Wait no more, here comes Maven 4!

Transcript

1. Wait no more, here comes Maven 4! Robert Scholte &

   Maarten Mulders

2. Apache Maven History 2004 2005 2024 2010 1.0 (jul. ‘04)

   2.0 (oct. ‘05) 1.1 (jun. ‘07) 2.2.1 (nov. ‘09) 3.0 (oct. ‘10) 3.9.9 (aug. ‘24)

3. TL;DR: With Maven 4… …your existing projects should (still) be

   buildable… …except some warnings you may have ignored about things you’re probably doing wrong… …that will become an error in this major release.

4. Birds’ Eye View of Apache Maven 1. A Java application

   2. A plugin execution framework, targeted at building software 3. The “Core” plugins maintained by the Maven team

5. Birds’ Eye View of Apache Maven Input • command-line arguments:

   plugin:goal or lifecycle phase + flags • system properties & environment variables • pom.xml • settings.xml Output • “it depends” (on all the inputs)

6. Command Line Arguments

7. Changes in Command Line Arguments 1. Success/failure conditions 2. Elvis-like

   operator for profiles and modules 3. Reactor 4. Old & New

8. (1) Fail on Severity Plugin developer: public void execute() throws

   MojoException { log.error("Not enough coffee"); } [ERROR] Not enough coffee [INFO] ----------------------------------------------------------------------------- [INFO] BUILD SUCCESS [INFO] ----------------------------------------------------------------------------- [INFO] Total time: 2.557 s [INFO] Finished at: 2024-09-20T21:09:38+02:00 [INFO] ----------------------------------------------------------------------------- Maven:

9. (1) Fail on Severity Two motivations: 1. By default, only

   Exceptions make the build fail → error messages do not! 2. “A warning is a failure in the making” → you want a warningless build. --fail-on-severity <LOGLEVEL>

10. (1) Change in checksum verification • Maven verifies checksums of

    project dependencies. • In Maven 2 and 3, if that verification failed, it would be logged as a warning. • Corrupted artifacts should not, by default, be used for builds. • Maven 4 will by default fail the build in this case ◦ Suppress with -c or --lax-checksums if you really must.

11. (2) Optional Profiles and Modules Using non-existing modules and profiles

    will fail the build… • -Pcodecoverage versus -P!codecoverage Unless... • -P?codecoverage versus -P!?codecoverage The ? prefix means “[de]activate if exists, but don’t fail if it doesn’t” Now logged twice (at start and at end): The requested optional profiles [codecoverage] could not be activated or deactivated because they do not exist.

12. (2) Optional Modules Same as above, but with -pl /

    --projects :-)

13. (3) The Reactor • All modules in a multi-module project

    that will be built. • Dependencies determine the order in which they will be built. • Maven 3’s --resume-from reduces the graph too aggressively.

14. (3) Project Root Awareness With Maven 3, the Reactor would

    1. apply --resume-from (pruning the project graph) 2. attempt to build remaining modules

15. (3) Project Root Awareness And this is how mvn clean

    install was born: a work-around for a bug! --resume-from can work* with previous mvn install.

16. (3) Project Root Awareness With Maven 4, the Reactor will

    1. remembers the original project structure 2. apply --resume, --resume-from, or --projects 3. build remaining modules with the original project structure in mind

17. Credit where credit is due GitHub - aalmiray/mvn-clean-install: A collection

    of Maven related memes

18. (4) New kids on the block • -ps, --project-settings Alternate

    path for the project settings file

19. (4) “Time to say goodbye” “Ineffective, only kept for backward

    compatibility” in Maven 3: • -cpu • -npr • -npu • -up

20. ☕

21. The Project Object Model

22. Spot the SPOD Maven 2 and above is based on

    a Single Point Of Definition: pom.xml The pom.xml loaded during build is EXACTLY the same as the pom.xml that is installed or deployed 📃→📃

23. What’s missing - Encoding (sourceEncoding, resourceEncoding, reportEncoding) * - Global

    dependency exclusion - Scope import in pluginManagement - Mixin POM fragments - QualityManagement section - Codeformatting section - Advanced control over plugin goal execution order - Separate site distributionManagement for release and snapshot - XML Attribute support - …

24. Workarounds without changing the XSD (1) <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> </properties>

25. Workarounds without changing the XSD (2) <dependency> ... <exclusions> <exclusion>

    <groupId>*</groupId> <artifactId>*</artifactId> </exclusion> </exclusion> <dependency>

26. POM readers It is not just Maven itself - Artifact

    Repository Managers - Build tools - CI Servers - Dependency Updaters (e.g. Dependabot and Renovate) - Editors and IDEs - Further… POM consumers

27. modelVersion 4.0.0 THE metadata file in Maven Central

28. Build/Consumer POM Separation Build POM: The pom.xml in the source

    repository / codebase Configuration file for building a project Consumer POM: The pom.xml in the artifact repository Accessible via a Maven Coordinate (groupId:artifactId:version) e.g used as dependency, maven-plugin, maven-extension

29. The new flow of a POM 1 Build POM This

    is pom .xm l in your codebase 2 Enriched POM (internal) Resolve required elem ents 3 Consum er POM (generated) Reduce to m odelVersion 4.0.0

30. modelVersion redundancy <?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/maven-v4_0_0.xsd">

    <modelVersion>4.0.0</modelVersion> </project>

31. Context for the pom Local System Artifact Repository <build/> <dependencies/>

32. Context for the pom Local System Artifact Repository <build/> 👍

    <dependencies/> 👍

33. Context for the pom Local System Artifact Repository <build/> 👍

    <dependencies/> 👍 👍

34. Context for the pom Local System Artifact Repository <build/> 👍

    😕 <dependencies/> 👍 👍

35. (Relative) Local System Paths <parent> <relativePath>../pom.xml</relativePath> </parent> <modules> <module>child1</modules> </modules>

