Reorganize Gradle build

[bclozel]

This is a much needed follow up issue for #20440.

Currently the Spring Framework build is mixing scripts, conventions and dependency information in .gradle files, some of them externalized in a gradle folder. The goal of this issue is to refactor the current build to scripts and conventions into build plugins. Each project/subproject should then selectively apply those plugins and only describe the specific dependencies in their build file.

Since our last efforts, Gradle had significant improvements and lots of new features that could be useful to Spring Framework.

Here is the list of the tasks for this issue:

• Rewrite the "test source sets" plugin from Groovy to Java
• Do not use the propdeps plugin and replace provided/optional with compileOnly and a custom optional configuration (see spring-core-5.2.0.M3.pom missing netty dependencies #23234)
• Do not publish optional/provided dependencies in published POMs
• Move the Java compilation configuration to a convention. The Kotlin one is short and comes with the Kotlin plugin declaration, so we're letting that part in the main build file for now.
• Remove Gradle wrapper customization as script and move it to gradle.properties if necessary
• Move the JDiff to a separate plugin and use Japicmp instead
• Move integration tests to a separate module
• Reorganize tasks and scripts to selectively apply them to one of: root project, framework module, internal module (BOM, coroutines, integration-tests)
• Download the "spring-docs-resources" zip as an URL and do not resolve it as a dependency (see Stop using libs-* repo in favour of consistent use of Maven Central #23124)
• Use "spring-*" as a project name only for Spring Framework published modules. Rename internal modules accordingly ("spring-framework-bom", "spring-core-coroutines"...)
• Use Gradle Platform features for publishing the Spring Framework BOM
• Use the standard Gradle "Maven Publish plugin"
• Apply and configure the artifactory publish plugin directly (instead of delegating that to the CI server). This allows us to really control which artifacts are published, without workarounds.

[sbrannen]

Remove outdated Eclipse support (replaced by Buildship)

We need to be cautious here. Buildship is not perfect, and the last time I checked... we need our custom configuration for the Eclipse classpath, etc.

Maybe you can perform that work in a dedicated PR for closer review?

[bclozel]

@sbrannen We don't use that support in our own documentation for contributors: https://github.com/spring-projects/spring-framework/blob/master/import-into-eclipse.md

I thought it wasn't relevant anymore?

[sbrannen]

@bclozel, whenever one uses Buildship in Eclipse, the eclipse customization in the Gradle build is honored.

I don't think it's well documented, but it is at least officially mentioned here and here.

And the "Project synchronization" section of this article demonstrates advanced features like those that we use in ide.gradle.

In summary, if we remove all of our eclipse customization in the Gradle build I fear that our projects will not work properly with the standard Buildship features. Hence the need to be cautious before totally removing all of that.

[rwinch]

@bclozel Is there a reason we want to remove the provided/optional dependencies? As a consumer of projects, I find it useful to look in the pom to see what version of optional dependencies they use so I know which versions are going to work. Granted I could look in the Gradle build for this information, but Gradle's flexibility in this manner makes it harder to figure out than looking in a pom.xml file.

[bclozel]

@rwinch, I'm elaborating on that in #23234
Also, this issue will move all the dependency management in the main build.gradle file, so things should be easier to read there (versions, BOMs, exclusions, everything!).

[rwinch]

@bclozel Thanks for the additional information.

I don't agree with the assessment. Even if things are easier to read by moving them to the main build.gradle, this is something specific to Spring Framework's Gradle build. This simplification still requires knowledge of Gradle and Spring Frameworks build (other projects could just as easily place the information in the build.gradle for each project). This means a Maven user must have knowledge of Gradle in order to figure out the optional dependencies.

User's could look at Spring Boot for guidance on dependencies, but this is also confusing. I've never been told to look for dependencies I should use by leveraging a separate project. How is a user to know that they should look at Spring Boot for the dependencies? Spring Boot can help with versions, but how does it indicate what groupId/artifactId users should be using for each Spring project?

