OpenTelemetry - A gazillion of related dependencies in generated BOM

[gsmet]

Our generated BOM contains a gazillion of OpenTelemetry-related dependency in the BOM.

While we did some work to reduce the cost of this in the Maven resolver (with the great collaboration of @cstamas !), there's still a cost associated to it. I'm wondering if we should be a bit more careful about it.

I'm all for enforcing the consistency of artifacts but for instance do we really need to enforce all the versions for io.opentelemetry.javaagent artifacts? Are they actually useful in a typical OpenTelemetry setup?

Note that the answer might very well be yes we need to keep all of them but I wanted to make sure we are aware of the situation.

See generated BOM here: https://central.sonatype.com/artifact/io.quarkus/quarkus-bom .

And search for io.opentelemetry.javaagent. Note that there might be other problematic groupIds.

[quarkus-bot]

/cc @brunobat (opentelemetry), @radcortez (opentelemetry)

[gsmet]

/cc @cescoffier too

[brunobat]

They do have too many artifacts and no, we don't care about io.opentelemetry.javaagent

[gsmet]

I see we have these BOMs imported:

            <dependency>
                <groupId>io.opentelemetry</groupId>
                <artifactId>opentelemetry-bom</artifactId>
                <version>${opentelemetry.version}</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
            <dependency>
                <groupId>io.opentelemetry</groupId>
                <artifactId>opentelemetry-bom-alpha</artifactId>
                <version>${opentelemetry.version}-alpha</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
            <dependency>
                <groupId>io.opentelemetry.instrumentation</groupId>
                <artifactId>opentelemetry-instrumentation-bom-alpha</artifactId>
                <version>${opentelemetry-alpha.version}</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>

Are they all useful?

I think we have several options:

• drop some of them and list the few artifacts we need (would it make sense for opentelemetry-instrumentation-bom-alpha that contains all the agents? Or is it practical to use it anyway)
• filter out things from our BOM if possible (@aloubyansky I think it's doable right?)

FWIW, I don't want to make things brittle so if we need to keep these BOMs and just filter them, let's come up with the filtering rules.

[brunobat]

I'm creating a PR... excluding that group ID and streamlining the boms, however they are all needed, unfortunately.

[brunobat]

Please take a look at: Streamline otel dependencies #44772
It builds ok locally but I'm not sure the impact of boms as transitive dependencies.