://localhost:9090. This changes the test from using HTTPS to HTTP and from an external host to localhost. Verify that this change is intentional and that the deny-list validation logic still behaves correctly with a localhost URI, as the original test may have been specifically testing with an external HTTPS URI.

properties.put("prometheus.uri", "http://localhost:9090");
Path Change

The install path for sql-cli was changed from ./sql-cli (relative to current working directory) to $DIR/sql-cli (relative to the script's directory). Verify that $DIR is correctly set earlier in the script and that $DIR/sql-cli always resolves to the correct location regardless of where the script is invoked from.

$DIR/.venv/bin/pip install -e $DIR/sql-cli

@github-actions
Copy link
Contributor

PR Code Suggestions ✨

Explore these optional code suggestions:

CategorySuggestion                                                                                                                                    Impact
General
Quote path variable to handle spaces

When $DIR contains spaces or special characters, the unquoted variable expansion
will cause the path to be split incorrectly. Quote the path to handle such cases
safely.

doctest/bootstrap.sh [24]

-$DIR/.venv/bin/pip install -e $DIR/sql-cli
+$DIR/.venv/bin/pip install -e "$DIR/sql-cli"
Suggestion importance[1-10]: 5

__

Why: Quoting $DIR/sql-cli is a valid shell scripting best practice to handle paths with spaces or special characters. However, the same pattern is used unquoted throughout the rest of the script (e.g., $DIR/.venv/bin/pip), so this is a minor/partial improvement.

Low

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

v2.19.5 Issues targeting release v2.19.5

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants