Replace Java dependencies with as many Red Hat built ones

pierDipi commented 1 month ago

Scrape https://maven.repository.redhat.com/ga and find availabe versions
Replace deps with the "closest patch version" in that registry (note, this is NOT for "upgrading" deps)

Example diff for the current pom.xml for EKB 1.15

pierdipi@pierdipi data-plane (release-v1.15) $ git diff --staged pom.xml
diff --git a/data-plane/pom.xml b/data-plane/pom.xml
index 3f8fe445a..94269c695 100644
--- a/data-plane/pom.xml
+++ b/data-plane/pom.xml
@@ -103,6 +103,17 @@
   </profiles>

   <repositories>
+    <repository>
+      <id>red-hat-ga</id>
+      <url>https://maven.repository.redhat.com/ga</url>
+      <releases>
+        <enabled>true</enabled>
+      </releases>
+      <snapshots>
+        <enabled>true</enabled>
+      </snapshots>
+    </repository>
+
     <repository>
       <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
       <id>sonatype</id>
@@ -119,9 +130,9 @@
     <dependencies>
       <!-- Vertx -->
       <dependency>
-        <groupId>io.quarkus</groupId>
+        <groupId>com.redhat.quarkus.platform</groupId>
         <artifactId>quarkus-bom</artifactId>
-        <version>${quarkus.version}</version>
+        <version>3.8.5.redhat-00003</version>
         <type>pom</type>
         <scope>import</scope>
       </dependency>
@@ -129,18 +140,18 @@
       <dependency>
         <groupId>org.antlr</groupId>
         <artifactId>antlr4-runtime</artifactId>
-        <version>${antlr.version}</version>
+        <version>4.9.2.redhat-00003</version>
       </dependency>
       <dependency>
         <groupId>org.antlr</groupId>
         <artifactId>antlr4</artifactId>
-        <version>${antlr.version}</version>
+        <version>4.9.2.redhat-00003</version>
       </dependency>

       <dependency>
         <groupId>io.vertx</groupId>
         <artifactId>vertx-opentelemetry</artifactId>
-        <version>${vertx.version}</version>
+        <version>4.4.6.redhat-00001</version>
         <exclusions>
           <exclusion>
             <groupId>io.vertx</groupId>
@@ -152,7 +163,7 @@
       <dependency>
         <groupId>org.apache.kafka</groupId>
         <artifactId>kafka-clients</artifactId>
-        <version>${kafka.version}</version>
+        <version>3.7.0.redhat-00007</version>
       </dependency>

       <!-- Micrometer -->
@@ -182,7 +193,7 @@
       <dependency>
         <groupId>io.fabric8</groupId>
         <artifactId>kubernetes-client</artifactId>
-        <version>${fabric8.kubernetes.version}</version>
+        <version>6.10.0.redhat-00003</version>
         <exclusions>
           <exclusion>
             <groupId>io.fabric8</groupId>
@@ -193,17 +204,17 @@
       <dependency>
         <groupId>io.fabric8</groupId>
         <artifactId>kubernetes-client-api</artifactId>
-        <version>${fabric8.kubernetes.version}</version>
+        <version>6.10.0.redhat-00003</version>
       </dependency>
       <dependency>
         <groupId>io.fabric8</groupId>
         <artifactId>kubernetes-httpclient-jdk</artifactId>
-        <version>${fabric8.kubernetes.version}</version>
+        <version>6.10.0.redhat-00003</version>
       </dependency>
       <dependency>
         <groupId>io.fabric8</groupId>
         <artifactId>kubernetes-server-mock</artifactId>
-        <version>${fabric8.kubernetes.version}</version>
+        <version>6.10.0.redhat-00003</version>
         <scope>test</scope>
         <exclusions>
           <exclusion>
@@ -225,7 +236,7 @@
       <dependency>
         <groupId>com.fasterxml.jackson</groupId>
         <artifactId>jackson-bom</artifactId>
-        <version>${jackson.version}</version>
+        <version>2.14.2.redhat-00003</version>
         <type>pom</type>
         <scope>import</scope>
       </dependency>
@@ -233,24 +244,24 @@
       <dependency>
         <groupId>org.bitbucket.b_c</groupId>
         <artifactId>jose4j</artifactId>
-        <version>${jose4j.version}</version>
+        <version>0.9.6.redhat-00001</version>
       </dependency>

