chore: Add renovate custom manager to update upper-bound files (#3894)

lqiu96 · web-flow · commit 4223a8689956 · 2025-10-14T17:32:13.000-04:00
Dependencies CI Test: https://github.com/googleapis/sdk-platform-java/actions/runs/18327368470/job/52195017520 ## Changes In order to keep the current Maven pom.xml files the same, we create a new format in the dependencies.txt file: `{GroupID}:{ArtifactID},{MavenPropertyID}={Version}`. The `GroupID`, `ArtifactID`, and `Version` values are by renovate bot to determine there should be a dependency bump. The `MavenPropertyID` and `Version` values are used to build the maven test command. The format may not look intuitive and can be changed in the future. Values/ Separators were chosen so that it doesn't have any weird edge cases/ impact in shell scripts (avoiding ';', '*', '|' characters) ## Local Renovate Bot Invocation Local invocation of renovate shows that it is able to match the versions: ``` { "depName": "com.fasterxml.jackson:jackson-bom", "currentValue": "2.19.2", "datasource": "maven", "replaceString": "com.fasterxml.jackson:jackson-bom=2.19.2\n", "updates": [ { "bucket": "non-major", "newVersion": "2.20.0", "newValue": "2.20.0", "releaseTimestamp": "2025-08-28T22:48:03.000Z", "newVersionAgeInDays": 0, "newMajor": 2, "newMinor": 20, "newPatch": 0, "updateType": "minor", "isBreaking": false, "branchName": "renovate/com.fasterxml.jackson-jackson-bom-2.x" } ], ... ], "matchStrings": ["(?<depName>.*)=(?<currentValue>.*)\\n"], "datasourceTemplate": "maven", "packageFile": "dependencies.txt" } ```
diff --git a/.github/scripts/test_dependency_compatibility.sh b/.github/scripts/test_dependency_compatibility.sh
@@ -18,8 +18,7 @@
 # an input for the deps_list to manually run a subset of dependencies.
 #
 # The default upper-bound dependencies file is `dependencies.txt` located in the root
-# of sdk-platform-java. The upper-bound dependencies file will be in the format of:
-# ${dependency.name}=${dependency.version}
+# of sdk-platform-java. See the upper-bound dependencies file for the dependency format.
 
 set -ex
 
@@ -29,18 +28,6 @@ function print_help() {
   echo "Use -l {deps_list} for a comma-separated list of dependencies to test (Format: dep1=1.0,dep2=2.0)"
 }
 
-# Function to parse a dependency string and append it to the Maven command
-function add_dependency_to_maven_command() {
-  local dep_pair=$1
-  if [[ ! "${dep_pair}" =~ .*=.* ]]; then
-    echo "Malformed dependency string: ${dep_pair}. Expected format: dependency=version"
-    exit 1
-  fi
-  local dependency=$(echo "${dep_pair}" | cut -d'=' -f1 | tr -d '[:space:]')
-  local version=$(echo "${dep_pair}" | cut -d'=' -f2 | sed 's/^[[:space:]]*//;s/[[:space:]]*$//')
-  MAVEN_COMMAND+=" -D${dependency}.version=${version}"
-}
-
 # Default to the upper bounds file in the root of the repo
 file='dependencies.txt'
 dependency_list=''
@@ -59,7 +46,7 @@ if [[ -z "${file}" && -z "${dependency_list}" ]]; then
   print_help && exit 1
 fi
 
-MAVEN_COMMAND="mvn verify -Penable-integration-tests -Dclirr.skip -Dcheckstyle.skip -Dfmt.skip -Denforcer.skip "
+MAVEN_COMMAND="mvn -ntp -B verify -Penable-integration-tests -Dclirr.skip -Dcheckstyle.skip -Dfmt.skip -Denforcer.skip"
 
