Add Maven BOM #968
Add Maven BOM #968
Conversation
| <dependency> | ||
| <groupId>io.jsonwebtoken</groupId> | ||
| <artifactId>jjwt</artifactId> | ||
| <version>0.12.7-SNAPSHOT</version> |
There was a problem hiding this comment.
It has been a while since I created a bom, but if I remember correctly, this can't be a ${project.version} placeholder and must be a static string?
If there's a way to parameterize this, perhaps using the resources plugin, that'd be so much better. Manual steps during releases are a pain to maintain and are error-prone.
Thoughts?
There was a problem hiding this comment.
Thank you for the quick review!
It has been a while since I created a bom, but if I remember correctly, this can't be a ${project.version} placeholder and must be a static string?
Yes, that's my experience as well.
Manual steps during releases are a pain to maintain and are error-prone.
I heartily agree!
If there's a way to parameterize this, perhaps using the resources plugin, that'd be so much better.
It looks like all the modules in the project share the same version, which hopefully makes this easy.
What is the jjwt release process? If you guys use the Maven release plugin, then the versions in the BOM will be updated automatically during the release processs. Otherwise, anything that uses the Maven versions plugin should work automatically, too. (The maven release plugin uses the Maven versions plugin under the covers.)
I just ran a quick local test to confirm. From the jjwt root directory in this PR's branch:
# Discard all local changes, just in case
$ git checkout .
# Update all references to project modules to use the given versions
$ mvn versions:set -DnewVersion=0.12.8-SNAPSHOT
# Check the BOM versions to confirm the update worked
$ cat bom/pom.xml | grep -B 1 -A 4 '<groupId>io.jsonwebtoken</groupId>'
<parent>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-root</artifactId>
<version>0.12.8-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
--
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.12.8-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-api</artifactId>
<version>0.12.8-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-impl</artifactId>
<version>0.12.8-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-orgjson</artifactId>
<version>0.12.8-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-gson</artifactId>
<version>0.12.8-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-jackson</artifactId>
<version>0.12.8-SNAPSHOT</version>
</dependency>
All the other relevant versions are updated, too, even though I didn't show it above.
Feel free to duplicate the experiment on your side!
There's a fair chance this will Just Work on your existing release process. Otherwise, maybe it would make sense to call the Maven versions plugin directly, per the above?
There was a problem hiding this comment.
Thank's for the great reply! I forgot about mvn versions:set - I haven't used it myself because we pretty much do always use the Maven Release plugin.
Here is our release process: https://github.com/jwtk/jjwt/wiki
Any ideas how that page might be updated to reflect this PR (if at all)? Ideally, I'd like to make this as part of the mvn release:prepare and mvn release:perform phases if possible so we don't have to add an extra step. But if there's an alternative way that's effectively as easy or simple, we're definitely open to suggestions!
There was a problem hiding this comment.
Here is our release process: https://github.com/jwtk/jjwt/wiki
Outstanding! Good process docs warm the cockles of my heart. :)
Any ideas how that page might be updated to reflect this PR (if at all)? Ideally, I'd like to make this as part of the mvn release:prepare and mvn release:perform phases if possible so we don't have to add an extra step.
I think the current release process should work as-is, no change required. Based on my experience, the Maven Release plugin handles BOMs automatically.
I use the following (simple, but sadly undocumented) process to release my own tabular4j library, which also includes a BOM:
$ mvn -Prelease clean release:clean release:prepare release:perform
...and it works a treat. Here are the commits from release:prepare and release:perform that show how the plugin handles version updates on the latest release of that project. In particular, note the updates to the BOM versions.
