Skip to content

Add dependency:add, dependency:remove and dependency:search goals using DomTrip#1600

Closed
gnodet wants to merge 6 commits intoapache:masterfrom
gnodet:feature/add-remove-dependency
Closed

Add dependency:add, dependency:remove and dependency:search goals using DomTrip#1600
gnodet wants to merge 6 commits intoapache:masterfrom
gnodet:feature/add-remove-dependency

Conversation

@gnodet
Copy link
Copy Markdown

@gnodet gnodet commented Apr 2, 2026
edited
Loading

Summary

Alternative approach to #1599 — thin mojos leveraging DomTrip for lossless POM editing and jakarta.json for search API parsing.

  • dependency:add — adds/updates a dependency, preserving formatting, comments, and whitespace. Supports -Dgav, -Dmanaged, -Dscope, -DuseProperty, -DpropertyName, -Dalign.
  • dependency:remove — removes a dependency (regular or managed).
  • dependency:search — searches Maven Central via the Sonatype Central Search API. Non-interactive tabular output.

Convention auto-detection (align=true, the default)

When adding a dependency, the mojo analyzes existing dependencies to automatically follow the project's patterns:

  • Managed dependencies: If most existing deps are version-less (delegated to <dependencyManagement>), the new dep is added the same way
  • Version properties: If existing versions use property references (${...}), a property is created following the detected naming convention
  • Property naming: Detects .version (e.g. guava.version), -version (e.g. guava-version, Camel-style), Version (camelCase), and version. prefix conventions
  • Multi-module: Walks the parent POM chain to find the POM with <dependencyManagement>, adds the managed dep + property there, and adds a version-less dep to the child POM

Explicit flags (-Dmanaged, -DuseProperty, -DpropertyName, -Dalign=false) override auto-detected conventions.

Usage examples

# Add a dependency (auto-detects conventions)
mvn dependency:add -Dgav=com.google.guava:guava:33.0.0-jre

# Add with explicit scope
mvn dependency:add -Dgav=com.google.guava:guava:33.0.0-jre -Dscope=test

# Add with explicit managed dep and property
mvn dependency:add -Dgav=org.junit:junit-bom:5.11.0 -Dmanaged -DpropertyName=junit.version

# Disable convention detection
mvn dependency:add -Dgav=com.google.guava:guava:33.0.0-jre -Dalign=false

# Remove a dependency
mvn dependency:remove -Dgav=commons-io:commons-io

# Search Maven Central
mvn dependency:search -Dquery=guava -Drows=10

Dependencies added

  • eu.maveniverse.maven.domtrip:domtrip-maven:0.6.0 (EPL-2.0, ASF Cat-B — already accepted in Maven 4 core)
  • org.glassfish:jakarta.json:2.0.1 promoted from test to compile scope (already in the project)

Test plan

  • 13 integration tests covering all goals and convention detection scenarios
    • Basic add/remove, managed deps, properties, scopes
    • Multi-module with .version convention
    • Multi-module with -version convention (Camel-style)
    • Remove not-found (expected failure)
    • Search Maven Central
  • CI build passes
  • Manual testing in real projects (tested in Apache Camel)

🤖 Generated with Claude Code

Claude Code on behalf of Guillaume Nodet

gnodet and others added 5 commits April 2, 2026 11:50
@gnodet @claude
Add dependency:add, dependency:remove and dependency:search goals
ed36c9e 
Thin mojos using DomTrip for lossless POM editing (add/remove) and
Sonatype Central Search API with jakarta.json for artifact search.

- dependency:add supports -Dgav, -Dmanaged, -Dscope, -DuseProperty, -DpropertyName
- dependency:remove supports -Dgav, -Dmanaged
- dependency:search supports -Dquery, -Drows, works without a project

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@gnodet @claude
Add convention auto-detection (align=true by default)
8ecc3b3 
dependency:add now auto-detects the project's dependency management
conventions by analyzing existing dependencies:
- Detects if managed dependencies are used (version-less deps)
- Detects if version properties are used and the naming pattern
- Walks the parent chain to find the right POM for managed deps
- Adds versioned entry to parent and version-less entry to current POM

Explicit flags (-Dmanaged, -DuseProperty, -DpropertyName) override.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@gnodet @claude
Add integration tests for add, remove and search goals
af588ae 
9 ITs covering:
- add-dependency: basic add to existing POM
- add-dependency-managed: add to dependencyManagement
- add-dependency-scope: add with scope
- add-dependency-property: add with version property
- add-dependency-align: auto-detect managed deps + property convention
- remove-dependency: remove from dependencies
- remove-dependency-managed: remove from dependencyManagement
- remove-dependency-not-found: expected failure when dep doesn't exist
- search-dependency: search Maven Central (requires network)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@gnodet @claude
Fix ITs: use FQCN for Groovy XmlSlurper, declare domtrip-core dependency
3185fbc 
- Use groovy.xml.XmlSlurper (required in Groovy 4+)
- Add domtrip-core as explicit dependency (used transitively via domtrip-maven)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@gnodet @claude
Improve IT coverage for convention auto-detection
f2645c5 
- Remove align=false from basic add-dependency and add-dependency-scope
  ITs so they exercise the default align=true code path
- Add add-dependency-align-properties IT: tests auto-detection of
  property naming convention (.version suffix) without managed deps

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@brunoborges
Copy link
Copy Markdown

brunoborges commented Apr 2, 2026

@gnodet is domtrip being used already by any other Maven Plugin? And what's the rationale for adding new dependencies to 3.x plugins?

@brunoborges brunoborges mentioned this pull request Apr 2, 2026
Open
8 tasks
@gnodet @claude
Fix multi-module property detection, add -version pattern, add site docs
0315cac 
- Scan parent POM for property patterns when child has version-less deps
- Fix double-scan bug in analyzePropertyPatterns
- Recognize -version suffix convention (e.g. Camel's ${jackson-version})
- Add multi-module ITs for both .version and -version conventions
- Add site documentation for add, remove and search goals

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@gnodet
Copy link
Copy Markdown
Author

gnodet commented Apr 2, 2026

@gnodet is domtrip being used already by any other Maven Plugin? And what's the rationale for adding new dependencies to 3.x plugins?

Not yet used by other plugins at the moment afaik. It will probably come over time. There was some discussion for the release-plugin which was stalled because DomTrip was really new at that time. All the plugins that modify POMs are usually a pain because they can loose lots of stuff from the POMs and cause big diffs in the resulting XML, even though both are semantically equivalent (spaces in attributes, quotes, comments before the document element, etc...). Domtrip is really 100% roundtrip safe.

Adding new dependencies is not really a problem per se, we just need to do that wisely. In that very case, I'd rather add dependencies to domtrip + a json parser rather than recoding those.

@brunoborges
Copy link
Copy Markdown

brunoborges commented Apr 2, 2026

@gnodet and what is the license compatibility for using DomTrip in an Apache Licensed maven plugin?

@gnodet gnodet closed this Apr 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gnodet @brunoborges