Jonathan Lalou's Blog

Posts Tagged ‘Maven’

🚀 Mastering Flyway Migrations with Maven

Managing database migrations can be tricky, but Flyway simplifies the process with versioned scripts for schema changes, data updates, and rollbacks.
Here’s a quick guide with useful examples:

✅ 1️⃣ Creating a Table (V1 – Initial migration)
“`
CREATE TABLE users (
id SERIAL PRIMARY KEY,
username VARCHAR(50)…,
email VARCHAR(100)…,
created_at TIMESTAMP…
);
“`
✅ 2️⃣ Inserting Sample Data (V2)
“`
INSERT INTO users (username, email) VALUES
(‘alice’, ‘alice@example.com‘),
(‘bob’, ‘bob@…’);
“`

✅ 3️⃣ Adding a New Column (V3 – Schema change)
“`
ALTER TABLE users ADD COLUMN last_login TIMESTAMP;
“`

✅ 4️⃣ Renaming a Column (V4)
“`
ALTER TABLE users RENAME COLUMN email TO contact;
“`

♻ Undo Script (U4__Rename_email_to_contact.sql)
“`
ALTER TABLE users RENAME COLUMN contact TO email;
“`

✅ 5️⃣ Deleting a Column (V5)
“`
ALTER TABLE users DROP COLUMN last_login;
“`

♻ Undo Script (U5__Revert_remove_last_login.sql)
“`
ALTER TABLE users ADD COLUMN last_login TIMESTAMP;
“`

✅ 6️⃣ Deleting Specific Data (V6)
“`
DELETE FROM users WHERE username = ‘alice’;
“`

♻ Undo Script (U6__Revert_delete_user.sql)
“`
INSERT INTO users (username, contact) VALUES (‘alice’, ‘alice@example.com‘);
“`

💡 Configuring Flyway in pom.xml
To integrate Flyway into your Spring Boot or Java project, add the following configuration in your `pom.xml`:
“`
<properties>
<flyway.version>11.4.1</flyway.version>
</properties>

<dependencies>
<!– Flyway Core –>
<dependency>
<groupId>org.flywaydb</groupId>
<artifactId>flyway-core</artifactId>
<version>${flyway.version}</version>
</dependency>

<!– Database Driver (Example: PostgreSQL) –>
<dependency>
“org.postgresql:postgresql:runtime”
</dependency>
</dependencies>

<build>
<plugins>
<plugin>
<groupId>org.flywaydb</groupId>
<artifactId>flyway-maven-plugin</artifactId>
<version>${flyway.version}</version>
<configuration>
<url>jdbc:postgresql://localhost:5432/mydb</url>
<user>myuser</user>
<password>mypassword</password>
<schemas>public</schemas>
<locations>filesystem:src/main/resources/db/migration</locations>
</configuration>
</plugin>
</plugins>
</build>
“`

📂 Migration scripts should be placed in:
`src/main/resources/db/migration/`
Example:
“`
V1__Create_users_table.sql
V2__Insert_sample_data.sql
V3__Add_last_login_column.sql
“`

💡 Flyway Maven Plugin Commands
👉Apply migrations:
“`mvn flyway:migrate“`
👉Undo the last migration (if `flyway.licenseKey` is provided):
“`mvn flyway:undo“`
👉Check migration status:
“`mvn flyway:info“`
👉Repair migration history:
“`mvn flyway:repair“`
Clean database (⚠Deletes all tables!):
“`mvn flyway:clean“`

Posted in en-US | Tags: Flyway, Maven | No Comments »

Understanding Dependency Management and Resolution: A Look at Java, Python, and Node.js

Author: Jonathan Lalou

Understanding Dependency Management and Resolution: A Look at Java, Python, and Node.js

Mastering how dependencies are handled can define your project’s success or failure. Let’s explore the nuances across today’s major development ecosystems.

Introduction

Every modern application relies heavily on external libraries. These libraries accelerate development, improve security, and enable integration with third-party services. However, unmanaged dependencies can lead to catastrophic issues — from version conflicts to severe security vulnerabilities. That’s why understanding dependency management and resolution is absolutely essential, particularly across different programming ecosystems.

What is Dependency Management?

Dependency management involves declaring external components your project needs, installing them properly, ensuring their correct versions, and resolving conflicts when multiple components depend on different versions of the same library. It also includes updating libraries responsibly and securely over time. In short, good dependency management prevents issues like broken builds, “dependency hell”, or serious security holes.

Java: Maven and Gradle

In the Java ecosystem, dependency management is an integrated and structured part of the build lifecycle, using tools like Maven and Gradle.

Maven and Dependency Scopes

Maven uses a declarative pom.xml file to list dependencies. A particularly important notion in Maven is the dependency scope.

Scopes control where and how dependencies are used. Examples include:

compile (default): Needed at both compile time and runtime.
provided: Needed for compile, but provided at runtime by the environment (e.g., Servlet API in a container).
runtime: Needed only at runtime, not at compile time.
test: Used exclusively for testing (JUnit, Mockito, etc.).
system: Provided by the system explicitly (deprecated practice).


<dependency>
  <groupId>junit</groupId>
  <artifactId>junit</artifactId>
  <version>4.13.2</version>
  <scope>test</scope>
</dependency>

This nuanced control allows Java developers to avoid bloating production artifacts with unnecessary libraries, and to fine-tune build behaviors. This is a major feature missing from simpler systems like pip or npm.

Gradle

Gradle, offering both Groovy and Kotlin DSLs, also supports scopes through configurations like implementation, runtimeOnly, testImplementation, which have similar meanings to Maven scopes but are even more flexible.


dependencies {
    implementation 'org.springframework.boot:spring-boot-starter'
    testImplementation 'org.springframework.boot:spring-boot-starter-test'
}

Python: pip and Poetry

Python dependency management is simpler, but also less structured compared to Java. With pip, there is no formal concept of scopes.

pip

Developers typically separate main dependencies and development dependencies manually using different files:

requirements.txt – Main project dependencies.
requirements-dev.txt – Development and test dependencies (pytest, tox, etc.).

This manual split is prone to human error and lacks the rigorous environment control that Maven or Gradle enforce.

Poetry

Poetry improves the situation by introducing a structured division:


[tool.poetry.dependencies]
requests = "^2.31"

[tool.poetry.dev-dependencies]
pytest = "^7.1"

Poetry brings concepts closer to Maven scopes, but they are still less fine-grained (no runtime/compile distinction, for instance).

Node.js: npm and Yarn

JavaScript dependency managers like npm and yarn allow a simple distinction between regular and development dependencies.

npm

Dependencies are declared in package.json under different sections:

dependencies – Needed in production.
devDependencies – Needed only for development (e.g., testing libraries, linters).


{
  "dependencies": {
    "express": "^4.18.2"
  },
  "devDependencies": {
    "mocha": "^10.2.0"
  }
}

While convenient, npm’s dependency management lacks Maven’s level of strictness around dependency resolution, often leading to version mismatches or “node_modules bloat.”

Key Differences Between Ecosystems

When switching between Java, Python, and Node.js environments, developers must be aware of the following fundamental differences:

1. Formality of Scopes

Java’s Maven/Gradle ecosystem defines scopes formally at the dependency level. Python (pip) and JavaScript (npm) ecosystems use looser, file- or section-based categorization.

2. Handling of Transitive Dependencies

Maven and Gradle resolve and include transitive dependencies automatically with sophisticated conflict resolution strategies (e.g., nearest version wins). pip historically had weak transitive dependency handling, leading to issues unless careful pinning is done. npm introduced better nested module flattening with npm v7+ but conflicts still occur in complex trees.

3. Lockfiles

npm/yarn and Python Poetry use lockfiles (package-lock.json, yarn.lock, poetry.lock) to ensure consistent dependency installations across machines. Maven and Gradle historically did not need lockfiles because they strictly followed declared versions and scopes. However, Gradle introduced lockfile support with dependency locking in newer versions.