Here's a quick experiment I ran on the jjwt project itself to confirm things work the same:
# Check current state of BOM before running release commands
# Note BOM has version 0.12.7-SNAPSHOT for everything
$ cat bom/pom.xml | grep -B 1 -A 4 '<groupId>io.jsonwebtoken</groupId>'
<parent>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-root</artifactId>
<version>0.12.7-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
--
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.12.7-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-api</artifactId>
<version>0.12.7-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-impl</artifactId>
<version>0.12.7-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-orgjson</artifactId>
<version>0.12.7-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-gson</artifactId>
<version>0.12.7-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-jackson</artifactId>
<version>0.12.7-SNAPSHOT</version>
</dependency>
</dependencies>
# Run part of Maven release process
$ mvn clean release:clean release:prepare
# I chose to release 0.12.7, and the new version is 0.12.8-SNAPSHOT
# This all ran locally. I did not update PR or anything in GitHub.
# The previous command creates a new commit updating version numbers.
# Let's check the diff and see what it did.
# Note change from 0.12.7-SNAPSHOT to 0.12.7 in bom/pom.xml (and everywhere else).
$ git diff HEAD^ HEAD
diff --git a/api/pom.xml b/api/pom.xml
index fac58aa..6deb721 100644
--- a/api/pom.xml
+++ b/api/pom.xml
@@ -21,7 +21,7 @@
<parent>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-root</artifactId>
- <version>0.12.7-SNAPSHOT</version>
+ <version>0.12.7</version>
<relativePath>../pom.xml</relativePath>
</parent>
diff --git a/bom/pom.xml b/bom/pom.xml
index 21637c1..f964a4e 100644
--- a/bom/pom.xml
+++ b/bom/pom.xml
@@ -21,7 +21,7 @@
<parent>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-root</artifactId>
- <version>0.12.7-SNAPSHOT</version>
+ <version>0.12.7</version>
<relativePath>../pom.xml</relativePath>
</parent>
@@ -40,34 +40,34 @@
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
- <version>0.12.7-SNAPSHOT</version>
+ <version>0.12.7</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-api</artifactId>
- <version>0.12.7-SNAPSHOT</version>
+ <version>0.12.7</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-impl</artifactId>
- <version>0.12.7-SNAPSHOT</version>
+ <version>0.12.7</version>
</dependency>
<!-- Extensions -->
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-orgjson</artifactId>
- <version>0.12.7-SNAPSHOT</version>
+ <version>0.12.7</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-gson</artifactId>
- <version>0.12.7-SNAPSHOT</version>
+ <version>0.12.7</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-jackson</artifactId>
- <version>0.12.7-SNAPSHOT</version>
+ <version>0.12.7</version>
</dependency>
</dependencies>
</dependencyManagement>
diff --git a/extensions/gson/pom.xml b/extensions/gson/pom.xml
index 35e458e..612ed18 100644
--- a/extensions/gson/pom.xml
+++ b/extensions/gson/pom.xml
@@ -21,7 +21,7 @@
<parent>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-root</artifactId>
- <version>0.12.7-SNAPSHOT</version>
+ <version>0.12.7</version>
<relativePath>../../pom.xml</relativePath>
</parent>
diff --git a/extensions/jackson/pom.xml b/extensions/jackson/pom.xml
index 469789f..a8a2aa9 100644
--- a/extensions/jackson/pom.xml
+++ b/extensions/jackson/pom.xml
@@ -21,7 +21,7 @@
<parent>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-root</artifactId>
- <version>0.12.7-SNAPSHOT</version>
+ <version>0.12.7</version>
<relativePath>../../pom.xml</relativePath>
</parent>
diff --git a/extensions/orgjson/pom.xml b/extensions/orgjson/pom.xml
index 5d9da30..0329c39 100644
--- a/extensions/orgjson/pom.xml
+++ b/extensions/orgjson/pom.xml
@@ -21,7 +21,7 @@
<parent>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-root</artifactId>
