Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 578085

Summary: Please use fixed versions when publishing on Maven
Product: [Eclipse Project] JDT Reporter: Arthur McGibbon <arthur.mcgibbon>
Component: CoreAssignee: JDT-Core-Inbox <jdt-core-inbox>
Status: CLOSED MOVED QA Contact:
Severity: normal    
Priority: P3 CC: kenwenzel, loskutov
Version: 4.22   
Target Milestone: ---   
Hardware: PC   
OS: Windows 10   
Whiteboard:

Description Arthur McGibbon CLA 2022-01-06 14:36:44 EST 
Hopefully this is the correct place to report this.

The deployment of org.eclipse.jdt:org.eclipse.jdt.core:XXXX on Maven uses version ranges to specify its dependencies e.g. org.eclipse.platform:org.eclipse.text:[3.6.0,4.0.0)

The problem with this is that it's too open ended and when trying to retrieve the last version that supported jdk8 (version 3.25.0), the transitive dependencies bring in versions that are compiled for jdk11 e.g. org.eclipse.platform:org.eclipse.text last jdk8 version was 3.9.0 but version 3.12.0 is chosen which compiles to jdk11 so can't be used.

I can see this being an issue in the future on the switch from jdk11 -> 17.

So would it be possible to change to using strict dependency version numbers in the pom.xml deployed to Maven instead of ranges.  Currently to get the jdk8 version working I have to specify all the transitive dependencies manually.

All the transitive dependencies that bring in more dependencies also use ranges...
org.eclipse.jdt:org.eclipse.jdt.core
org.eclipse.platform:org.eclipse.ant.core
org.eclipse.platform:org.eclipse.compare.core
org.eclipse.platform:org.eclipse.core.commands
org.eclipse.platform:org.eclipse.core.contenttype
org.eclipse.platform:org.eclipse.core.expressions
org.eclipse.platform:org.eclipse.core.filesystem
org.eclipse.platform:org.eclipse.core.jobs
org.eclipse.platform:org.eclipse.core.resources
org.eclipse.platform:org.eclipse.core.runtime
org.eclipse.platform:org.eclipse.core.variables
org.eclipse.platform:org.eclipse.equinox.app
org.eclipse.platform:org.eclipse.equinox.common
org.eclipse.platform:org.eclipse.equinox.preferences
org.eclipse.platform:org.eclipse.equinox.registry
org.eclipse.platform:org.eclipse.osgi
org.eclipse.platform:org.eclipse.team.core
org.eclipse.platform:org.eclipse.text
Comment 1 Ken Wenzel CLA 2023-06-16 05:50:49 EDT 
This is really a severe problem that we are facing in many of our projects.
It is nearly impossible to create reproducible builds using the Eclipse Platform Maven artifacts.

The first part of the solution would be to use FIXED versions in Maven dependencies. Using version ranges in Maven are commonly considered as bad practice: https://www.reddit.com/r/Maven/comments/vkcmys/why_maven_doesnt_have_a_lock_file_like/

The second part of the solution would be to create a Maven BOM for a group of related Eclipse modules:
https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#bill-of-materials-bom-poms

This would ensure that only Eclipse modules are used together that are compatible.
Comment 2 Andrey Loskutov CLA 2023-06-16 05:52:59 EDT 
This is the wrong place / component to report maven related issues for Eclipse platform.

If you care, please report it at https://github.com/eclipse-platform/eclipse.platform.releng/issues
Comment 3 Ken Wenzel CLA 2023-06-16 05:57:02 EDT 
The issue can be found here:
https://github.com/eclipse-platform/eclipse.platform.releng/issues/242