4. Dependency Updating Strategy

Java developers often manually manage dependency versions inside pom.xml or use dependencyManagement blocks for centralized control. pip requires updating requirements.txt or regenerating them via pip freeze. npm/yarn allows semver rules (“^”, “~”) but auto-updating can lead to subtle breakages if not careful.

Best Practices Across All Languages

Pin exact versions wherever possible to avoid surprise updates.
Use lockfiles and commit them to version control (Git).
Separate production and development/test dependencies explicitly.
Use dependency scanners (e.g., OWASP Dependency-Check, Snyk, npm audit) regularly to detect vulnerabilities.
Prefer stable, maintained libraries with good community support and recent commits.

Conclusion

Dependency management, while often overlooked early in projects, becomes critical as applications scale. Maven and Gradle offer the most fine-grained controls via dependency scopes and conflict resolution. Python and JavaScript ecosystems are evolving rapidly, but require developers to be much more careful manually. Understanding these differences, and applying best practices accordingly, will ensure smoother builds, faster delivery, and safer production systems.

Posted in en-US | Tags: Java, Maven, NodeJS, npm, pip, Python | No Comments »

[Devoxx FR 2024] Mastering Reproducible Builds with Apache Maven: Insights from Hervé Boutemy

Author: Jonathan Lalou

Introduction

In a recent presentation, Hervé Boutemy, a veteran Maven maintainer, Apache Software Foundation member, and Solution Architect at Sonatype, delivered a compelling talk on reproducible builds with Apache Maven. With over 20 years of experience in Java, CI/CD, DevOps, and software supply chain security, Hervé shared his five-year journey to make Maven builds reproducible, a critical practice for achieving the highest level of trust in software, as defined by SLSA Level 4. This post dives into the key concepts, practical steps, and surprising benefits of reproducible builds, based on Hervé’s insights and hands-on demonstrations.

What Are Reproducible Builds?

Reproducible builds ensure that compiling the same source code, with the same environment and build tools, produces identical binaries, byte-for-byte. This practice verifies that the distributed binary matches the source code, eliminating risks like malicious tampering or unintended changes. Hervé highlighted the infamous XZ incident, where discrepancies between source tarballs and Git repositories went unnoticed—reproducible builds could have caught this by ensuring the binary matched the expected source.

Originally pioneered by Linux distributions like Debian in 2013, reproducible builds have gained traction in the Java ecosystem. Hervé’s work has led to over 2,000 verified reproducible releases from 500+ open-source projects on Maven Central, with stats growing weekly.

Why Reproducible Builds Matter

Reproducible builds are primarily about security. They allow anyone to rebuild a project and confirm that the binary hasn’t been compromised (e.g., no backdoors or “foireux” additions, as Hervé humorously put it). But Hervé’s five-year experience revealed additional benefits:

Build Validation: Ensure patches or modifications don’t introduce unintended changes. A “build successful” message doesn’t guarantee the binary is correct—reproducible builds do.
Data Leak Prevention: Hervé found sensitive data (e.g., usernames, machine names, even a PGP passphrase!) embedded in Maven Central artifacts, exposing personal or organizational details.
Enterprise Trust: When outsourcing development, reproducible builds verify that a vendor’s binary matches the provided source, saving time and reducing risk.
Build Efficiency: Reproducible builds enable caching optimizations, improving build performance.

These benefits extend beyond security, making reproducible builds a powerful tool for developers, enterprises, and open-source communities.

Implementing Reproducible Builds with Maven

Hervé outlined a practical workflow to achieve reproducible builds, demonstrated through his open-source project, reproducible-central, which includes scripts and rebuild recipes for 3,500+ compilations across 627+ projects. Here’s how to make your Maven builds reproducible:

Step 1: Rebuild and Verify

Start by rebuilding a project from its source (e.g., a Git repository tag) and comparing the output binary to a reference (e.g., Maven Central or an internal repository). Hervé’s rebuild.sh script automates this:

Specify the Environment: Define the JDK (e.g., JDK 8 or 17), OS (Windows, Linux, FreeBSD), and Maven command (e.g., mvn clean verify -DskipTests).
Use Docker: The script creates a Docker image with the exact environment (JDK, OS, Maven version) to ensure consistency.
Compare Binaries: The script downloads the reference binary and checks if the rebuilt binary matches, reporting success or failure.