 # Check if a list of dependencies was provided as an argument. If the list of dependency inputted
 # is empty, then run with the upper-bound dependencies file
@@ -77,7 +64,11 @@ if [ -z "${dependency_list}" ]; then
     if [[ "${line}" =~ ^[[:space:]]*# ]] || [[ -z "${line}" ]]; then
       continue
     fi
-    add_dependency_to_maven_command "${line}"
+    # Format from `dependencies.txt`: {GroupID}:{ArtifactID},{PropertyName}={Version}
+    propertyVersion=$(echo "${line}" | cut -d',' -f2)
+    dependency=$(echo "${propertyVersion}" | cut -d'=' -f1)
+    version=$(echo "${propertyVersion}" | cut -d'=' -f2)
+    MAVEN_COMMAND+=" -D${dependency}.version=${version}"
   done < "${UPPER_BOUND_DEPENDENCY_FILE}"
 else # This else block means that a list of dependencies was inputted
   # Set the Internal Field Separator (IFS) to a comma.
@@ -91,7 +82,10 @@ else # This else block means that a list of dependencies was inputted
     if [ -z "${DEP_PAIR}" ]; then
       continue
     fi
-    add_dependency_to_maven_command "${DEP_PAIR}"
+    # Format: {MavenPropertyName}={Version}
+    dependency=$(echo "${DEP_PAIR}" | cut -d'=' -f1)
+    version=$(echo "${DEP_PAIR}" | cut -d'=' -f2)
+    MAVEN_COMMAND+=" -D${dependency}.version=${version}"
   done
 fi
 
diff --git a/.github/workflows/dependency_compatibility_test.yaml b/.github/workflows/dependency_compatibility_test.yaml
@@ -8,6 +8,7 @@ on:
     inputs:
       dependencies-list:
         description: 'Comma-separated list of dependencies to test (Example format: protobuf=4.31.0,guava=33.4.8-jre).
+                      Note: The name should be the maven property. Find this value in the <properties> section in the pom.
                       Do not include the `-D` prefix or `.version` suffix. Those values will be appended when generating
                       the command. No input (default) will run the the upper-bound dependencies file.'
         required: false
@@ -34,7 +35,7 @@ jobs:
         run: echo "DEPENDENCIES_LIST=${{ github.event.inputs.dependencies-list }}" >> $GITHUB_ENV
 
       # Run in the root module which should test for everything except for showcase
-      - name: Perform Dependency Compatibility Testing
+      - name: Perform Dependency Compatibility Unit Testing
         shell: bash
         run: |
           if [[ -n "${{ env.DEPENDENCIES_LIST }}" ]]; then
@@ -63,7 +64,7 @@ jobs:
           cd -
 
       # Run Showcase's Integration Tests
-      - name: Perform Dependency Compatibility Testing (Showcase only)
+      - name: Perform Dependency Compatibility Integration Testing (Showcase Tests)
         shell: bash
         # Need to cd out of the directory to get the scripts as this step is run inside the java-showcase directory
         run: |
diff --git a/dependencies.txt b/dependencies.txt
@@ -1,48 +1,50 @@
 # This file contains a list of dependencies and their versions to be tested for compatibility.
-# The format is key=value, where the key is the dependency name and the value is the version.
+# The format is `{GroupID}:{ArtifactID},{PropertyName}={Version}`. The GAV coordinates
+# (specifically the GroupID and ArtifactID) are parsed by renovate to find the artifact from Maven
+# Central. Version stores the currently known upper bound. PropertyName corresponds to the Maven
+# property value in the pom.xml (it is NOT a 1:1 mapping to the GAV).
 # "1P" refers to First-Party dependencies (owned by Google).
 # "3P" refers to Third-Party dependencies.
 
 # Pom-Parent Dependencies
 # These dependencies are declared: https://github.com/googleapis/sdk-platform-java/blob/main/gapic-generator-java-pom-parent/pom.xml
-javax.annotation-api=1.3.2
-grpc=1.75.0
-google.auth=1.39.1
-google.http-client=2.0.1
-gson=2.13.2
-guava=33.5.0-jre
-protobuf=4.32.1
-# Note: This opentelemetry version refers to the opentelemetry-bom
-opentelemetry=1.54.1
-errorprone=2.42.0
-j2objc-annotations=3.1
-threetenbp=1.7.2
-slf4j=2.0.17
+javax.annotation:javax.annotation-api,javax.annotation-api=1.3.2
+io.grpc:grpc-bom,grpc=1.74.0
+com.google.auth:google-auth-library-bom,google.auth=1.37.1
+com.google.http-client:google-http-client,google.http-client=1.47.1
+com.google.code.gson:gson,gson=2.13.1
+com.google.guava:guava,guava=33.4.8-jre
+com.google.protobuf:protobuf-java,protobuf=4.31.1
+io.opentelemetry:opentelemetry-bom,opentelemetry=1.52.0
+com.google.errorprone:error_prone_annotations,errorprone=2.41.0
+com.google.j2objc:j2objc-annotations,j2objc-annotations=3.1
+org.threeten:threetenbp,threetenbp=1.7.2
+org.slf4j:slf4j-api,slf4j=2.0.17
 
