Maven depency issues
pgier Aug 31, 2007 12:29 PMI just wanted to bring up some of the issues with dependencies in maven that came up recently. Here is a summary of the issues and how to deal with them, as far as I see it.
Classpath ordering in maven
Currently, maven puts transitive dependencies before direct dependencies in the compile and test classpaths. I believe this is incorrect, and I will be submitting a patch to reverse this, but it won't be available until the next maven version. It normally isn't an issue, unless there are two different versions of the same artifact in the dependency tree. The way to get around this, is to exclude the conflicting versions from the transitive dependencies.
<dependency> <groupId>jboss</groupId> <artifactId>jbossxb</artifactId> <exclusions> <exclusion> <groupId>jboss</groupId> <artifactId>jboss-common-core</artifactId> </exclusion> <exclusion> <groupId>jboss</groupId> <artifactId>jboss-common-logging-spi</artifactId> </exclusion> </exclusions> </dependency>
The easiest way that I know of to find these conflicting dependencies is by using the dependencies project info report
mvn project-info-reports:dependencies
It's a pita to go through all the modules and find instances of these conflicts, but someone (maybe me) should go through the mc modules and fix them.
Another command that can help clean up dependencies is this one:
mvn dependency:analyze
The report will tell you if you have unused dependencies listed, or if you are directly dependent on one of your transitive dependencies. When I have time, I plan to add a feature to this plugin that will tell you if you are including two versions of the same artifact.
Non-deterministic builds?
As far as I have seen, the classpath ordering seems to be the same every time. I think when Adrian had a different result, it was probably do to an out of date pom, or possibly something different in the local repository. Anyway, I don't think this is an issue because as far as I've seen, the ordering of the dependencies is consistent.
Releases/assembly
The assembly plugin can be used to package up dependencies with the project. As long as the conflicting versions are excluded from the transitive dependencies, we should always get the correct version included in the release. The assembly plugin will also have the same behaviour during a normal build as during a release, so there shouldn't be any difference in the generated artifact when doing the release, or when re-creating the release at a later time.
Hopefully this addresses some of the concerns that people have had about the maven builds. Obviously, all this is open to discussion :)