Hervé demonstrated this with the Maven Javadoc Plugin (version 3.5.0), showing a 100% reproducible build when the environment matched the original (e.g., JDK 8 on Windows).

Step 2: Diagnose Differences

If the binaries don’t match, use diffoscope, a tool from the Linux reproducible builds community, to analyze differences. Diffoscope compares archives (e.g., JARs), nested archives, and even disassembles bytecode to pinpoint issues like:

Timestamps: JARs include file timestamps, which vary by build time.
File Order: ZIP-based JARs don’t guarantee consistent file ordering.
Bytecode Variations: Different JDK major versions produce different bytecode, even for the same target (e.g., targeting Java 8 with JDK 17 vs. JDK 8).
Permissions: File permissions (e.g., group write access) differ across environments.

Hervé showed a case where a build failed due to a JDK mismatch (JDK 11 vs. JDK 8), which diffoscope revealed through bytecode differences.

Step 3: Configure Maven for Reproducibility

To make builds reproducible, address common sources of “noise” in Maven projects:

Fix Timestamps: Set a consistent timestamp using the project.build.outputTimestamp property, managed by the Maven Release or Versions plugins. This ensures JARs have identical timestamps across builds.
Upgrade Plugins: Many Maven plugins historically introduced variability (e.g., random timestamps or environment-specific data). Hervé contributed fixes to numerous plugins, and his artifact:check-buildplan goal identifies outdated plugins, suggesting upgrades to reproducible versions.
Avoid Non-Reproducible Outputs: Skip Javadoc generation (highly variable) and GPG signing (non-reproducible by design) during verification.

For example, Hervé explained that configuring project.build.outputTimestamp and upgrading plugins eliminated timestamp and file-order issues in JARs, making builds reproducible.

Step 4: Test Locally

Before scaling, test reproducibility locally using mvn verify (not install, which pollutes the local repository). The artifact:compare goal compares your build output to a reference binary (e.g., from Maven Central or an internal repository). For internal projects, specify your repository URL as a parameter.

To test without a remote repository, build twice locally: run mvn install for the first build, then mvn verify for the second, comparing the results. This catches issues like unfixed dates or environment-specific data.

Step 5: Scale and Report

For large-scale verification, adapt Hervé’s reproducible-central scripts to your internal repository. These scripts generate reports with group IDs, artifact IDs, and reproducibility scores, helping track progress across releases. Hervé’s stats (e.g., 100% reproducibility for some projects, partial for others) provide a model for enterprise reporting.

Challenges and Lessons Learned

Hervé shared several challenges and insights from his journey:

JDK Variability: Bytecode differs across major JDK versions, even for the same target. Always match the original JDK major version (e.g., JDK 8 for a Java 8 target).
Environment Differences: Windows vs. Linux line endings (CRLF vs. LF) or file permissions (e.g., group write access) can break reproducibility. Docker ensures consistent environments.
Plugin Issues: Older plugins introduced variability, but Hervé’s contributions have made modern versions reproducible.
Unexpected Findings: Reproducible builds uncovered sensitive data in Maven Central artifacts, highlighting the need for careful build hygiene.

One surprising lesson came from file permissions: Hervé discovered that newer Linux distributions default to non-writable group permissions, unlike older ones, requiring adjustments to build recipes.

Interactive Learning: The Quiz

Hervé ended with a fun quiz to test the audience’s understanding, presenting rebuild results and asking, “Reproducible or not?” Examples included:

Case 1: A Maven Javadoc Plugin 3.5.0 build matched the reference perfectly (reproducible).
Case 2: A build showed bytecode differences due to a JDK mismatch (JDK 11 vs. JDK 8, not reproducible).
Case 3: A build differed only in file permissions (group write access), fixable by adjusting the environment (reproducible with a corrected recipe).

