Make software.amazon.awssdk groupId owned by the AmazonServices #560
Conversation
| <exclusions> | ||
| <exclusion> | ||
| <groupId>commons-logging</groupId> | ||
| <artifactId>commons-logging</artifactId> | ||
| </exclusion> | ||
| </exclusions> |
There was a problem hiding this comment.
Could you please add back the exclusions in the BOM generator config?
There was a problem hiding this comment.
The way I decided to do it is to add an option that would allow each member to keep their own exclusions for common dependencies. While aligning the common dependency version is critical, I am not sure whether it's a good idea to allow one member to control exclusions for others, especially if that member didn't do a proper research on that. So I added this, probably, controversial option keepThirdpartyExclusions element to member config (which is true by default) that allows members to keep their exclusions configured in their original BOMs.
This could make the order of member BOM imports in Quarkus apps significant, although that'll probably be an edge case.
So in this particular change the exclusion from the quarkus-amazon-services BOM is removed but for this same constraint in the quarkus-camel-bom it is still present.
WDYT @ppalaga and @gsmet?
There was a problem hiding this comment.
Not following why we wouldn't want alignment around exclusions be consistent across the platform ?
Users can add explicit exclusions/inclusions if they somehow need it for their usecase, right ?
There was a problem hiding this comment.
I am not sure how to do that automatically so everyone is happy about that. If you have a suggestion, please share. We can configure agreed upon exclusions in the platform config today, it'd be a static config though that would need to be adjusted on changes to the member BOMs, which will be difficult to track.
There was a problem hiding this comment.
Couldn't we have the tool apply all exclusions and fail platform build if items added that isn't in a agreed upon list ?
There was a problem hiding this comment.
It wouldn't be much different from simply adding a common dependency constraint with exclusions for all the members, right? This can be done today in the platform config.
There was a problem hiding this comment.
Sorry, I am going to merge it, since I need to upgrade the platform generator for other reasons. Please create an issue if you think we could have a more appropriate default.
There was a problem hiding this comment.
I have filed a follow up quarkusio/quarkus-platform-bom-generator#114
aloubyansky
force-pushed
the
amazon-own-constraints
branch
from
170d936 to
64b8792
Compare
…oid a possibiliy for other members to override versions of these dependencies
aloubyansky
force-pushed
the
amazon-own-constraints
branch
from
64b8792 to
00966c6
Compare
Make software.amazon.awssdk groupId owned by the AmazonServices to avoid a possibiliy for other members to override versions of these dependencies
FYI @ppalaga