36. Parent and redundancy <parent/> Local system Artifact Repository groupId required

    artifactId version relativePath useless

37. Parent and redundancy <parent/> Local system Artifact Repository groupId required

    artifactId version relativePath useful useless

38. Parent and redundancy <parent/> Local system Artifact Repository groupId resolvable

    via relativePath* required artifactId version relativePath useful useless [maven-release-plugin] prepare release maven-3.9.9 · apache/maven@8e8579a (github.com)

39. Dependencies and redundancy <dependency/> Local system Artifact Repository groupId required

    artifactId required version required In case of multimodule dependencies

40. Dependencies and redundancy <dependency/> Local system Artifact Repository groupId required

    required artifactId required required version required In case of multimodule dependencies

41. Dependencies and redundancy <dependency/> Local system Artifact Repository groupId required

    required artifactId required required version resolvable via reactor (via modules) required maven/pom.xml at 8e8579a9e76f7d015ee5ec7bfcdc97d260186937 · apache/maven (github.com) In case of multimodule dependencies

42. CI Friendly versions … Externalize value of project version Introduced

    in Maven 3.5.0 3 placeholders: ${revision} ${sha1} ${changelist}

43. … a half implemented feature … https://repo1.maven.org/…/lib/1.0-cafedead/lib-1.0-cafedead.pom <project> <artifactId>lib</artifactId> <version>1.0-${sha1}</version>

    <project> <dependency> <artifactId>util</artifactId> <version>${project.version}</version> </dependency>

44. … for multimodules Requires a (third party) maven-plugin to rewrite

    the pom.xml 😕

45. The new flow of a POM 1 Build POM This

    is pom .xm l in your codebase 2 Enriched POM (internal, in m em ory) Add versions: m odelVersion, parent, CI-friendly, reactor dependencies 3 Consum er POM (generated) Rem ove local system entries: relativePath, m odules

46. When everything fails… -Dmaven.buildconsumer=false (default : true)

47. Will a consumer POM only contain dependencies? No, we don’t

    know what consumers read from the pom.xml When the build/consumer pom separation mechanism fully works, it will open the possibility for such a file (with explicit dependencies)

48. Finally, there’s the modelVersion 4.1.0 /project[@root] /project/subprojects/subproject //execution/priority //extension/configuration //profile/activation/package

    *

49. The new flow of a POM 1 Build POM This

    is pom .xm l in your codebase 2 Enriched POM (internal, in m em ory) Add versions: m odelVersion, parent, CI-friendly, reactor dependencies 3 Consum er POM (generated) Rem ove local system entries: relativePath, m odules Rem ove/transform new er m odelVersion features

50. ☕

51. For Library Devs

52. Introduce "bom" packaging • A BOM should only contain the

    (public) modules of a multi-module project. These are the versions that MUST be in sync within another Maven project. • "bom" packaging rewrites the dependencyManagement applying the parents version • Details are at MNG-7879

53. For Maven Plugin Devs

54. For Maven Plugin Devs • Immutable model • Maven Bill-of-Materials

55. Other stuff

56. Application Lifecycle Management ❏ Cleanup of dependencies, both on Core

    and Plugins ❏ Lots of upgrades to external dependencies ❏ Introduction of a few new ones ❏ More fine-grained modularity inside Maven Dependency count Total age Average age 3.9.9 35 24479 days (~ 67 years) 699 days (~ 1,9 years) 4.0.0-beta-4 40 23864 days (~ 65 years) 568 days (~ 1,5 years)

57. New lifecycle phases: pre-* and post-* • Makes it easier

    to hook executions into a precise point of the default lifecycles • Even more fine-grained ordering by using the [xxx] ordering: after:compile[100] after:compile[200]

58. A project-local repository • Further prevents “polluting” the user repository

    ◦ Unless, of course, you still use mvn install - but you don’t do that anymore, do you? • Only contains the produced artifacts for that project, not the consumed ones.

59. ${pom.*} expressions no longer work • ${pom.*} expressions were already

    deprecated in Maven 3 • You had 10+ years to remove them… Now we “help” you a bit 🦹 • Simply doesn’t work anymore → it has become a literal value now.

60. Runtime requirement: Java 17 Why? • Unlocks new language features.

    • Require a more secure runtime. Maven 2.0 2005 Java 1.4 Maven 2.2.1 2009 Java 5 Maven 3.0 2010 Java 5 Maven 3.9.9 2024 Java 8 Maven 4.0 ? Java 17

61. Runtime requirement: Java 17 😡 So My Java 8 Project

    Has To Migrate To Java 17 All Of A Sudden?! 😌 Relax! • If your runtime supports the desired target, ◦ define maven.compiler.source and maven.compiler.target properties as 1.8. ◦ define maven.compiler.release property for 11 and up. • Otherwise, use Toolchains: “A toolchains is a way to specify the path to the JDK to use for all of those plugins in a centralised manner, independent from the one running Maven itself.”

62. Cosmetics: use those (ultra) wide screens! • Maven 3 was

    still in 80’s mode and cropped most output at 80 chars per line • Maven 4 catches up and uses full width or falls back to 130 chars

63. Default plugin versions upgraded • Super POM (the java.lang.Object of

    any project) declares default versions for maven-*-plugin • Subject to change with every release of Maven • Better explicitly specify the versions you use • Maven will now issue a warning if you rely on Super POMs values

64. Go Forth and Test 💾 Maven 4.0.0-beta-4 🧪 Try 🛠

    Reproduce 📃 Report

65. 🙏 Thank you! All demos at https://github.com/mthmulders/maven4-examples/