The quiz reinforced a key point: reproducibility requires precise environment matching, but tools like diffoscope make debugging straightforward.

Getting Started

Ready to make your Maven builds reproducible? Follow these steps:

Clone reproducible-central and explore Hervé’s scripts and stats.
Run mvn artifact:check-buildplan to identify and upgrade non-reproducible plugins.
Set project.build.outputTimestamp in your POM file to fix JAR timestamps.
Test locally with mvn verify and artifact:compare, specifying your repository if needed.
Scale up using rebuild.sh and Docker for consistent environments, adapting to your internal repository.

Hervé encourages feedback to improve his tools, so if you hit issues, reach out via the project’s GitHub or Apache’s community channels.

Conclusion

Reproducible builds with Maven are not only achievable but transformative, offering security, trust, and operational benefits. Hervé Boutemy’s work demystifies the process, providing tools, scripts, and a clear roadmap to success. From preventing backdoors to catching configuration errors and sensitive data leaks, reproducible builds are a must-have for modern Java development.

Start small with artifact:check-buildplan, test locally, and scale with reproducible-central. As Hervé’s 3,500+ rebuilds show, the Java community is well on its way to making reproducibility the norm. Join the movement, and let’s build software we can trust!

Resources

Posted in en-US | Tags: Devoxx, Maven | No Comments »

[DevoxxFR2014] Tips and Tricks for Releasing with Maven, Hudson, Artifactory, and Git: Streamlining Software Delivery

Author: Jonathan Lalou

Lecturer

Michael Hüttermann, a freelance DevOps consultant from Germany, specializes in optimizing software delivery pipelines. With a background in Java development and continuous integration, he has authored books on Agile ALM and contributes to open-source projects. His expertise lies in integrating tools like Maven, Jenkins (formerly Hudson), Artifactory, andទ

System: ## Git, and Maven to create efficient release processes. His talk at Devoxx France 2014 shares practical strategies for streamlining software releases, drawing on his extensive experience in DevOps consulting.

Abstract

Releasing software with Maven can be a cumbersome process, often fraught with manual steps and configuration challenges, despite Maven’s strengths as a build tool. In this lecture from Devoxx France 2014, Michael Hüttermann presents a comprehensive guide to optimizing the release process by integrating Maven with Hudson (now Jenkins), Artifactory, and Git. He explores the limitations of Maven’s release plugin and offers lightweight alternatives that enhance automation, traceability, and efficiency. Through detailed examples and best practices, Hüttermann demonstrates how to create a robust CI/CD pipeline that leverages version control, binary management, and continuous integration to deliver software reliably. The talk emphasizes practical configurations, common pitfalls, and strategies for achieving seamless releases in modern development workflows.

The Challenges of Maven Releases

Maven is a powerful build tool that simplifies dependency management and build automation, but its release plugin can be rigid and complex. Hüttermann explains that the plugin often requires manual version updates, tagging, and deployment steps, which can disrupt workflows and introduce errors. For example, the mvn release:prepare and mvn release:perform commands automate versioning and tagging, but they lack flexibility for custom workflows and can fail if network issues or repository misconfigurations occur.

Hüttermann advocates for a more integrated approach, combining Maven with Hudson, Artifactory, and Git to create a streamlined pipeline. This integration addresses key challenges: ensuring reproducible builds, managing binary artifacts, and maintaining version control integrity.

Building a CI/CD Pipeline with Hudson

Hudson, now known as Jenkins, serves as the orchestration hub for the release process. Hüttermann describes a multi-stage pipeline that automates building, testing, and deploying Maven projects. A typical Jenkins pipeline might look like this:

pipeline {
    agent any
    stages {
        stage('Checkout') {
            steps {
                git url: 'https://github.com/example/repo.git', branch: 'main'
            }
        }
        stage('Build') {
            steps {
                sh 'mvn clean package'
            }
        }
        stage('Deploy') {
            steps {
                sh 'mvn deploy -DskipTests'
            }
        }
    }
}

The pipeline connects to a Git repository, builds the project with Maven, and deploys artifacts to Artifactory. Hüttermann emphasizes the importance of parameterized builds, allowing developers to specify release versions or snapshot flags dynamically.

