-
Notifications
You must be signed in to change notification settings - Fork 2.3k
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Maven: Update versions defined in a property but managed by parent pom #15170
Comments
Hi there, Help us by making a minimal reproduction repository. Before we can start work on your issue we first need to know exactly what's causing the current behavior. A minimal reproduction helps us with this. To get started, please read our guide on creating a minimal reproduction to understand what is needed. We may close the issue if you (or someone else) have not provided a minimal reproduction within two weeks. If you need more time, or are stuck, please ask for help or more time in a comment. Good luck, The Renovate team |
Where do these child/parent pom's from your description live? |
The child pom lives in my own git repository which is processed by Renovate. The parent, and this is the crucial part, lives outside my sphere of influence and that of Renovate. The parent is a foreign Maven dependency. This POM here would be an example of such a child. In this example I would like to see that Renovate detects that there is a newer version 21.5.0.0 of com.oracle.database.jdbc:ojdbc11 and updates the property <?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.6.7</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.example</groupId>
<artifactId>spring-boot-complete</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>spring-boot-complete</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>11</java.version>
<oracle-database.version>21.4.0.0.1</oracle-database.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>com.oracle.database.jdbc</groupId>
<artifactId>ojdbc11</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project> |
Thanks. Please put this into a minimal repo which we can fork and debug later (instructions are above). I see that there's |
I created a sample project at https://github.com/InversoGmbH/renovate-issue-15170-demo The As described in the initial comment, Renovate would need to check the parents of the current POM for a managed dependency that uses the property in question. If the direct parent does not contain such a dependency, the grand parent needs to be checked etc. That's why it is good idea to add an (configurable) limit for the numbers of parents to check. |
Thanks. The good news is that I think I understand it now, the bad news is that this will be very challenging for anybody to implement. What we know at extraction time:
Meanwhile somewhere up the parent tree, that Today that variable would be ignored in our list of extracted dependencies because no dependency references it - it wouldn't show up as a dependency. As a general rule, we don't want to do any lookups from networks during our extract phase, so that means it would need to be done somehow during the lookup phase. Maybe one day someone can work out an elegant way to implement this, but in the meantime I think you'll need to use |
Reproduction forked to https://github.com/renovate-reproductions/15170 |
Okay. I already thought that it will not be so easy. I will have a look at |
If you are ok to handle this explicitly then use the regExp matcher below. I haven't tested that maven datasource uses depName=groupId and packageName=artifactId.
|
Thanks for the suggestion but ...
So here is my "solution" for Maven that works very well. pom.xml <project>
...
<properties xmlns:renovate="https://docs.renovatebot.com/renovate-schema">
<foo.version renovate:depName="foo.group:foo-artifcat">1.2.3</foo.version>
</properties>
...
</project> renovate.json {
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"regexManagers": [{
"fileMatch": ["(^|/|\\.)pom\\.xml$"],
"matchStrings": ["<\\S+\\.version renovate:depName=\"(?<depName>\\S+?)\">(?<currentValue>.+?)<\\/\\S+\\.version>"],
"versioningTemplate": "maven",
"datasourceTemplate": "maven"
}]
} p.s. |
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
What would you like Renovate to be able to do?
For example, a typical use case would be Spring Boot.
You have defined a project like Spring Boot as a parent project that defines, for example, the
foo.version
property that is used in a managed dependency.parent POM
In the child POM file, this dependency is included as usual, and since it is managed, the
version
element is omitted. But you also overwrite thefoo.version
property, since the value in the parent POM does not refer to the latest version at this time.child POM
Later, Renovate updates the version of the parent file to 1.0.1. This updated parent POM now contains a newer version defined in
foo.version
(e.g. 1.2.5). Unfortunately, this update is skipped because the child POM still uses the old version it defined before.Parent projects of the same repository, means which can be resolved using their relative path are out of scope! Because Renovate would already perform the update in the parent itself.
It would be great if Renovate could also detect this kind of dependencies and update the version defined in the child pom. This should only happen if the property is defined/overridden in the child pom - if it is not there, nothing should be done. This avoids updating all other dependencies that might be defined and outdated in the parent pom.
If you have any ideas on how this should be implemented, please tell us here.
version
element in the current pomrelativePath
) and if it uses a property for specifying the versionversion
element.It may not be sufficient to check only the direct ancestor, but it may be necessary to check its ancestor as well. There should be a limit to how many ancestors Renovate should check to solve this kind of managed dependency to avoid long or even endless runs.
Is this a feature you are interested in implementing yourself?
No
The text was updated successfully, but these errors were encountered: