Maven has a high learning curve, but once learned it is incredibly simple to use.
That high bar is created by the tool configuration. You can change and hack everything, but you have to understand how Maven works to do so. This generally blocks people from doing really stupid things, because you have to learn how maven works to successfully modify it and in doing so you learn why you shouldn’t.
This is the exact weakness of Gradle, the barrier for modification is far lower and the tool is far less rigid. So you get lots of people who are still learning implement all sorts of weird and terrible practice.
The end result is I can usually dust off someone elses old maven project and it will build immediately using “mvn clean install”, about half the gradle projects I have been brought in on won’t without reverse engineering effort because they have things hard coded all over them. A not small percentage are so mangled they can’t be built without the dev who wrote it’s machine.
Also you really shouldn’t be tinkering with your build pipelines that much. Initial constraints determine the initial solution, then periodically you review them to improve. DevSecOps exists to speed development and ease support it isn’t a goal in of itself
Completely agree. I can jump into any maven project and understand it with ease. Gradle on the other hand requires deep understanding of the build file due to all the flexibility that it offers.
I can agree with most of that, but my point wasn’t that you should be “tinkering” with your build file, but that as time goes on and your project grows and your team grows you should be making improvements. No active project sits still, and having a tool like maven that is incredibly rigid and hard to use and modify makes that growth incredibly painful.
For example, you can easily start with gradle with just a few lines. You don’t need to worry about plugins, extra tasks, etc. Then as your project grows you can add in things like mutation testing, integration testing, plugins to share your configuration between all your projects. This growth is incredibly easy with a build tool that uses a DSL rather than one that is purely descriptive.
Yes, it’s massive pain if you pick up someone’s project and they’ve made a mess of things. But if you actually work with competent people this generally isn’t a problem. And it shouldn’t be a problem if you’re using open source projects that have a decent number of users.
Maven has unit and integration test phases and there are a multitude of plugins designed to hook into those phases but there are constraints by design.
Trying to hook everything into the build management system is a source of technical debt, your using a tool for something it wasn’t designed.
I would look at what makes sense within the build management system and what makes sense in a CI pipeline.
CI tools have different DSL and usually provide a means to manage environments. Certain integration and system level tests are best performed there.
For instance I keep system tests as a seperate managed project. The project can be executed from developer machines for local builds but I also create a small build pipeline to build the project, deploy it and run the system tests against it triggered by pull requests.
This is why I say the build management system doesn’t really change, because you should treat everything as descrete standalone components.
The Parent POM gets updates once every six months, the basic build verification CI pipeline only changes to the latest language release, etc…
Projects which try to embed gitflow into a pom or integrate CD into the gradle file are the unbuildable messes I get asked to fix.
Trying to hook everything into the build management system is a source of technical debt, your using a tool for something it wasn’t designed.
I never said to do this…
CI tools have different DSL and usually provide a means to manage environments. Certain integration and system level tests are best performed there.
Hm? no, definitely don’t do this. We’ve literally spent half a decade at my current company trying to get rid of the system that previous devs that thought this was a good idea, and this is exactly what they did. Your integration tests and system level tests should not depend on the environment you run them in. You should be able to execute them from anywhere and have them run the same. Depending on CI to do that for you means that you are tightly tied to not only your CI, but whomever maintains that infrastructure, the resources around that infrastructure, whether those are build machines, secrets, or even the workflows themselves.
For instance I keep system tests as a seperate managed project. The project can be executed from developer machines for local builds but I also create a small build pipeline to build the project, deploy it and run the system tests against it triggered by pull requests.
That… has nothing to do with CI/CD… You’re just not using your build management tool (which is built to execute tests) to execute your tests…
This is why I say the build management system doesn’t really change, because you should treat everything as descrete standalone components.
I do not understand what you’re saying here. You’re going to have to explain more.
The Parent POM gets updates once every six months, the basic build verification CI pipeline only changes to the latest language release, etc…
And is that because you’re not actually updating your dependencies that are in your parent POM? Because we update dependencies multiple times a week. Not really sure where you’re going with this though.