Leveraging Artifactory for Binary Management

Artifactory, a binary repository manager, plays a critical role in storing and distributing Maven artifacts. Hüttermann highlights its ability to manage snapshots and releases, ensuring traceability and reproducibility. Artifacts are deployed to Artifactory using Maven’s deploy goal:

mvn deploy -DaltDeploymentRepository=artifactory::default::http://artifactory.example.com/releases

This command uploads artifacts to a specified repository, with Artifactory providing metadata for dependency resolution. Hüttermann notes that Artifactory’s cloud-based hosting simplifies access for distributed teams, and its integration with Jenkins via plugins enables automated deployment.

Git Integration for Version Control

Git serves as the version control system, managing source code and enabling release tagging. Hüttermann recommends using Git commit hashes to track builds, ensuring traceability. A typical release process involves creating a tag:

git tag -a v1.0.0 -m "Release 1.0.0"
git push origin v1.0.0

Jenkins’ Git plugin automates checkout and tagging, reducing manual effort. Hüttermann advises using a release branch for stable versions, with snapshots developed on main to maintain a clear workflow.

Streamlining the Release Process

To overcome the limitations of Maven’s release plugin, Hüttermann suggests custom scripts and Jenkins pipelines to automate versioning and deployment. For example, a script to increment version numbers in the pom.xml file can be integrated into the pipeline:

mvn versions:set -DnewVersion=1.0.1

This approach allows fine-grained control over versioning, avoiding the plugin’s rigid conventions. Hüttermann also recommends using Artifactory’s snapshot repositories for development builds, with stable releases moved to release repositories after validation.

Common Pitfalls and Best Practices

Network connectivity issues can disrupt deployments, as Hüttermann experienced during a demo when a Jenkins job failed due to a network outage. He advises configuring retry mechanisms in Jenkins and using Artifactory’s caching to mitigate such issues. Another pitfall is version conflicts in multi-module projects; Hüttermann suggests enforcing consistent versioning across modules with Maven’s versions plugin.

Best practices include maintaining a clean workspace, using Git commit hashes for traceability, and integrating unit tests into the pipeline to ensure quality. Hüttermann also emphasizes the importance of separating source code (stored in Git) from binaries (stored in Artifactory) to maintain a clear distinction between development and deployment artifacts.

Practical Demonstration and Insights

During the lecture, Hüttermann demonstrates a Jenkins pipeline that checks out code from Git, builds a Maven project, and deploys artifacts to Artifactory. The pipeline includes parameters for release candidates and stable versions, showcasing flexibility. He highlights the use of Artifactory’s generic integration, which supports any file type, making it versatile for non-Maven artifacts.

The demo illustrates a three-stage process: building a binary, copying it to a workspace, and deploying it to Artifactory. Despite a network-related failure, Hüttermann uses the opportunity to discuss resilience, recommending offline capabilities and robust error handling.

Broader Implications for DevOps

The integration of Maven, Hudson, Artifactory, and Git aligns with DevOps principles of automation and collaboration. By automating releases, teams reduce manual errors and accelerate delivery, critical for agile development. Hüttermann’s approach supports both small startups and large enterprises, offering scalability through cloud-based Artifactory and Jenkins.

For developers, the talk provides actionable strategies to simplify releases, while organizations benefit from standardized pipelines that ensure compliance and traceability. The emphasis on lightweight processes challenges traditional heavy release cycles, promoting continuous delivery.

Conclusion: A Blueprint for Efficient Releases

Michael Hüttermann’s lecture offers a practical roadmap for streamlining software releases using Maven, Hudson, Artifactory, and Git. By addressing the shortcomings of Maven’s release plugin and leveraging integrated tools, developers can achieve automated, reliable, and efficient release processes. The talk underscores the importance of CI/CD pipelines in modern software engineering, providing a foundation for DevOps success.

