Add support for BOM dependencies (Depends on TDEPS-202)

[borh]

Trying to lock the org.apache.jena/apache-jena-libs dep given the following deps.edn fails with a "Maven deps can have only 1 path":

{:paths ["src" "resources"]
 :deps {org.clojure/clojure {:mvn/version "1.11.1"}
        org.apache.jena/apache-jena-libs {:mvn/version "4.9.0" :extension "pom"}}}

I.e.: nix run github:jlesquembre/clj-nix#deps-lock -- --deps-include deps.edn

Processing /home/bor/Playground/jena-cljnix-test/deps.edn without aliases
Execution error (ExceptionInfo) at cljnix.utils/throw+ (utils.clj:22).
"Maven deps can have only 1 path" {:lib org.apache.jena/apache-jena-libs, :paths nil}

The dep in question is a POM artifact that just points to other deps (recursively). I haven't tried yet, but couldn't the test for paths be relaxed to handle this condition?

[jlesquembre]

Interesting, I added that check because I assumed only git dependencies could have multiple paths.
I want to support that use case. Before removing the check I'd like to do some tests, and make sure we don't break something else.

If you already have an open source project using apache-jena-libs, could you share it?

[borh]

Thanks for taking a look. I have a project that currently has some native and Python deps which I am in the process of cleaning up, but I found a relatively lightweight repo here: https://github.com/Swirrl/rdf-validator

Locking with clj-nix fails as in my report.

Running the testsuite with the Clojure CLI works fine (:test-runner is my cognitect-labs/test-runner alias):

clj -A:dev:test-runner

I believe a workaround would be to reference the specific Jena deps needed per project. Unfortunately, there is another level of similar nested dependencies, which makes this quite arduous:

org.apache.jena/apache-jena-libs dependency tree

org.apache.jena/apache-jena-libs 4.7.0
  . org.apache.jena/jena-rdfpatch 4.7.0
    . org.apache.jena/jena-arq 4.7.0
      . org.apache.jena/jena-core 4.7.0
        . org.apache.jena/jena-base 4.7.0
          . org.slf4j/slf4j-api 1.7.36
          . org.apache.jena/jena-shaded-guava 4.7.0
          . org.apache.commons/commons-csv 1.9.0
          . commons-io/commons-io 2.11.0
          . org.apache.commons/commons-lang3 3.12.0
          . commons-codec/commons-codec 1.15
          . org.apache.commons/commons-compress 1.22
          . com.github.andrewoma.dexx/collection 0.7
        . org.apache.jena/jena-iri 4.7.0
        . commons-cli/commons-cli 1.5.0
      . com.github.jsonld-java/jsonld-java 0.13.4
      . com.google.code.gson/gson 2.10
      . org.apache.httpcomponents/httpclient-cache 4.5.13
      . org.apache.httpcomponents/httpclient 4.5.13
      . org.slf4j/jcl-over-slf4j 1.7.36
      . com.fasterxml.jackson.core/jackson-core 2.14.1 :newer-version
      . com.fasterxml.jackson.core/jackson-databind 2.14.1 :newer-version
        . com.fasterxml.jackson.core/jackson-annotations 2.14.1 :newer-version
        . com.fasterxml.jackson.core/jackson-core 2.14.1
      . com.apicatalog/titanium-json-ld 1.3.1
      . org.glassfish/jakarta.json 2.0.1
      . com.google.protobuf/protobuf-java 3.21.10
      . org.apache.thrift/libthrift 0.17.0
      . org.apache.commons/commons-lang3 3.12.0
  . org.apache.jena/jena-shacl 4.7.0
    . org.apache.jena/jena-arq 4.7.0
  . org.apache.jena/jena-shex 4.7.0
    . org.apache.jena/jena-arq 4.7.0
  . org.apache.jena/jena-tdb 4.7.0
    . org.apache.jena/jena-arq 4.7.0
  . org.apache.jena/jena-tdb2 4.7.0
    . org.apache.jena/jena-dboe-storage 4.7.0
      . org.apache.jena/jena-dboe-trans-data 4.7.0
        . org.apache.jena/jena-dboe-transaction 4.7.0
          . org.apache.jena/jena-dboe-base 4.7.0
            . org.apache.jena/jena-arq 4.7.0
        . org.apache.jena/jena-dboe-index 4.7.0
          . org.apache.jena/jena-dboe-base 4.7.0
  . org.apache.jena/jena-rdfconnection 4.7.0
    . org.apache.jena/jena-arq 4.7.0

[jlesquembre]

@borh Thanks for the example, I can reproduce the issue, and I'll take a look to it

[jlesquembre]

@borh Is :extension "pom" documented anywhere? Looking at https://clojure.org/reference/deps_and_cli#_maven I only found this:

Currently, only jar artifacts are supported. Support for other artifact types (particularly Bill of Materials poms) may be added in the future.

I make the same assumption in clj-nix, just removing the check gives you a different error later.

Did you try to replace org.apache.jena/apache-jena-libs only with the top level dependencies? This seems to work:

org.apache.jena/jena-rdfpatch {:mvn/version "4.7.0"}
org.apache.jena/jena-shacl {:mvn/version "4.7.0"}
org.apache.jena/jena-shex {:mvn/version "4.7.0"}
org.apache.jena/jena-tdb {:mvn/version "4.7.0"}
org.apache.jena/jena-tdb2 {:mvn/version "4.7.0"}
org.apache.jena/jena-rdfconnection {:mvn/version "4.7.0"}

[jlesquembre]

I found some more info:

• https://app.slack.com/client/T03RZGPFR/C03S1KBA2/thread/C03S1KBA2-1690979866.830089
• https://app.slack.com/client/T03RZGPFR/C6QH853H8/thread/C6QH853H8-1680602178.664939

:extension "pom" is not supported, Clojure team doesn't recommend to relay on that. Instead, they recommend to add the deps referred to in the pom directly.

If TDEPS-202 is implemented, I'll add support for it on clj-nix