 # 1P Shared-Deps
 # These dependencies are declared: https://github.com/googleapis/sdk-platform-java/blob/main/java-shared-dependencies/first-party-dependencies/pom.xml
-grpc-gcp=1.7.0
-google.oauth-client=1.39.0
-google.api-client=2.8.1
+com.google.cloud:grpc-gcp,grpc-gcp=1.6.1
+com.google.oauth-client:google-oauth-client,google.oauth-client=1.39.0
+com.google.api-client:google-api-client,google.api-client=2.8.1
 
 # 3P Shared-Deps
 # These dependencies are declared: https://github.com/googleapis/sdk-platform-java/blob/main/java-shared-dependencies/third-party-dependencies/pom.xml
-threeten-extra=1.8.0
-opencensus=0.31.1
-findbugs=3.0.2
-jackson=2.20.0
-codec=1.19.0
-httpcomponents.httpcore=4.4.16
-httpcomponents.httpclient=4.5.14
-apache-httpclient-5=5.5.1
-apache-httpcore-5=5.3.6
-perfmark-api=0.27.0
+org.threeten:threeten-extra,threeten-extra=1.8.0
+io.opencensus:opencensus-api,opencensus=0.31.0
+com.google.code.findbugs:jsr305,findbugs=3.0.2
+com.fasterxml.jackson:jackson-bom,jackson=2.19.2
+commons-codec:commons-codec,codec=1.19.0
+org.apache.httpcomponents:httpclient,httpcomponents.httpclient=4.5.14
+org.apache.httpcomponents:httpcore,httpcomponents.httpcore=4.4.16
+org.apache.httpcomponents.client5:httpclient5,apache-httpclient-5=5.5
+org.apache.httpcomponents.core5:httpcore5,apache-httpcore-5=5.3.4
+io.perfmark:perfmark-api,perfmark-api=0.27.0
 # Note: This is the google opentelemetry exporter and not the general opentelemetry project
-google.cloud.opentelemetry=0.36.0
-flogger=0.9
-arrow=18.3.0
-dev.cel=0.11.0
-com.google.crypto.tink=1.18.0
+com.google.cloud.opentelemetry:exporter-metrics,google.cloud.opentelemetry=0.36.0
+com.google.flogger:flogger,flogger=0.9
+org.apache.arrow:arrow-memory-core,arrow=18.3.0
+dev.cel:cel,dev.cel=0.10.1
+com.google.crypto.tink:tink,com.google.crypto.tink=1.18.0
 # The follow opentelemetry dependencies have a different version from the opentelemetry-bom
-opentelemetry-semconv=1.37.0
-io.opentelemetry.contrib.opentelemetry-gcp-resources=1.50.0-alpha
+io.opentelemetry.semconv:opentelemetry-semconv,opentelemetry-semconv=1.34.0
+io.opentelemetry.contrib:opentelemetry-gcp-resources,io.opentelemetry.contrib.opentelemetry-gcp-resources=1.48.0-alpha
diff --git a/gapic-generator-java-pom-parent/pom.xml b/gapic-generator-java-pom-parent/pom.xml
@@ -22,6 +22,7 @@
   <properties>
     <skipUnitTests>false</skipUnitTests>
     <checkstyle.header.file>java.header</checkstyle.header.file>
+    <maven.compiler.release>8</maven.compiler.release>
 
     <!-- External dependencies, especially gRPC and Protobuf version, should be
         consistent across modules in this repository -->
@@ -33,7 +34,6 @@
     <guava.version>33.4.0-jre</guava.version>
     <protobuf.version>3.25.8</protobuf.version>
     <opentelemetry.version>1.47.0</opentelemetry.version>
-    <maven.compiler.release>8</maven.compiler.release>
     <errorprone.version>2.38.0</errorprone.version>
     <j2objc-annotations.version>3.0.0</j2objc-annotations.version>
     <threetenbp.version>1.7.0</threetenbp.version>
@@ -214,4 +214,4 @@
       <url>https://repo1.maven.org/maven2</url>
     </repository>
   </repositories>
-</project>
+</project>
diff --git a/renovate.json b/renovate.json
@@ -10,6 +10,12 @@
     "^library_generation/requirements\\.txt$"
   ],
   "customManagers": [
+    {
+      "customType": "regex",
+      "managerFilePatterns": ["/^dependencies\\.txt$/"],
+      "matchStrings": ["(?<depName>.*),(.*)=(?<currentValue>.*)"],
+      "datasourceTemplate": "maven"
+    },
     {
       "customType": "regex",
       "fileMatch": [
