|
| 1 | +:toc: macro |
| 2 | +toc::[] |
| 3 | + |
| 4 | += Dependency-Management |
| 5 | + |
| 6 | +To make this guide short: |
| 7 | +When using Maven link:module-split.asciidoc[multi-module projects], you should always use dependency-management. |
| 8 | +Details and explanations can be found in https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Dependency_Management[Maven dependency management documentation]. |
| 9 | + |
| 10 | +Additional best-practices: |
| 11 | + |
| 12 | +* Define all dependency versions for your project in a single `<dependencyManagement>` section in your top-level POM. |
| 13 | +Only use `<dependencyManagement>` in child module `pom.xml` files if you explicitly need to import or define a BOM. |
| 14 | +* Still define variables for versions and follow strict naming conventions. |
| 15 | +Especially if such POM gets reused in multiple projects this is an absolute-best-practice since it allows overriding versions easily in child POM. |
| 16 | +For a good example follow the patterns from https://repo1.maven.org/maven2/org/springframework/boot/spring-boot-dependencies/3.4.4/spring-boot-dependencies-3.4.4.pom[spring-boot-dependencies]. |
| 17 | +* Avoid to define `<scope>` in `<dependencyManagement>`. |
| 18 | +Some people think it may be smart to add `<scope>test</test>` in `<dependencyManagement>` for dependencies like `junit`. |
| 19 | +However, if you read our link:maven-test-reuse.asciidoc[maven-test-reuse] guide, you will notice that such dependencies like `junit` may also be used in test-infrastructure modules where they need `compile` scope. |
| 20 | +Since maven is following convention-over-configuration the default scope is `compile` if omitted by default. |
| 21 | +However, if `<scope>` is defined in `<dependencyManagement>` this will override the default for that dependency. |
| 22 | +Once you ever ran in the pitfall that you added a dependecy in a test-infrastructure module and ende up with compile errors because your code in `src/main/java` cannot see code from libraries that you actually have declared as dependency, |
| 23 | +you will notice the problem of such "black-magic". |
| 24 | +Therefore strictly avoid this to make your life easier. |
| 25 | +* If you create a library and provide a BOM please consider defining a `minimal` BOM with only your own dependencies but no other 3rd party. |
| 26 | +You can still provide an additional `full` BOM with the `<dependencyManagement>` for all required 3rd party on top of your `minimal` BOM. |
| 27 | +The rationale is that some projects may use and mix many different libraries together. |
| 28 | +When multiple BOMs are imported into your `<dependencyManagement>` that contribute different versions for the same dependency then it gets very tricky. |
| 29 | +In such case the order of your `import` scoped depdendency (BOM) determines which version wins. |
| 30 | +If that even happens along the inheritance hierarchy of multiple POMs you need a real maven guru to explain what is happening if something goes wrong. |
| 31 | +Most projects want to give precendence to BOMs from major frameworks like spring-boot or quarkus rather than some additional library for a small aspect. |
| 32 | +If such library provides a `minimal` BOM it will not conflict with the framework BOM and if the project only imports such `minimal` BOM a lot of pitfalls and headaches can be avoided. |
0 commit comments