Choose a more similar tag #910
Description
Consider the example,
maven,com.google.api.grpc:proto-google-common-protos,2.41.0,proto-google-common-protos-2.41.0.jar
We get the commit for this case using the tag heuristic, but we get the wrong one. The inference logs are as follows:
2025/10/10 02:20:37 Using cloned repository [pkg=com.google.api.grpc:proto-google-common-protos,repoURL=https://github.com/googleapis/sdk-platform-java]
2025/10/10 02:20:37 Multiple tag matches [pkg=com.google.api.grpc:proto-google-common-protos,ver=2.41.0,matches=[api-common/v2.41.0 gax/v2.41.0 v2.41.0]]
2025/10/10 02:20:37 using tag heuristic with mismatched version [expected=2.41.0,actual=2.49.0,path=java-common-protos/proto-google-common-protos/pom.xml,ref=137dc4b89]
Although we do find the correct tag v2.41.0, because of sorting it moves to the last entry in the array. Since we select the first one api-common/v2.41.0, we get the incorrect commit 137dc4b89 (correct is googleapis/sdk-platform-java@317f472).
One may wonder why do we select this commit even though the actual version in the pom file is 2.49.0. We have actually made it optional for the version to match because of the cases where versions look like actual=${revision} (cn.dev33:sa-token-core,1.37.0,sa-token-core-1.37.0.jar) , actual=0.0.0-SNAPSHOT (ch.exense.commons:exense-basic-commons,2.0.8.exense-basic-commons-2.0.8.jar).
There are two things together that can be done here to solve this:
- If there are multiple tags, do a version match in the pom file to select the tag. Note this is only possible for Maven projects and not for Gradle.
- Sort the tags by minimum edit distance to the expected version. This is the same strategy we use for finding artifact ID for Gradle projects.
Another test case that this issue will fix
/usr/bin/docker run --rm --memory 10g ctl infer --ecosystem maven --package jakarta.websocket:jakarta.websocket-api --version 2.2.0 --artifact jakarta.websocket-api-2.2.0.jar
STDOUT:
{
"maven_build": {
"repo": "https://github.com/eclipse-ee4j/websocket-api",
"ref": "ea48868026671de7ae755d3937c17d14b661b788",
"dir": "api/server",
"jdk_version": "11"
}
}
STDERR:
2025/10/10 04:14:27 Using cloned repository [pkg=jakarta.websocket:jakarta.websocket-api,repoURL=https://github.com/eclipse-ee4j/websocket-api]
2025/10/10 04:14:27 Multiple tag matches [pkg=jakarta.websocket:jakarta.websocket-api,ver=2.2.0,matches=[2.2.0-M1-RELEASE 2.2.0-RELEASE]]
2025/10/10 04:14:27 using tag heuristic with mismatched version [expected=2.2.0,actual=2.2.0-M1,path=api/server/pom.xml,ref=ea4886802]
Correct tag:
2.2.0-RELEASE, Chosen tag2.2.0-M1-RELEASE.