- <version>0.12.7-SNAPSHOT</version>
+ <version>0.12.7</version>
<relativePath>../../pom.xml</relativePath>
</parent>
diff --git a/extensions/pom.xml b/extensions/pom.xml
index a302e93..64aef07 100644
--- a/extensions/pom.xml
+++ b/extensions/pom.xml
@@ -21,7 +21,7 @@
<parent>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-root</artifactId>
- <version>0.12.7-SNAPSHOT</version>
+ <version>0.12.7</version>
<relativePath>../pom.xml</relativePath>
</parent>
diff --git a/impl/pom.xml b/impl/pom.xml
index 4d10f55..341958b 100644
--- a/impl/pom.xml
+++ b/impl/pom.xml
@@ -21,7 +21,7 @@
<parent>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-root</artifactId>
- <version>0.12.7-SNAPSHOT</version>
+ <version>0.12.7</version>
<relativePath>../pom.xml</relativePath>
</parent>
diff --git a/pom.xml b/pom.xml
index ef119d6..93ae904 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-root</artifactId>
- <version>0.12.7-SNAPSHOT</version>
+ <version>0.12.7</version>
<name>JJWT</name>
<description>JSON Web Token support for the JVM and Android</description>
<packaging>pom</packaging>
@@ -52,7 +52,7 @@
<connection>scm:git:https://github.com/jwtk/jjwt.git</connection>
<developerConnection>scm:git:https://github.com/jwtk/jjwt.git</developerConnection>
<url>https://github.com/jwtk/jjwt.git</url>
- <tag>HEAD</tag>
+ <tag>0.12.7</tag>
</scm>
<issueManagement>
<system>GitHub Issues</system>
diff --git a/tdjar/pom.xml b/tdjar/pom.xml
index be4f4e3..9e5813b 100644
--- a/tdjar/pom.xml
+++ b/tdjar/pom.xml
@@ -21,7 +21,7 @@
<parent>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-root</artifactId>
- <version>0.12.7-SNAPSHOT</version>
+ <version>0.12.7</version>
<relativePath>../pom.xml</relativePath>
</parent>
# The next process command would update versions to 0.12.8-SNAPSHOT, including BOM
# But obviously I don't have perms to do that :)
$ # mvn release:perform
In short, I was able to confirm everything works on the jjwt project with the current release process except the mvn release:perform part, for obvious reasons. But I'm pretty confident that last part will update the relevant BOM dependencies, based on my experience with my own library, per the above.
A couple caveats, though.
First, I used a Java 17 JDK and whatever version of Maven I had installed, as opposed to the very specific versions used in your release process. I don't think this will make a difference.
$ java -version
java version "17.0.2" 2022-01-18 LTS
Java(TM) SE Runtime Environment (build 17.0.2+8-LTS-86)
Java HotSpot(TM) 64-Bit Server VM (build 17.0.2+8-LTS-86, mixed mode, sharing)
$ mvn -version
Apache Maven 3.9.9 (8e8579a9e76f7d015ee5ec7bfcdc97d260186937)
Maven home: /opt/homebrew/Cellar/maven/3.9.9/libexec
Java version: 17.0.2, vendor: Oracle Corporation, runtime: /Library/Java/JavaVirtualMachines/jdk-17.0.2.jdk/Contents/Home
Default locale: en_US, platform encoding: UTF-8
OS name: "mac os x", version: "14.5", arch: "aarch64", family: "mac"
Second, my library uses a more recent version of the Maven Release plugin versus the 2.5.3 version jjwt uses:
$ mvn help:effective-pom | grep -A 1 'maven-release-plugin'
<artifactId>maven-release-plugin</artifactId>
<version>3.0.1</version>
A quick scan of the Maven Release plugin changelog only flagged a couple things that seemed relevant, mostly bug fixes, and I don't think any of them will affect BOM processing. Again, I don't think that difference will be material.
So I think we're good to go as-is, with no change to the current release process!
There was a problem hiding this comment.
Looks great! thanks for all of the work and double checking!
I can also confirm that both the Versions plugin and the Release plugin will update the versions correctly.
Note
Maven 4, will remove the need for these extra version statements, and should reduce size of the diff when the version changes. 🎉
Adds a Maven BOM to the project for publication to Maven central. Fixes #967.