8
@aalmiray @saturnism
Example 1
Translate Truth
Guava 19
Guava 21
Which version to use?
Slide 9
Slide 9 text
9
@aalmiray @saturnism
Any dependency there can be only ONE version
Classpath - First class wins
Maven - Nearest wins
Slide 10
Slide 10 text
10
@aalmiray @saturnism
Maven does not understand Semver
Nor compatibility
Slide 11
Slide 11 text
11
@aalmiray @saturnism
Use Maven Enforcer
Convergence vs Upper bound
http://maven.apache.org/enforcer/enforcer-rules/dependencyConvergence.html
(See Code!)
Slide 12
Slide 12 text
12
@aalmiray @saturnism
Ensuring only ONE version
of the dependency in tree
Exclusions, or Dependency Management
(See Code)
Slide 13
Slide 13 text
13
@aalmiray @saturnism
Upper bound if
higher version is backwards compatible
[JLBP-7] Make breaking transitions easy
[JLBP-10] Maintain API stability as long as needed for consumers
(Guava 21 and up are backwards compatible)
Slide 14
Slide 14 text
14
@aalmiray @saturnism
If upper version is breaking lower version…
Or, system classpath has an incompatible version
(Hadoooooop)
16
@aalmiray @saturnism
GA libraries don't depend on non-GA APIs
alpha, beta, RC, 0.xx, @UnstableApi, @Beta, @Internal
[JLBP-4] Avoid dependencies on unstable libraries and features
Slide 17
Slide 17 text
17
@aalmiray @saturnism
Major release, breaking changes
Use new Group ID or Artifact ID - different coordinate!
AND Use a new package name
[JLBP-6] Rename artifacts and packages together
Slide 18
Slide 18 text
18
@aalmiray @saturnism
How do we change versions in transitive
dependencies?
22
@aalmiray @saturnism
Ban Duplicate Classes
https://www.mojohaus.org/extra-enforcer-rules/banDuplicateClasses.html
Slide 23
Slide 23 text
23
@aalmiray @saturnism
2 artifacts should not have overlapping classes
[JLBP-5] Avoid dependencies that overlap classes with other dependencies
[JLBP-19] Place each package in only one module
Slide 24
Slide 24 text
24
@aalmiray @saturnism
[JLBP-11] Keep dependencies up to date!
Slide 25
Slide 25 text
25
@aalmiray @saturnism
Let's fix all of these
And see the next example 3c
35
@aalmiray @saturnism
Bigger issues with
Dependency Management...
Slide 36
Slide 36 text
36
@aalmiray @saturnism
What you build & test with
Is not what consumers get!
Slide 37
Slide 37 text
37
@aalmiray @saturnism
Flatten the POM
https://github.com/mojohaus/flatten-maven-plugin/pull/93
Slide 38
Slide 38 text
38
@aalmiray @saturnism
Bonus
mvn dependency:analyze - find dependencies you don't need
Maven 3.6.3 - fixes our exclusion fix in Maven 3.6.2
Slide 39
Slide 39 text
39
@aalmiray @saturnism
Enforcer Rules
Enforcer Version Convergence or Upperbound
Ban Duplicate Classes
Linkage Checker
Manage Transitive Versions
BOM for Multi-Module
Import BOM
Maven Flatten Plugin
Slide 40
Slide 40 text
40
@aalmiray @saturnism
Visit the best practices at JLBP.dev
Thanks!
Andres Almiray @aalmiray
Ray Tsang @saturnism
Maven used by 60% to 80% of Java projects
92 projects, 50+ plugins, lots of libraries - Contribution Appreciated!