Maven is a fundamental tool in Java development and provides many plugins to enhance and automate different parts of the build process. One key plugin is the versions-maven-plugin, known for managing the versions of project dependencies. In this blog, we’ll explore the technical details of the versions-maven-plugin, using a recent issue with updating dependencies in wso2/product-is project as an example.
What is the versions-maven-plugin?
The versions-maven-plugin is an essential tool for managing the versions of dependencies and plugins in a Maven project. It offers various goals to list, update, or display version information. This plugin is particularly useful in large projects with a complex dependency tree, helping maintain up-to-date and compatible versions across all dependencies.
Key Features
- Displaying Version Information: Lists the current versions of all dependencies and plugins used.
- Checking for Updates: Identifies potential updates for dependencies and plugins.
- Updating Property Versions: Adjusts the versions defined in properties, ensuring alignment with the latest compatible versions.
The Carbon Identity Framework Issue: A Case Study
While working on product-is, we encountered an issue where the versions-maven-plugin didn't update the ${carbon.identity.framework.version} property, despite the availability of a newer version.
We have been using the GitHub Action dependency-updater, as part of our CI/CD process. This action was designed to run the versions-maven-plugin command:
mvn versions:update-properties -U -DgenerateBackupPoms=false -DallowMajorUpdates=false -Dincludes=org.wso2.carbon.identity.*,org.wso2.carbon.extension.identity.*,org.wso2.identity.*,org.wso2.carbon.consent.*,org.wso2.carbon.healthcheck.*,org.wso2.carbon.utils,org.wso2.charon,org.apache.rampart.wso2,org.apache.ws.security.wso2,org.wso2.carbon.identity.framework:*This command is meant to update the project properties to their latest versions within specified constraints. It specifically targets dependencies that match certain group and artifact IDs. In our case, we were focusing on a range of dependencies related to the WSO2 Carbon Identity Framework.
However, the property update was not happening, leading to having the developers manually update the framework version in the product-is pom.xml.
Analyzing the Dependencies
Our pom.xml file had multiple dependencies tied to the carbon.identity.framework.version property, including:
org.wso2.carbon.identity.application.authentication.frameworkorg.wso2.carbon.identity.application.mgtorg.wso2.carbon.identity.userstore.configuration.server.featureorg.wso2.carbon.identity.template.mgt.endpoint- …and many others.
Upon investigating, we discovered that two of the dependencies, specifically org.wso2.carbon.identity.template.mgt.endpoint and org.wso2.carbon.identity.userstore.configuration.server.feature, were no longer being released. This meant their latest versions in the repository did not match the newer version of the carbon.identity.framework.version.
versions-maven-plugin: A Closer Look
The versions-maven-plugin works under a key principle: it updates a property only if all dependencies governed by that property can be updated without conflicts. In our case, since two of the dependencies were outdated and not aligned with the latest carbon.identity.framework.version, the plugin did not perform the update, avoiding potential compatibility issues.
The Resolution
To resolve this, we went with the straightforward option of removing the outdated dependencies from our pom.xml.
Once removed, the versions-maven-plugin, in conjunction with our GitHub Action, successfully updated the carbon.identity.framework.version property.
In situations where removing a dependency isn’t feasible, an alternative approach is to decouple the properties. This means creating a separate property for the outdated dependency. Here’s how you can do it:
- Identify the Outdated Dependency: First, pinpoint which dependency is not receiving updates. This is usually the one causing the version update issue.
- Create a Separate Property: Instead of using a common property (like
${carbon.identity.framework.version}) for all related dependencies, create a new, separate property just for the outdated one. For example, iforg.wso2.carbon.identity.template.mgt.endpointis outdated, define a new property like${carbon.identity.template.mgt.endpoint.version}. - Update
pom.xml: Apply this new property to the specific dependency in yourpom.xml. This isolates it from the rest of the dependencies that are still actively updated. - Run the versions-maven-plugin: Now, when you run the versions-maven-plugin, it should successfully update the actively maintained dependencies, as the outdated one is no longer tied to the common property.
Conclusion
The versions-maven-plugin is an indispensable tool in the Java development ecosystem. It provides a structured and automated approach to managing dependency versions, ensuring compatibility and up-to-date libraries. However, its conservative nature, designed to avoid compatibility issues, requires developers to be vigilant about the state of their dependencies.
