Skip to content
/ bom-search-maven-plugin Public

A maven plugin to suggest BOM files based on existing project dependencies.

License

MIT license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

olegzzz/bom-search-maven-plugin

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

86 Commits
.github/workflows
.github/workflows
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
google_checks.xml
google_checks.xml
 
 
pom.xml
pom.xml
 
 

Repository files navigation

BOM search maven plugin

Master Status CodeQL Maven Central License: MIT

Plugin to lookup bill of materials (BOM) artifacts to retrofit existing project.

Motivation

Oftentimes a project of decent size contains multiple dependencies that share the same group. More often than not those dependencies managed via a common version hardcoded into project properties. Sometimes dependency management is used. In any case, it would greatly simplify dependency management if one single BOM file can be referenced to make sure all related dependencies have specific versions.

Here is a problem: with a lot of dependencies in the pom-file it's hard to figure out if any two or more share same group or if BOM available for those groups.

This plugin tries to do just that: given the project pom to lookup possible BOM artifacts for a group of dependencies.

Configuration

Goals

search runs a search for available BOM artifacts for current project.

enforce fails the build if it finds BOM artifacts available for current project but not used.

Settings

Name Type Description
<minOccurrence> int Minimal number of dependencies that share a group to search for BOM for that group.
User property: bomsearch.minOccurrence
Default value: 2
<mavenRepoUrl> URL Maven repository URL.
User property: bomsearch.mavenRepoUrl
Default value: https://repo.maven.apache.org/maven2
<incremental> boolean Use results from previous run if possible.
User property: bomsearch.incremental
Default value: true
<lenient> boolean If set to true, enforce goal will not fail the build, but still logs warnings.
User property: bomsearch.lenient
Default value: false
<skip> boolean Disable plugin.
User property: bomsearch.skip
Default value: false

Usage

Add to <build> section of the pom-file:

<plugin>
    <groupId>com.github.olegzzz</groupId>
    <artifactId>bom-search-maven-plugin</artifactId>
    <version>1.5</version>
    <executions>
        <execution>
            <id>default-cli</id>
            <goals>
                <goal>enforce</goal>
            </goals>
        </execution>
    </executions>
</plugin>

and run mvn verify

Build log will contain warnings with suggested BOM dependencies to include into the project. Let's say a project has multiple dropwizard dependencies, then looking into the log one can pick suggested BOM file (io.dropwizard:dropwizard-bom in this case):

[INFO] --- bom-search-maven-plugin:1.5:enforce (default-cli) ---
[INFO] Following BOMs found for module: [io.dropwizard:dropwizard-bom]
[WARNING] Following BOMs available but not used: [io.dropwizard:dropwizard-bom]

About

A maven plugin to suggest BOM files based on existing project dependencies.

Topics

maven bom bill-of-materials

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 6

v1.5 Latest
Jan 20, 2021
+ 5 releases

Languages