Projects which try to embed gitflow into a pom or integrate CD into the gradle file are the unbuildable messes I get asked to fix.
I don’t think I ever recommended either of those things. For one, gitflow is a terrible workflow, and two, why would you need to integrate CD into the gradle file? Your pipeline calls your gradle tasks to perform the things your build needs. Not making gradle into a CI tool.
Maven has a high learning curve, but once learned it is incredibly simple to use.
That high bar is created by the tool configuration. You can change and hack everything, but you have to understand how Maven works to do so. This generally blocks people from doing really stupid things, because you have to learn how maven works to successfully modify it and in doing so you learn why you shouldn’t.
This is the exact weakness of Gradle, the barrier for modification is far lower and the tool is far less rigid. So you get lots of people who are still learning implement all sorts of weird and terrible practice.
The end result is I can usually dust off someone elses old maven project and it will build immediately using “mvn clean install”, about half the gradle projects I have been brought in on won’t without reverse engineering effort because they have things hard coded all over them. A not small percentage are so mangled they can’t be built without the dev who wrote it’s machine.
Also you really shouldn’t be tinkering with your build pipelines that much. Initial constraints determine the initial solution, then periodically you review them to improve. DevSecOps exists to speed development and ease support it isn’t a goal in of itself
Completely agree. I can jump into any maven project and understand it with ease. Gradle on the other hand requires deep understanding of the build file due to all the flexibility that it offers.
I can agree with most of that, but my point wasn’t that you should be “tinkering” with your build file, but that as time goes on and your project grows and your team grows you should be making improvements. No active project sits still, and having a tool like maven that is incredibly rigid and hard to use and modify makes that growth incredibly painful.
For example, you can easily start with gradle with just a few lines. You don’t need to worry about plugins, extra tasks, etc. Then as your project grows you can add in things like mutation testing, integration testing, plugins to share your configuration between all your projects. This growth is incredibly easy with a build tool that uses a DSL rather than one that is purely descriptive.
Yes, it’s massive pain if you pick up someone’s project and they’ve made a mess of things. But if you actually work with competent people this generally isn’t a problem. And it shouldn’t be a problem if you’re using open source projects that have a decent number of users.
Maven has unit and integration test phases and there are a multitude of plugins designed to hook into those phases but there are constraints by design.
Trying to hook everything into the build management system is a source of technical debt, your using a tool for something it wasn’t designed.
I would look at what makes sense within the build management system and what makes sense in a CI pipeline.
CI tools have different DSL and usually provide a means to manage environments. Certain integration and system level tests are best performed there.
For instance I keep system tests as a seperate managed project. The project can be executed from developer machines for local builds but I also create a small build pipeline to build the project, deploy it and run the system tests against it triggered by pull requests.
This is why I say the build management system doesn’t really change, because you should treat everything as descrete standalone components.
The Parent POM gets updates once every six months, the basic build verification CI pipeline only changes to the latest language release, etc…
Projects which try to embed gitflow into a pom or integrate CD into the gradle file are the unbuildable messes I get asked to fix.
I never said to do this…
Hm? no, definitely don’t do this. We’ve literally spent half a decade at my current company trying to get rid of the system that previous devs that thought this was a good idea, and this is exactly what they did. Your integration tests and system level tests should not depend on the environment you run them in. You should be able to execute them from anywhere and have them run the same. Depending on CI to do that for you means that you are tightly tied to not only your CI, but whomever maintains that infrastructure, the resources around that infrastructure, whether those are build machines, secrets, or even the workflows themselves.
That… has nothing to do with CI/CD… You’re just not using your build management tool (which is built to execute tests) to execute your tests…
I do not understand what you’re saying here. You’re going to have to explain more.
And is that because you’re not actually updating your dependencies that are in your parent POM? Because we update dependencies multiple times a week. Not really sure where you’re going with this though.
I don’t think I ever recommended either of those things. For one, gitflow is a terrible workflow, and two, why would you need to integrate CD into the gradle file? Your pipeline calls your gradle tasks to perform the things your build needs. Not making gradle into a CI tool.