Common BOM for projects involved in the Integration Platforms
Shell
Latest commit 1395b2b Sep 22, 2017 @psiroky psiroky committed with psiroky Upgrade to jboss-parent:25

README.adoc

JBoss Integration Platform Parent and BOM

Parent and Bill Of Materials for SwitchYard, Drools, OptaPlanner, jBPM, ModeShape, Overlord, …​

Goal

Align the dependencies of the Integration Platform projects early on in the development lifecycle.

Building

$ mvn clean install

Usage

The BOM may be imported into your dependency management, for example a release version.

<dependencyManagement>
    <dependencies>
        <dependency>
            <groupId>org.jboss.integration-platform</groupId>
            <artifactId>jboss-integration-platform-bom</artifactId>
            <version>7.0.0-SNAPSHOT</version>
            <type>pom</type>
            <scope>import</scope>
        </dependency>
    </dependencies>
</dependencyManagement>

Any dependencies should be placed in the dependency management in jboss-integration-platform-bom. Explicit versions should not be used; instead use a property which should be placed in jboss-integration-platform-parent.

Your project should inherit:

<parent>
    <groupId>org.jboss.integration-platform</groupId>
    <artifactId>jboss-integration-platform-parent</artifactId>
    <version>7.0.0-SNAPSHOT</version>
</parent>

By inheriting the jboss-integration-platform-parent:

  • The properties used by the BOM are visible to the project.

  • It inherits from org.jboss:jboss-parent:22.

  • Any further plugin alignments (e.g. GWT) may be done here.

Governance

Discussion mailing list: jboss-integration-platform-developers

Any project lead of the Integration Platform (IP) project can change or release the BOM as he/she sees fit, provided that the following rules have been taken into account:

Adding/changing a dependency

When you want to add or change a dependency X:

  1. Send in a pull request (PR) with the changes you propose.

  2. All project leads will review the changes and acknowledge the PR in principle, which means they have the intention to accept the change.

    • A project lead will normally not actually test the changes on his project (as that’s not practical): So he reserves the right to submit a pull request to revert the changes later on.

    • Most projects do not depend on the BOM’s SNAPSHOT directly, to avoid sudden surprises. Instead they depend on a released version or on a timestamped snapshot (from this list). They then update their BOM dependency’s version frequently, after testing the impact locally.

    • ACK’s are done by commenting on the PR, not on the mailing list.

    • If a project lead (or his deputy) doesn’t acknowledge in reasonable time, chase him for an answer.

    • Any project lead can reject the PR if he gives a good reason.

      • On the master branch, no PR can be rejected due to time concerns (deadlines, no time to review, PTO, …​) because any project/product that is about to release should be using the release branch.

  3. After all project leads have acknowledge the PR in principle, merge the changes.

Important
EAP always wins: The BOM targets a specific EAP version. If that EAP version already depends on X, then the BOM must use the same version as EAP. The version properties defined in the BOM should follow pattern version.$groupId. If version.$groupId can’t represent the unique version, please use version.$groupId.$artifactId. For jboss spec artifacts, please use version.$groupId.$artifactId because there are specification versions in $artifactId. For example: <version.org.jboss.spec.javax.servlet.jboss-servlet-api_3.0_spec>1.0.2.Final</version.org.jboss.spec.javax.servlet.jboss-servlet-api_3.0_spec>
Note
The most recent and released version of EAP is available at: http://download.devel.redhat.com/released/JBEAP-7/. During development it could be of interest to test against release candidates. These can be downloaded here: http://download.devel.redhat.com/devel/candidates/JBEAP (latest version)
Important
In the public BOM, a dependency version must never end with -redhat-0, -redhat-1, etc. The public BOM cannot depend on productization builds, as anyone should be able to build all its dependencies from source.
Note
When adding a dependency and version property, the preferred format for the version property is version.groupId
Note
During conflicts, (all things being equal) prefer the latest and greatest version of a dependency in the BOM.

Exclusions policy

Dependency exclusions should be avoided, because they cannot be overwritten by child poms.

A dependency exclusion is only allowed to fix an undisputed bug in the dependency’s pom. All IP developers needs to unanimous (undisputed) to keep the exclusion. So as soon as 1 IP developer calls for the removal of an exclusion, he/she can immediately remove it.

Branching policy

Releases are done both from master and older branches. The integration platform has multiple projects, but they use the same BOM. There is usually one release branch per major version of EAP.

The release branch names simply increment the minor/patch version number. The correlation between the BOM version and project/product versions is below in the section "version mapping".

Version numbering

This BOM has it’s own version numbering and release lifecycle. Any similarity with Drools, jBPM or SwitchYard versions is a coincidence.

If you release the BOM, bump the hotfix version number.

Release procedure

To mimic a release without pushing any changes:

$ mvn clean install
$ mvn release:prepare -DdryRun
$ mvn release:clean

To actually release:

$ mvn release:prepare
$ mvn release:perform -s <path-to-settings-xml-with-nexus-deploy-credentials> # unless you have those stored in ~/.m2/settings.xml

Then go to Nexus and log in. Find your staging repository, close it and release it.

Version mapping

This section records which project/product versions use which BOM version.

  • BOM 7.0.x

    • Projects

      • KIE (Drools, jBPM, OptaPlanner) 7.0

  • BOM 6.0.x

    • Projects

      • KIE (Drools, jBPM, OptaPlanner) 6.0, 6.1, 6.2, 6.3, 6.4

    • Products

      • BxMS 6.0, 6.1, 6.2

Testing

Directory ip-bom-deps-available-test contains simple Bash script that can be used to verify that all the dependencies declared in <dependencyManagement> are actually available (downloadable). The script uses ip-bom to get list of all dependencies under <dependencyManagement> and then uses that list to create new POM that depends on all of them. Simple dependency:resolve Maven build is executed to make sure all dependencies are available. If there is one or more dependencies not available the build will fail. Following remote repositories are used: Maven Central, JBoss.org Nexus and Red Hat Public Product Repo (for *-redhat-X exceptions).