Links

Posted in en-US | Tags: Artifactory, CICD, devops, DevoxxFR2014, Git, Jenkins, Maven, MichaelHuttermann | No Comments »

[DevoxxFR2013] Les Cast Codeurs Podcast: Reflecting on Four Years of Java Community Insights

Author: Jonathan Lalou

Lecturer

Emmanuel Bernard leads development on Hibernate and Quarkus at Red Hat, with expertise in ORM and data management. A Java Champion, he contributes to standards like JPA and Bean Validation. Vincent Massol acts as CTO at XWiki SAS, committing to the XWiki open-source project. He co-authored books on Maven and JUnit, and participates in Les Cast Codeurs podcast. Antonio Goncalves, Principal Software Engineer at Microsoft, founded the Paris Java User Group and authored books on Java EE. He engages in JCP expert groups for Java EE specifications. Guillaume Laforge advocates for Google Cloud Platform, previously managing Groovy. A Java Champion, he co-authored “Groovy in Action” and co-hosts Les Cast Codeurs. Arnaud Héritier manages software factories, committing to Apache Maven. He authored books on Maven and productivity, sharing at community events.

Abstract

This article evaluates the live recording of Les Cast Codeurs Podcast’s fourth anniversary at Devoxx France, hosted by Emmanuel Bernard, Vincent Massol, Antonio Goncalves, Guillaume Laforge, and Arnaud Héritier. It dissects discussions on Java ecosystem trends, conference experiences, and community dynamics. Framed as an informal yet insightful session, the analysis reviews topics like Java 8 features, build tools evolution, and event organization challenges. It assesses the podcast’s role in disseminating knowledge, implications for developer engagement, and reflections on technological shifts. Through anecdotes and audience interactions, it highlights the blend of humor, critique, and foresight that defines the podcast’s appeal in fostering a vibrant French Java community.

Origins and Evolution of Les Cast Codeurs

Les Cast Codeurs emerged from informal discussions among Java enthusiasts, evolving into a staple French-language podcast on Java and related technologies. Emmanuel recounts its inception four years prior, inspired by English counterparts like Java Posse. Initial episodes faced technical hurdles—recording via Skype with varying quality—but persistence yielded over 80 episodes by this milestone.

The format balances news, interviews, and debates, covering Java SE/EE advancements, tools like Maven and Gradle, and broader topics such as cloud computing. Vincent notes the shift from ad-hoc sessions to structured ones, incorporating listener feedback via tools like Google Forms for surveys. This anniversary episode, recorded live at Devoxx France, exemplifies community integration, with audience polls on attendance and preferences.

Growth metrics reveal listenership spikes around releases, averaging thousands per episode. Arnaud highlights international reach, with listeners in French-speaking regions and beyond, underscoring the podcast’s role in bridging linguistic gaps in tech discourse.

Navigating Java Ecosystem Trends and Challenges

Discussions delve into Java 8’s lambda expressions and streams, praised for enhancing code conciseness. Guillaume shares experiences with Groovy’s functional paradigms, drawing parallels to Java’s modernization. Critiques address Oracle’s stewardship post-Sun acquisition, with concerns over delayed releases and community involvement.

Build tools spark debate: Maven’s ubiquity contrasts with Gradle’s rising popularity for Android and flexibility. Antonio advocates for tool-agnostic approaches, while Emmanuel warns of migration costs. The panel concurs on the need for better dependency management, citing transitive conflicts as persistent issues.

Cloud and DevOps trends feature prominently, with reflections on PaaS like Cloud Foundry. Vincent emphasizes automation’s impact on deployment cycles, reducing manual interventions. Security vulnerabilities, like recent Java exploits, prompt calls for vigilant updates and sandboxing.

Community Engagement and Event Reflections

Devoxx France’s organization draws praise for inclusivity and speaker diversity. Arnaud recounts logistical feats—managing 1,000 attendees with volunteer support—highlighting French JUGs’ collaborative spirit. Comparisons to international Devoxx events note unique cultural flavors, like extended lunches fostering networking.

