Provide a BOM for owlapi

[reckart]

Provide a POM module called owlapi-bom containing only managed dependencies for the owlapi modules. This way downstream users can import the BOM and do not need to specify versions for all the owlapi modules (not even via a version property). The module should only define versions of owlapi modules, not of third-party dependencies.

[ignazio1977]

What does

downstream users can import the BOM and do not need to specify versions for all the owlapi modules (not even via a version property)

look like?

I'm trying to figure how that differs from a dependency on owlapi-apibinding.

[reckart]

@ignazio1977 owlapi-apibinding is a JAR module. A BOM is of type pom and contains a dependencyManagement section instead of a dependency section. Here are some examples:

• https://central.sonatype.com/artifact/org.apache.logging.log4j/log4j-bom/2.23.1
• https://central.sonatype.com/artifact/org.junit/junit-bom/5.10.3
• https://central.sonatype.com/artifact/org.mockito/mockito-bom/5.12.0

Downstream projects consume such a BOM as:

  <dependencyManagement>
      <dependency>
        <groupId>org.junit</groupId>
        <artifactId>junit-bom</artifactId>
        <version>${junit-jupiter.version}</version>
        <type>pom</type>
        <scope>import</scope>
      </dependency>
  </dependencyManagement>

... and then still depend explicitly on the modules they required - but without the version

    <dependency>
      <groupId>org.junit.jupiter</groupId>
      <artifactId>junit-jupiter-api</artifactId>
      <scope>test</scope>
    </dependency>

See also here. Note that some BOM examples include a modules section or make the bom a parent POM in the project. While that may seem like a good way, I have stumbled over that in particular in conjunction with OSGI-related tooling - so nowadays, I use build only "pure" BOMs that contain only the dependency management and are not consumed inside the reactor proper but are only made available for downstream consumption. Within the reactor I tend to use <version>${project.verson}</version> instead.

I am using the Maven Dependency Plugin to check that modules explicitly depend on all libraries they use APIs from - it makes the version resolution mechanism more robust to do that. So even if I would depend on owlapi-apibinding and transitively get all the sub-modules from owlapi, I would then explicitly have to depend on these sub-modules - and the dependency plugin would even complain about the binding dependency if I don't explicitly use any classes from it. And then again, I may not even want to depend on all the sub-modules (transitively) but only on those that I actually use.

[ignazio1977]

Thanks for the references, it appears to be very similar to the owlapi-parent pom.

One clarification, are you looking for a Maven 4+ BOM or the plain POM version?

Starting from Maven 4.0, a new specific BOM packaging has been introduced. It allows defining a BOMs which are not used as parent in a project leveraging the newer 4.1.0 model, while still providing full compatibility with Maven 3.X clients and projects. This BOM packaging is translated into a more usual POM packaging at installation / deployment time, leveraging the build/consumer POM feature from Maven 4. This thus provides full compatibility with Maven 3.x.

Updating to maven 4 (which is still in beta) would take some messing around on my local set up, since I need to still build OWLAPI 4 with Java 8, hence the clarification

[hmottestad]

This is how we do it in RDF4J: https://github.com/eclipse-rdf4j/rdf4j/blob/main/bom/pom.xml

And this is how users use it:

<dependencyManagement>
    <dependencies>
        <dependency>
            <groupId>org.eclipse.rdf4j</groupId>
            <artifactId>rdf4j-bom</artifactId>
            <version>5.0.2</version>
            <type>pom</type>
            <scope>import</scope>
        </dependency>
    </dependencies>
</dependencyManagement>

Here is an example where one of our example projects imports the spring-boot bom: https://github.com/eclipse-rdf4j/rdf4j/blob/5c956e1f93e01c4e5af27e585516e7949dbbc72f/spring-components/pom.xml#L30

Spring boot doesn't call it a bom, they just call is "spring-boot-dependencies". I actually think that that is cleaner since "bom" is somewhat of a loaded term.

[reckart]

@hmottestad spring-boot-dependencies is not a BOM in the sense I propose. It does not provide versions for all the Spring modules. Instead, it provides versions for the third-party libraries that Spring Boot draws in. This is quite different.

[hmottestad]

@hmottestad spring-boot-dependencies is not a BOM in the sense I propose. It does not provide versions for all the Spring modules. Instead, it provides versions for the third-party libraries that Spring Boot draws in. This is quite different.

Ahh! Makes sense then.

[ignazio1977]

will be available in 5.5.1