Maven Repository artifacts versions

I noticed a few “issues” on maven repo:

  • BOM repo is very often unsynchronized with other repos means e.g. sometimes it is updated noticeable time after other repos
  • BOM versions do not always correspond with other versions e.g. BOM v4.9.4 relates actually to artifacts in version 4.9.3 but 4.10.0 looks properly match to other components 4.10.0
  • sometimes some versions are omitted eg. in multitenancy no 4.9.4 version and there is 4.10.1 only there. There is a version 4.7.5 and 4.76 in messaging and there is no that version in BOM

1 Like

I can shed some light on this.

The intent is to release a BOM for every patch release of any of our projects.

As you describe in your pointer, the every-part is indeed always the case.

Sometimes, this is because we know another patch release will come soon, so we wait a little more to pair this other version in the BOM. And yet other times, it’s because we simply forgot about all the other tasks we’ve lying about. Or, because we felt the BOM to be of low priority given the nature of the fix.

In the exact case of the 4.10.1 release of the Multi-Tenancy extension, we are waiting because we need a small patch for Axon Framework too, which will generate a 4.10.1. We do so because this makes the release process for us more efficient and so we don’t bombard users with tons of versions.

With the above, I feel I have explained your other “issues” as well concerning release timing and version discrepancy:

  • Timing - As we are waiting for other releases to be grouped in the BOM, the time window is higher. This wait can occur because of development efforts, team availability, or Sonatype downtime. Especially the latter occurred very frequently the last two weeks and, as you may imagine, is entirely out of our control.
  • Version Discrepancy - As stated at the start, we aim to release the BOM for every batch of releases, regardless of the project contained of the BOM. Due to this, the scenario can occur that the Multi-Tenancy extension has patch releases up to 3, while Axon Framework does not. Since the Multi-Tenancy extension is part of the BOM, it will increase the BOM version. However, this does not mean we increase the version of Axon Framework, as that would be an artificial version increase. We’re aware Spring deals differently with this, but we’ve chosen this process.

Let me know if this clarifies things for you, @KaeF! And, if you have any suggestions on the process, be sure to share.

Fine for me. So as I understand the safest strategy is to wait for a new BOM version and then update project dependencies (it should guarantee that all components/extensions should cooperate each other in proper way). Am I right?

2 Likes

For some reason, I did not get notified about your reply here, @KaeF… My apologies for returning the favor so late.

The BOM versions are indeed there to provide an assurance that the contained versions are compatible with one another.
However, it should be a safe bet to update the extensions separately if you would require an early patch fix on them.

As explained above in the “Timing” section, there are numerous reasons why a BOM release takes a bit longer. A more concrete example: 4.10.1 of the BOM isn’t there yet, as we’re waiting for some issues on 4.10.1 for Axon Framework to be finalized.

With that, I hope to have informed you sufficiently, @KaeF!