The project includes various utilities that help analyze managed dependencies of a project and suggest version changes to avoid potential conflicts among the dependencies.
One of the utilities included is a multi module release detector. It is a best-effort (not 100% accurate) utility that is trying to identify the origin (e.g. a git repo or another ID) of the artifacts from the effective set of the project's managed dependencies and in case multiple releases from the same origin are detected it reports them as conflicts.
NOTE: the utility will be resolving every managed dependency as part of the analyses!
The utility can invoked using a public API or a Maven plugin with a minimal configuration below
<build>
<plugins>
<plugin>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-platform-bom-maven-plugin</artifactId>
<version>999-SNAPSHOT</version>
<executions>
<execution>
<goals>
<goal>report-release-versions</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
which should be added to the pom.xml
. With this minimal configuration the conflicts will be
logged as a WARNING
.
Here is a complete set of supported options
<build>
<plugins>
<plugin>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-platform-bom-maven-plugin</artifactId>
<version>999-SNAPSHOT</version>
<configuration>
<!-- Whether to skip this goal during the build -->
<skip>${skipBomReport}</skip>
<!-- wWether to generate the HTML report, the default is true -->
<htmlReport>${bomHtmlReport}</htmlReport>
<!--
Whether to report all the detected release origins
or only those with the conflicts, the default is false (only the conflicts)
-->
<reportAll>${bomReportAll}</reportAll>
<!-- The default level to use for report logging, the default is DEBUG -->
<reportLogging>${bomReportLogging}</reportLogging>
<!--
How to handle a detected conflict. The allowed values are:
* WARN - log a warning (the default)
* ERROR - log an error and fail the build
* INFO - log an info message
* DEBUG - log a debug message
-->
<bomConflict>${bomConflict}</bomConflict>
<!--
How to handle a detected resolvable version conflict. I.e. in case
the preferred version of the artifact was found to be available in the Maven
repository. Allowed values are:
* WARN - log a warning
* ERROR - log an error and fail the build (the default)
* INFO - log and info message
* DEBUG - log a debug message
-->
<bomResolvableConflict>${bomResolvableConflict}</bomResolvableConflict>
<!--
Whether to skip checking the conflicting dependencies for available versions updates
picking the latest version found in the BOM as the preferred one to align with.
The default is false.
-->
<skipUpdates>${bomSkipUpdates}</skipUpdates>
</configuration>
<executions>
<execution>
<goals>
<goal>report-release-versions</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
Another tools is a Quarkus platform BOM generator. Currently, it takes a pom.xml
file as an input. This pom.xml
is supposed to be
importing io.quarkus:quarkus-bom
and other extension BOMs (extension and other dependencies added directly to its dependencyManagement
is also supported).
The direct managed dependencies found in the original platform BOM are analyzed and categoried:
io.quarkus:quarkus-bom
BOM;All the dependencies coming from the io.quarkus:quarkus-bom
will be copied unmodified to the generated platform BOM.
At the same time io.quarkus:quarkus-bom
will be decomposed into project releases using the principle described above.
The dependencies imported from other BOMs will be handled in the following way:
io.quarkus:quarkus-bom
then the content of the imported io.quarkus:quarkus-bom
will beio.quarkus:quarkus-bom
and any other extension BOM) then it is copied to the generated platform BOM;io.quarkus:quarkus-bom
BOMio.quarkus:quarkus-bom
)The pom.xml
that defines the BOM can simply add the following plugin
<plugin>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-platform-bom-maven-plugin</artifactId>
<version>999-SNAPSHOT</version>
<executions>
<execution>
<phase>process-resources</phase>
<goals>
<goal>generate-platform-bom</goal>
</goals>
</execution>
</executions>
</plugin>
The plugin will generate the BOM which will replace the current pom.xml
and will be installed in the repository in place of the original pom.xml
.
It is possible to enforce versions on certain dependencies or exclude them altogether from the generated BOM. E.g.
<plugin>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-platform-bom-maven-plugin</artifactId>
<version>999-SNAPSHOT</version>
<executions>
<execution>
<phase>process-resources</phase>
<goals>
<goal>generate-platform-bom</goal>
</goals>
</execution>
</executions>
<configuration>
<enforcedDependencies>
<dependency>org.javassist:javassist:30</dependency>
</enforcedDependencies>
<excludedDependencies>
<dependency>com.amazon.alexa:ask-sdk-apache-client</dependency>
</excludedDependencies>
<excludedGroups>
<excludedGroup>ch.qos.logback</excludedGroup>
</excludedGroups>
</configuration>
</plugin>
The generated BOM will enforce version 30
on artifact org.javassist:javassist
, will not include com.amazon.alexa:ask-sdk-apache-client
and will not include artifacts with groupId ch.qos.logback
.
The plugin will create the target/bom
directory which will contain the generated BOMs and various reports in HTML format.
Right under target/boms
there will be the main index.html
file and directories named after BOM artifact coordinates using the following format <groupId>.<artifactId>-<version>
. E.g.
com.datastax.oss.quarkus.cassandra-quarkus-bom-1.0.0-alpha3
com.datastax.oss.quarkus.cassandra-quarkus-bom-deployment-1.0.0-alpha3
com.hazelcast.quarkus-hazelcast-client-bom-1.0.0
index.html
io.quarkus.quarkus-universe-bom-999-SNAPSHOT
org.amqphub.quarkus.quarkus-qpid-jms-bom-0.18.0
org.apache.camel.quarkus.camel-quarkus-bom-1.0.0
org.kie.kogito.kogito-bom-0.13.1
org.optaplanner.optaplanner-bom-7.41.0.Final
There will be a directory for each BOM (i.e. the platform BOM and every imported extension BOM). In the example above, the directory containing the platform BOM is io.quarkus.quarkus-universe-bom-999-SNAPSHOT
.
Each directory currently contains:
BOM
. If it's in the directory of the Quarkus platform BOM then it's the complete generated platform BOM. If it's in the directory of an extenion BOM, it's the extension BOM adapted to the platform. I.e. it contains only the dependencies relevant to the extension but all the versions it contains are aligned with those in the generated platform BOM.