Add shading to -fat.jar

[ravenAtSafe]

The new fat jar added in #7 helpfully bundles all driver dependencies. For example, in ucanaccess-5.1.2-20240327.163958-57-fat.jar I can see

• com.zaxxer.sparsebits
• org.apache.commons
• org.hsqldb

As only one version of any Java class can be loaded it is likely that the ucanaccess driver will not be compatible with other jars that require different versions of those dependencies (either ucanaccess will be poisoned or it will poison others). This is true for the fat or standalone jars.

Adding shading to the fat jar would make ucanaccess a model citizen, safe from possible foreign interactions. This is what we do locally rather than using anything pre-built.

I believe the important bits of our own shading instructions (kinda crude, sorry) for rebuilding ucanaccess are the following (note that ucanaccess doesn't strictly need jackcess-encrypt but users do if they are dealing with encrypted databases - so I guess this request includes packing jackcess-encrypt in there).

    d) in your maven project pom.xml, add dependencies to 
        - ucanaccess
	      https://central.sonatype.com/artifact/io.github.spannm/ucanaccess
        - jackcess-encrypt (used by our code)
	      https://mvnrepository.com/artifact/com.healthmarketscience.jackcess/jackcess-encrypt
    e) add maven-shade-plugin to pom.xml
    f) view the dependency tree of the project via maven:
	    > mvn dependency:tree
    g) inspect the dependency tree, and from top to bottom, add the artifacts that need to be included in your pom.xml
    h) download these artifacts if your IDE hasn't automatically done so
    i) inspect each artifact, determine the patterns that include the entire contents of the artifact (other than META-INF), and relocate them to jdbc.ucanaccess.shaded.* in your pom.xml
    j) in your pom.xml, ensure that the project version (line 10) matches the version of ucanaccess that was added as a dependency in step d (line 15). (See FMEENGINE-63096)
    k) package a JAR by running:
        > mvn clean package

[spannm]

Hi @ravenAtSafe,

please take another look at the latest available snapshots and give the fat jar a spin.
I think it might come pretty close to what you're looking for.
Looking forward to your feedback.

Happy Easter, everyone!!

[ravenAtSafe]

Hmmm, after inspecting ucanaccess-5.1.2-20240328.080123-2-fat.jar I'm not sure if we're getting closer (to what we build locally) or not

• org.apache.commons appears to be missing now
  • it's possible this is only needed by encryption though?
• org/hsqldb still not shaded
• no sign of jackcess-encrypt
  • jackcess/cryptmodel
  • org/bouncycastle
  • other?

To be clear, we already have a perfectly viable local build solution but it seems like other users might get value out of a stock jar that fills that niche. I will not object if you choose not to pursue.

[spannm]

I've added jackcess-encrypt and transitive dependencies to fat jar (unfortunately this leads to a much larger jar mostly due to bouncycastle).

Correct, Apache Commons logging and lang3 are dependencies of jackcess-encrypt only, even though jackcess-encrypt pulls them in through the legacy (not forked) jackcess.

In order to do this right, jackcess-encrypt would need to get forked as well (to remove dependencies on Apache Commons for one reason), so this is turning into quite a bit of work.

Regarding shading, what are your expectations for renaming packages, more precisely, which to rename and which not to rename? Ucanaccess jar itself IMO should not be shaded as it is a driver (not a library), driver name as well as main class (console) must remain untouched.

[ravenAtSafe]

Regarding shading, what are your expectations for renaming packages, more precisely, which to rename and which not to rename?

We shade everything except for the ucanaccess driver itself.

[spannm]

@ravenAtSafe Please see the comment posted in issue #7 and review

[ravenAtSafe]

If you intended jackcess-encrypt and friends to remain outside the UBER jar (.zip /lib folder) then this looks complete to me 👍

[spannm]

Fixed in release 5.1.2