UOETianleZhang commented on issue #12676:
URL: https://github.com/apache/pinot/issues/12676#issuecomment-2993071776
Hi folks,
I’m thrilled to share that we’ve introduced a new **Maven Enforcer rule** in
**Apache Pinot** to enforce **Dependency Management** best practices—and it’s
already making a real impact on the health of our OSS project! 🎉
## What we built
- **Custom Maven Enforcer rule**: rejects non-compliant dependency
declarations in real time
- **CI integration**: hooked into our linter test suite so every PR is
automatically validated
- **Retroactive cleanup**: one-time fix to existing POMs to align with best
practices
## Key wins
1. **No more hard-coded versions** in the root POM
- Builds fail for hard-coded literal version number.
- Example: [PR #15810 – Hardcoded version
rejection](https://github.com/apache/pinot/pull/15810)
2. **Enforced `<dependencyManagement>` in root POM**
- Direct dependency declarations in the root POM now trigger a failure.
- Example: [PR #15811 – DependencyManagement enforcement in root
POM](https://github.com/apache/pinot/pull/15811)
3. **Blocked version tags in submodule POMs** (not enforced in pinot-plugins)
- Centralized version control only; rogue `<version>` tags are banned so
that versions defined in the root POM will be used
- Example: [PR #15812 – Submodule version
ban](https://github.com/apache/pinot/pull/15812)
4. **Migrated to a centralized BOM** (Not enforced by the cutomized rule)
- Unified dependency versions via a Bill of Materials
- Example: [PR #15892 – BOM
adoption](https://github.com/apache/pinot/pull/15892)
## Behind the scenes
- [PR #15739 – Initial Enforcer rule
implementation](https://github.com/apache/pinot/pull/15739)
- [PR #15795 – CI pipeline
integration](https://github.com/apache/pinot/pull/15795)
- [PR #15892 – BOM adoption](https://github.com/apache/pinot/pull/15892)
- [PR #15501 – Pre-cleanup of legacy
POMs](https://github.com/apache/pinot/pull/15501)
With these safeguards in place, **every** OSS contributor now has an
automatic safety net: non-compliant PRs will fail the build, keeping our
dependency tree clean, preventing version conflicts, and accelerating reviews.
A huge thank you to everyone who helped design, implement, and test these
improvements—we’re raising the bar for project quality and maintainability! 🚀
cc @gviedma @siddharthteotia @Jackie-Jiang @xiangfu0 @timveil @leujean02
@ankitsultana
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
