Re: Maven profiles and dependency resolution

[Hervé Boutemy]

Hi Piotr,

Thinking at it carefully, AFAIK it is a design decision done in early Maven 2 
design time:
- POM properties don't influence dependencies
- profile activation influence dependencies
(I don't know for CLI properties)

The rationale is that:

1. POM properties are expected to be fixed once a release is done and designed 
as internal details: injecting from one project to its dependencies would 
create quite complex to detect collisions.

2. profiles have been thought as a way to define multiple variants of a 
project, 
with a limited number of supported value on each project: having dependencies 
influenced by profile (defined on CLI) makes sense

HTH

Hervé

Le vendredi 15 décembre 2023, 09:34:27 CET Piotr P. Karwasz a écrit :
> Hello,
> 
> While looking at differences in generated CycloneDX SBOMs[1] I
> stumbled upon an incoherence in the way Maven builds models of a
> project's dependencies.
> 
> On one hand the properties defined in a project have no effect on the
> effective models of dependencies. For example in:
> 
> 
>   3.0.0-beta1
> 
> 
>   
> 
>   org.springframework
>   spring-boot-dependencies
>   3.2.0
>   pom
>   import
> 
>   
> 
> 
> the `log4j2.version` property will have no effect on the resolved
> effective model of `spring-boot-dependencies`, even if the POM also
> uses a `log4j2.version` variable[2].
> 
> On the other hand profiles change the effective model of a dependency.
> E.g. using:
> 
> 
>   
> commons-pool
> commons-pool
> 1.5.4
>   
> 
> 
> the effective model of `commons-pool` will have a different
> `` element if I run the project with
> `-Prelease` or without it.
> 
> Is this an intentional choice or is it a bug? I suppose that profiles
> might influence the other artifacts in a Maven reactor, but I am not
> sure external dependencies should be influenced as well.
> 
> Piotr
> 
> [1] https://github.com/CycloneDX/cyclonedx-maven-plugin/issues/432
> [2]
> https://repo1.maven.org/maven2/org/springframework/boot/spring-boot-depende
> ncies/3.2.0/
> 
> -
> To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
> For additional commands, e-mail: dev-h...@maven.apache.org





-
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org

Maven profiles and dependency resolution

[Piotr P. Karwasz]

Hello,

While looking at differences in generated CycloneDX SBOMs[1] I
stumbled upon an incoherence in the way Maven builds models of a
project's dependencies.

On one hand the properties defined in a project have no effect on the
effective models of dependencies. For example in:


  3.0.0-beta1


  

  org.springframework
  spring-boot-dependencies
  3.2.0
  pom
  import

  


the `log4j2.version` property will have no effect on the resolved
effective model of `spring-boot-dependencies`, even if the POM also
uses a `log4j2.version` variable[2].

On the other hand profiles change the effective model of a dependency.
E.g. using:


  
commons-pool
commons-pool
1.5.4
  


the effective model of `commons-pool` will have a different
`` element if I run the project with
`-Prelease` or without it.

Is this an intentional choice or is it a bug? I suppose that profiles
might influence the other artifacts in a Maven reactor, but I am not
sure external dependencies should be influenced as well.

Piotr

[1] https://github.com/CycloneDX/cyclonedx-maven-plugin/issues/432
[2] 
https://repo1.maven.org/maven2/org/springframework/boot/spring-boot-dependencies/3.2.0/

-
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org