       <!-- Logback -->
       <dependency>
         <groupId>org.slf4j</groupId>
         <artifactId>slf4j-api</artifactId>
-        <version>${slf4j.version}</version>
+        <version>2.0.16.redhat-00001</version>
       </dependency>
       <dependency>
         <groupId>ch.qos.logback</groupId>
         <artifactId>logback-core</artifactId>
-        <version>${ch.qos.logback.version}</version>
+        <version>1.4.14.redhat-00001</version>
       </dependency>
       <dependency>
         <groupId>ch.qos.logback</groupId>
         <artifactId>logback-classic</artifactId>
-        <version>${ch.qos.logback.version}</version>
+        <version>1.4.14.redhat-00001</version>
       </dependency>
       <dependency>
         <groupId>net.logstash.logback</groupId>
@@ -306,12 +317,12 @@
       <dependency>
         <groupId>com.google.protobuf</groupId>
         <artifactId>protobuf-java</artifactId>
-        <version>${protobuf.version}</version>
+        <version>3.25.2.redhat-00001</version>
       </dependency>
       <dependency>
         <groupId>com.google.protobuf</groupId>
         <artifactId>protobuf-java-util</artifactId>
-        <version>${protobuf.version}</version>
+        <version>3.25.2.redhat-00001</version>
       </dependency>

       <!-- Rate Limiter -->
@@ -375,7 +386,7 @@
       <dependency>
         <groupId>org.awaitility</groupId>
         <artifactId>awaitility</artifactId>
-        <version>${awaitility.version}</version>
+        <version>4.2.0.redhat-00001</version>
         <scope>test</scope>
       </dependency>

@@ -399,7 +410,7 @@
       <dependency>
         <groupId>org.apache.kafka</groupId>
         <artifactId>kafka_2.13</artifactId>
-        <version>${kafka.version}</version>
+        <version>3.7.0.redhat-00007</version>
         <scope>test</scope>
         <exclusions>
           <exclusion>
@@ -415,13 +426,13 @@
       <dependency>
         <groupId>org.scala-lang</groupId>
         <artifactId>scala-library</artifactId>
-        <version>2.13.14</version>
+        <version>2.13.14.redhat-00002</version>
         <scope>test</scope>
       </dependency>
       <dependency>
         <groupId>org.scala-lang</groupId>
         <artifactId>scala-reflect</artifactId>
-        <version>2.13.14</version>
+        <version>2.13.14.redhat-00002</version>
         <scope>test</scope>
       </dependency>
     </dependencies>

and it also builds successfully:

pierdipi@pierdipi data-plane (release-v1.15) $ ./mvnw clean package -DskipTests
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  01:43 min
[INFO] Finished at: 2024-09-11T13:15:52+02:00
[INFO] ------------------------------------------------------------------------

openshift-ci[bot] commented 1 month ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: pierDipi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/openshift-knative/hack/blob/main/OWNERS)~~ [pierDipi] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

dsimansk commented 1 month ago

Putting some thoughts around version in pom. I'm pretty sure that importing BOM in Maven project should mean that version provided by the BOM are considered "managed". Therefore project pom.xml doesn't have to redeclare <version> tags, but rather omit those to use provided values from BOM.

In theory EKB data-plane should work just by using Quarkus' BOM and version will be inherited from it. I'll try to play with it a bit.

pierDipi commented 1 month ago

@dsimansk any news for the last comment?

openshift-merge-robot commented 1 month ago

PR needs rebase.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.

pierDipi commented 3 weeks ago

@dsimansk any news? we need this one in some shape or form

pierDipi commented 3 weeks ago

@creydr I guess you had comments, can you write them here?

creydr commented 3 weeks ago

@creydr I guess you had comments, can you write them here?

My main thought about this was, if we could integrate this into the update-to-head jobs, so we have this tested also somehow in CI (no need to do this in this PR)

pierDipi commented 3 weeks ago

@creydr I guess you had comments, can you write them here?

My main thought about this was, if we could integrate this into the update-to-head jobs, so we have this tested also somehow in CI (no need to do this in this PR)

@creydr wouldn't this be tested in CI when the bot opens the PR ?

skonto commented 2 weeks ago

How is this solved in other repos? Do people scrape deps?

pierDipi commented 2 weeks ago

In the old system there is a EAP based Java service but requires EAP to run and there is not alternatives for Konflux, the JBS in Konflux is beeing redesigned but it's not there yet

pierDipi commented 2 weeks ago

We discussed why in the past, I lost the links to the existing tools now :)

skonto commented 2 weeks ago

In the old system there is a EAP based Java service but requires EAP to run and there is not alternatives for Konflux, the JBS in Konflux is beeing redesigned but it's not there yet

So people will do scraping in each repo that has java deps for now? Interesting.

pierDipi commented 2 weeks ago

No, scraping is an alternative to doing it manually

openshift-knative / hack

Replace Java dependencies with as many Red Hat built ones #262