On Mon, Feb 10, 2020 at 12:37 AM Jendrik Johannes <[email protected]> wrote:
>
>
> On Saturday, February 8, 2020 at 12:32:50 AM UTC+1, Tatu Saloranta wrote:
>>
>> > In your case, it would probably be good to have a Maven plugin that
>> > generates, or enriches, a GMM file with the dependency information from
>> > the POMs.
>>
>> Yes.
>
>
> If we get to a conclusion about a doable approach below, I can have a look
> into providing this.
>
>>
>>
>> > The main concern is conceptually with the Jackson release process. The
>> > approach described in the blog post essentially requires all components
>> > and BOM to be released together. Because the components refer to the BOM
>> > and the BOM refers to the components. If I understand the current release
>> > process correctly, the BOM is published in the end once all components
>> > were released individually. I don't know if that is something you would
>> > consider to do differently in the future?
>>
>> Probably not; while unification of some of projects has been done (and
>> may be done in future), I don't think full mono-repo for all Jackson
>> components is the eventual goal.
>>
>> Typically bom is actually release early in the process, since most
>> components (excluding jackson-annotations and jackson-core that do not
>> depend on any other jackson components) use version set from BOM (that
>> is, extend `jackson-base`, which imports or extends bom).
>> I don't know if this makes much difference.
>
>
> So how does that work exactly? (If there is documentation somewhere I missed,
> please point me to it.)
> Lets take an arbitrary example - "jackson-jaxrs-json-provider".
> When you published "2.10.2", did you publish the BOM before you published
> that module? Because the BOM contains the entry:
>
> <dependency>
> <groupId>com.fasterxml.jackson.jaxrs</groupId>
> <artifactId>jackson-jaxrs-json-provider</artifactId>
> <version>${jackson.version.jaxrs}</version>
> </dependency>
>
> Which is invalid until "jackson-jaxrs-json-provider" is actually published.
Correct in the sense that published BOM is not usable until referenced
versions are accessible. But Maven publishing itself does not care nor
validate it.
So there is a window of opportunity for inconsistent usage.
At the same time, this does make it possible for Jackson artifacts to
refer to jackson-bom (via jackson-base that extends it, published from
same github repo).
So 2.10.3 version `jackson-datatype-guava`, for example, can use
`jackson-base` 2.10.3 which extends 2.10.3 of `jackson-bom`, which
then provides 2.10.3 version for things it needs (annotations, core,
databind).
While not exactly minimal amount of work (artifacts do need to update
`jackson-base` dependency version on publishing, in addition to their
own version), this is somewhat better than the way individual
dependencies were increased in the past.
For what that's worth.
>> > A variation of the approach works BOM. Then, components declare what we
>> > call dependency constraints directly in their metadata.
>> > For example, this could be done for the core components only (if they are
>> > released together):
>> >
>> > jackson-core-2.10.2.module { dependency-constraints {
>> > jackson-databind:2.10.2, jackson-annotations:2.10.2, } }
>> > jackson-databind-2.10.2-module { dependency-constraints {
>> > jackson-core:2.10.2, jackson-annotations:2.10.2, } }
>> > jackson-annotations-2.10.2.module { dependency-constraints {
>> > jackson-core:2.10.2, jackson-databind:2.10.2, } }
>> >
>> > This means that if you select `2.10.2` for any of the three components,
>> > `2.10.2` will also be selected for the other two (through a constraint
>> > directly defined in the metadata).
>> > This could maybe work?
>>
>> Jackson 3.0 will change versioning slightly, dropping patch from
>> annotations (there will only be 3.0, 3.1, unless some critical problem
>> were found requiring patch version), which might complicate this in
>> that annotations would only limit minor version of other components.
>
>
> This is not be a problem. The versions do not have to be the same. As long as
> we know "what fits together".
Right, good! Just thought I'd mention it, did not think it would be a blocker.
-+ Tatu +-
>
> Jendrik
>
> --
> You received this message because you are subscribed to the Google Groups
> "jackson-user" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jackson-user/edef900a-fa2e-4413-9b03-82461f106e90%40googlegroups.com.
--
You received this message because you are subscribed to the Google Groups
"jackson-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/jackson-user/CAL4a10jBcar-t4sRFzh%2BYjpFq%3DFEgQG9OEtgOXF2WaLDw85cDA%40mail.gmail.com.
