apache
[MPH-183] Effective-pom + verbose should show import path to BOM dependencyManagement
Robert Scholte opened MPH-183 and commented
The popular spring-boot makes a lot of use of BOMs. Using BOMs is a good practice, but right now it is very hard to determine where dependencyManagement dependencies and especially their versions are coming from.
Instead of only showing only the final location (from the BOM POM), it should also show the import path from the current project to that specific pom (where is the BOM POM imported?).
This way it will be easier to figure out which dependency in which POM needs to be upgraded: it's the version in the POM declaring the import of the BOM POM, not the version in the imported BOM POM.
Affects: 3.2.0
Attachments:
- mph-183-it.zip (5.96 kB)
Issue Links:
-
MNG-3220 Allow managed dependencies to be imported into other projects ("is caused by")
-
MNG-7906 Dependency Management import (BOM) does not work the "maven way"
-
MNG-7344 Effective pom should contain more finegrained details regarding its content origin: track dependencyManagement import ("requires")
-
MPH-160 help:effective-pom -Dverbose: add source location as comments in effective pom.xml ("supercedes")
Remote Links:
2 votes, 5 watchers
Robert Scholte commented
I've attached an integration-test (without verify script!). In the result.txt you'll notice a line like
<version>2.1</version> <!-- org.apache.maven.plugins.help.it:mph183-tool-bom:2.1, line 35 -->
However, if you go through the the parents, you'll never find this dependency: it's defined in the BOM POM, parents only import it. In the example it is quite clear where it is coming from, but once there are multiple boms, it could be hard to find.
What I would expect is something with "a via" like
<version>2.1</version> <!-- org.apache.maven.plugins.help.it:mph183-tool-bom:2.1, line 35 via org.apache.maven.plugins.help.it:mph183-boot-bom:1.0 -->
mph183-boot-bom:1.0 is inherited, which makes it clear where changes should be done.
In theory (and I think with projects like spring-cloud) the level of boms can be even higher, in which case it would be x via y via z.
Goal is to end the message with a dependency that can be found while going through the parent.
Robert Scholte commented
MPH-160 contains the initial implementation, also contains links to other projects that needs to be improved.
Maarten Mulders commented
I am happy to report that I have a working proof of concept for this.
Old situation:
<dependencies>
<dependency>
<groupId>org.example</groupId> <!-- org.example:mng-7344-project:1-SNAPSHOT, line 34 -->
<artifactId>mng-7344-dep-w</artifactId> <!-- org.example:mng-7344-project:1-SNAPSHOT, line 35 -->
<version>4</version> <!-- org.example:mng-7344-project:1-SNAPSHOT, line 36 -->
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.example</groupId> <!-- org.example:mng-7344-project:1-SNAPSHOT, line 39 -->
<artifactId>mng-7344-dep-x</artifactId> <!-- org.example:mng-7344-project:1-SNAPSHOT, line 40 -->
<version>2</version> <!-- org.example:mng-7344-bom-c:1-SNAPSHOT, line 19 -->
<scope>provided</scope> <!-- org.example:mng-7344-project:1-SNAPSHOT, line 41 -->
</dependency>
<dependency>
<groupId>org.example</groupId> <!-- org.example:mng-7344-project:1-SNAPSHOT, line 44 -->
<artifactId>mng-7344-dep-y</artifactId> <!-- org.example:mng-7344-project:1-SNAPSHOT, line 45 -->
<version>1.1</version> <!-- org.example:mng-7344-project:1-SNAPSHOT, line 46 -->
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.example</groupId> <!-- org.example:mng-7344-project:1-SNAPSHOT, line 49 -->
<artifactId>mng-7344-dep-z</artifactId> <!-- org.example:mng-7344-project:1-SNAPSHOT, line 50 -->
<version>3</version> <!-- org.example:mng-7344-bom-b:1-SNAPSHOT, line 26 -->
<scope>compile</scope>
</dependency>
</dependencies>
Same project, new situation:
<dependencies>
<dependency>
<groupId>org.example</groupId> <!-- org.example:mng-7344-project:1-SNAPSHOT, line 34-->
<artifactId>mng-7344-dep-w</artifactId> <!-- org.example:mng-7344-project:1-SNAPSHOT, line 35-->
<version>4</version> <!-- org.example:mng-7344-project:1-SNAPSHOT, line 36-->
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.example</groupId> <!-- org.example:mng-7344-project:1-SNAPSHOT, line 39-->
<artifactId>mng-7344-dep-x</artifactId> <!-- org.example:mng-7344-project:1-SNAPSHOT, line 40-->
<version>2</version> <!-- org.example:mng-7344-bom-c:1-SNAPSHOT, line 19 from org.example:mng-7344-bom-a:1-SNAPSHOT from org.example:mng-7344-project:1-SNAPSHOT-->
<scope>provided</scope> <!-- org.example:mng-7344-project:1-SNAPSHOT, line 41-->
</dependency>
<dependency>
<groupId>org.example</groupId> <!-- org.example:mng-7344-project:1-SNAPSHOT, line 44-->
<artifactId>mng-7344-dep-y</artifactId> <!-- org.example:mng-7344-project:1-SNAPSHOT, line 45-->
<version>1.1</version> <!-- org.example:mng-7344-project:1-SNAPSHOT, line 46-->
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.example</groupId> <!-- org.example:mng-7344-project:1-SNAPSHOT, line 49-->
<artifactId>mng-7344-dep-z</artifactId> <!-- org.example:mng-7344-project:1-SNAPSHOT, line 50-->
<version>3</version> <!-- org.example:mng-7344-bom-b:1-SNAPSHOT, line 26 from org.example:mng-7344-project:1-SNAPSHOT-->
<scope>compile</scope>
</dependency>
</dependencies>
I will soon publish a message on the mailing list to discuss if/how/when we can incorporate this into Maven.
Hervé Boutemy commented
nice, we now see in which parent POM the BOM POM was imported question:
- instead of generic "from", should not we be more specific "from BOM imported in"?
- I see there is no line number: we should probably find a way to point to a line number