I understand that mapping in Maven is far from perfect. However, defining optional and provided dependencies is what is expected in Maven pom.xml files. Deviating from this convention in a Maven pom.xml is confusing to Maven users even if it is not a direct mapping from our Gradle build. Asking Maven users to learn another build system or look in another project for dependency information is not ideal either (it deviates from Maven definition of a pom.xml).

Please consider adding optional and provided dependencies back to Spring's pom.xml.

[bclozel]

@rwinch my last assessment was only directed to you, when looking for information about the Spring Framework build as a project maintainer.

I think there are two issues here:

1. We're somehow considering that shipping optional/provided dependencies in our generated POM is a legitimate way to convey information about Spring's support for libraries. The maven metadata model is not tailored for that as it is declaring things for your build but the intent is not to communicate additional metadata to consumers. That's my personal opinion, and I think that's where Gradle is coming from with the feature variants.
2. Even if I disagree with that model, developers are indeed looking at the generated POM for guidance or building automation (see spring-core-5.2.0.M3.pom missing netty dependencies #23234). As explained in this comment, I've actually tried to create feature variants for Spring Framework and let those translate to optional dependencies in the generated POM. It turns out most dependencies indicate how we want to build Spring rather than what we can do with it or how we should use it.

In the end, removing that information from the generated POM is more about avoiding to communicate misleading information. The Spring Boot BOM fills that role in a much better way: it provides information about dependencies (coordinates, version) that are fully tested by the Spring Boot build with many Spring projects. This BOM can be used by non-Spring Boot applications as well. I for some reason we don't want to involve Spring Boot here, we should provide this information in a different way and not try to derive it from our build since it seems we can't extract meaningful information from it for this use case.

[rwinch]

The problem with these approaches is that it deviates from Maven's definition of a pom.xml and yet we are publishing a Maven pom.xml Deviating from the Maven definition of a pom is even more confusing (because we are trying to define it ourselves). The confusion around what the optional / provided mean is expected in a Maven pom and developers using Maven have become accustom to that. If we are going to publish a pom, it should follow Maven conventions which include provided and optional dependencies.

[bclozel]

We're still publishing a perfectly valid POM, and generating that information from our Gradle build. We do have many custom and non-custom configurations, including compileOnly, which don't map to maven concepts. We're not exporting those.

Even in a pure Maven setup, you can filter/flatten your published POMs, and I'd argue we're doing that now to avoid misleading our users. Unless we find a way to provide accurate and meaningful information in our metadata, I don't see a good reason to bring that back into the published POM.

Let's take a step back. What are the use cases for getting the information we were providing so far and why?

[rwinch]

What are the use cases for getting the information we were providing so far and why?

As a user of pom.xml this is where I know to go to get dependency information. Putting the information anywhere else puts Spring on an island which means extra work for users to discover where that information is.

I believe all comments about why we don't want to do it because it is confusing is something that is expected in Maven projects. Removing the information is not helpful because it is different than what users are expecting. A few responses to the examples:

has a couple of log4j and slf4j dependencies, but those are not the actual dependencies you should have to enable logging with a logging framework. Those are dependencies that we use to build the specific bridge implementations, but using a logging framework requires more than that.

I don't understand why this is a problem. User's aren't going to bring the dependencies in if they don't need them. They are optional/provided...so a user isn't going to add them.

depends on netty-buffer, but a Spring application should not depend on Netty directly, but rather on Reactor Netty. This is used for managing DataBuffer instances with Reactor Netty as a server. So this tells us more about a particular spring-webflux use case, rather than something that is actually linked with spring-core itself

Correct, but the information for reactor-netty is in the pom which they do need information about. If the dependency is listed as optional or provided users are use to sorting through this.

While the Framework itself is compatible with Servlet 3.1+, some modules might build specific support for Servlet 4 features. Reading the versions of those optional dependencies is just misleading.

This is something that users are use to. Place the best version as an optional dependency to convey what is preferred but don't remove the information all together. This is not any different than a required dependency where multiple versions are supported. Boot takes a preference for JUnit 4 and provides this in the pom, but JUnit 5 is still supported.

[bclozel]

Our Gradle build has been significantly refactored and published artifacts are stable.
We'll create new issues for other build changes.

[sbrannen]

Related to #23550