(3540) Technology management with Maven

Technical long talk 50 min

Wednesday, 2008-06-25, 11:00 - 11:50, Arena 3

• Johann Gyger - AdNovum Informatik AG (speaker)
• Christian Siffert
• Roger Kehrer
• Aleksandr Shneyderman
• Tobias Murer - UBS (co-speaker)

Topics

• Software engineering lifecycle
• Collaboration tools

Abstract

The list of dependencies in a project of a certain size can be very long. New 
frameworks and libraries emerge at a fast pace, and they often affect that list. 
Developers and managers have to keep track of dependencies by maintaining 
dependency repositories, and they have to ensure that the accumulated knowledge 
is always available in an easily accessible and distributable form.

Maven provides effective mechanisms to cope with the breadth of such 
dependencies. Also, there are tools that help manage artifact repositories in 
dealing with the information overload often associated with repositories. 
However, Maven does not support the concept of technology lifecycle (not to be 
confused with the Maven build lifecycle), which implies that it does not support 
technology lifecycle handling and storing of knowledge about the quality of a 
dependency.

This presentation introduces the benefits and means of managing java technology 
in its first part. The second part focuses on the capabilities of Maven and 
proposes a Maven extension that allows for an advanced java technology 
management.


Technology Management Benefits and Means

The capability to manage dependencies and technologies on a mature level is 
essential for software organizations of a certain size. Technology management 
becomes a key discipline and must be introduced in a careful way to allow for 
mutual benefits among its stakeholder including developer, management, and 
customers. The talk will start with an experience report giving an overview of 
selected technology management means and their application. The detailed 
discussion of how one of the means can be based on an extended Maven is the 
focus of the rest of the talk.


Maven Dependency Management

In Maven 2, dependency management features have improved greatly. Maven 2 
supports transitive dependencies, dependency scopes and dependency mediation, 
and it offers great tools to deal with the dependencies in a project.

Maven defines a nomenclature that supports unique declaration of dependencies in 
a project. In addition, Maven provides logic that helps to resolve transitive 
and scoped dependencies. However, despite Maven's excellent support for 
dependency declaration/resolution, the task of managing dependencies remains 
complex. In this part of the talk, we will show what the complexities of 
dependency management are and why you can't solve them with technology and tools 
alone.

Some of the complexities are:

- Instruction: All developers involved in a project need to understand and live 
the concepts of dependency management.

- Configurable dependency data: While dependency data is provided by the 
community, companies still need to be able to overrule and manage dependencies 
individually.

- Understanding dependency conflicts: Dependency conflicts are generally too 
complex to be resolved automatically. Yet Maven dependency mediation is a great 
help in locating dependency conflicts and devising draft solutions for resolving 
such conflicts.


Maven Repository Management

When using Maven over a longer period of time, it is highly advisable to 
introduce internal repositories to monitor the use of artifacts. Internal 
repositories will result in a tighter control and an increased availability of 
artifacts.

Repositories tend to grow exponentially over time as projects deploy their own 
dependencies and versions. To keep your repository in good shape, you should 
therefore introduce an authority that supervises the repository and decides 
which artifacts are deployed in what versions.

Another key factor to success is to make the content of your repository 
searchable. This enables developers to browse for installed artifacts and their 
dependencies.

In our talk, we will demonstrate some practices and tools such as Archiva that 
can be used for the management of artifacts and repositories.


Artifact lifecycle management

To perform effective technology management, you should keep the number of 
approved artifacts as small as possible. You cannot remove artifacts from the 
repository if you want to sustain reproducible builds. Therefore, each artifact 
in the repository should be marked with a corresponding lifecycle state.

The proposed states are:

- "approved" (with sub-states "mainstream" and 
"restricted")

- "prohibited" (with sub-states "flawed", 
"deprecated", and "not investigated")

- "investigating" (for the evaluation of new components)

Maven does not support the above states out of the box. However, we will 
demonstrate in our talk how they can be implemented by appending lifecycle state 
information to the repository metadata and enhancing the build process so that 
projects that use non-approved software will fail.

Yet at least one tricky question remains: How do we handle conflicting artifact 
lifecycle information across transitive dependencies?