[jira] [Commented] (FLINK-14444) Publish BOMs for Flink

Fri, 18 Oct 2019 04:18:11 -0700 


    [ 
https://issues.apache.org/jira/browse/FLINK-14444?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16954509#comment-16954509
 ] 

Chesnay Schepler commented on FLINK-14444:
------------------------------------------

Is my understanding correct that we'd have to list _every single module_ in the 
dependencyManagement section of the bom? Are there ways to automate the 
creation of this file, possibly even just during the release process (as in 
it's never checked into scm)?

> Publish BOMs for Flink
> ----------------------
>
>                 Key: FLINK-14444
>                 URL: https://issues.apache.org/jira/browse/FLINK-14444
>             Project: Flink
>          Issue Type: Improvement
>            Reporter: Michael Holler
>            Priority: Trivial
>
> Hey there! Love the project, but I would love it if there was a BOM file that 
> is published for each version. If you're not familiar with a BOM, it stands 
> for "Bill of Materials" it helps your Gradle (in my case, but it's originally 
> a Maven thing) file look like this (using JDBI's implementation as an 
> example):
> {code:java}
> dependencies {
>     implementation(platform("org.jdbi:jdbi3-bom:3.10.1"))
>     implementation("org.jdbi:jdbi3-core")
>     implementation("org.jdbi:jdbi3-kotlin")
>     implementation("org.jdbi:jdbi3-kotlin-sqlobject")
>     implementation("org.jdbi:jdbi3-jackson2")
> }
> {code}
> Instead of this:
> {code:java}
> val jdbiVersion by extra { "2.6.1" }
>  
> dependencies {
>     implementation("org.jdbi:jdbi3-core:$jdbiVersion")
>     implementation("org.jdbi:jdbi3-kotlin:$jdbiVersion")
>     implementation("org.jdbi:jdbi3-kotlin-sqlobject:$jdbiVersion")
>     implementation("org.jdbi:jdbi3-jackson2:$jdbiVersion")
> }
> {code}
> Notice how you just leave the versions off when you use a BOM. This can help 
> reduce the number of dependency compatibility surprises one can encounter, 
> especially if a transitive dependency brings in a newer version of one of the 
> components (it'll be reduced to the BOM's version). Note also that you still 
> have to list dependencies you want with a BOM, just not the versions.
> Here's a deeper dive into how a BOM works:
> [https://howtodoinjava.com/maven/maven-bom-bill-of-materials-dependency/]
>  The Maven help site also has a section on it (Ctrl+F for "BOM"):
> [https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html]
> I think BOMs would be a great for the users of the Flink project because 
> there are lots of Flink libraries (core, connectors, etc) that require the 
> same version as other Flink dependencies to work correctly. BOMs were 
> designed for exactly this use case :)



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to