Audience polls reveal demographics: predominantly male, with calls for greater female participation. The panel encourages involvement in JUGs and conferences, citing benefits for skill-sharing and career growth. Humorous anecdotes, like Antonio’s “chouchou” moniker from keynote interactions, lighten the mood, reinforcing the podcast’s approachable style.

Reflections on past guests—industry leaders like James Gosling—underscore the platform’s prestige. Future plans include themed episodes on emerging tech like AI in Java.

Technological Shifts and Future Directions

The session probes Java’s relevance amid alternatives like Scala or Kotlin. Emmanuel defends Java’s ecosystem maturity, while Guillaume highlights Groovy’s interoperability. Discussions on open-source sustainability address funding models, with kudos to foundations like Apache.

Implications for education emphasize podcasts as accessible learning tools, supplementing formal training. The format’s conversational tone demystifies complex topics, aiding newcomers.

In conclusion, Les Cast Codeurs embodies community-driven knowledge dissemination, adapting to Java’s evolution while nurturing inclusivity. Its anniversary celebrates not just longevity but sustained impact on developer discourse.

Links:

Posted in en-US | Tags: AntonioGoncalves, ArnaudHéritier, DevoxxFR2013, DevoxxFrance, EmmanuelBernard, Gradle, GuillaumeLaforge, Java8, JavaCommunity, JavaPodcast, LesCastCodeurs, Maven, OpenSource, VincentMassol | No Comments »

How to compile both Java classes and Groovy scripts with Maven?

Author: Jonathan Lalou

Case

Your project includes both Java classes and Groovy scripts. You would like to build all of them at the same time with Maven: this must be possible, because, after all, Groovy scripts are run on a Java Virtual Machine.

Solution

In your pom.xml, configure the maven-compiler-plugin as follows:
[xml] <plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.0</version>
<configuration>
<compilerId>groovy-eclipse-compiler</compilerId>
<source>1.6</source>
<target>1.6</target>
</configuration>
<dependencies>
<dependency>
<groupId>org.codehaus.groovy</groupId>
<artifactId>groovy-eclipse-compiler</artifactId>
<version>2.8.0-01</version>
</dependency>
<dependency>
<groupId>org.codehaus.groovy</groupId>
<artifactId>groovy-eclipse-batch</artifactId>
<version>2.1.5-03</version>
</dependency>
</dependencies>
</plugin>[/xml]
With such setup, default compiler (which cannot compile Groovy scripts parallelly of Java sources) will be replaced with Eclipse’s one (which can).

Posted in en-US | Tags: Groovy, JVM, Maven, maven-compiler-plugi | No Comments »

(long tweet) Error injecting: org.codehaus.groovy.eclipse.compiler.GroovyEclipseCompiler

Author: Jonathan Lalou

Case

On building a Groovy project with Maven, I got the following error:
[java]Error injecting: org.codehaus.groovy.eclipse.compiler.GroovyEclipseCompiler
java.lang.NoClassDefFoundError: org/codehaus/plexus/compiler/CompilerResult[/java]

Quick fix

Downgrade maven-compiler-plugin to version 3.0 instead of branch 2.3.X.

Posted in long tweets | Tags: Groovy, Maven | No Comments »

[DevoxxFR2013] The Space Mountain of Enterprise Java Development

Author: Jonathan Lalou

Lecturer

Florent Ramière brings over a decade of software development and project management experience. After years in the US at a software editor and a stint at Capgemini upon returning to France, he co-founded Jaxio with Nicolas Romanetti in 2005. Jaxio offers code generation via Celerio; in 2009, they launched SpringFuse.com, an online version. Active in Paris Java scenes like ParisJUG and Coding Dojos.

Abstract

Florent Ramière’s dynamic demonstration navigates enterprise Java development’s complexities, showcasing tools like Maven, Spring, JPA, and more in a live Eclipse session. Emphasizing practical efficiencies for data-heavy applications, he covers CRUD operations, testing, profiling, and CI. The talk reveals techniques for rapid, robust development, highlighting simplicity’s challenges and offering actionable insights for real-world projects.

Setting the Stage: Tools and Environment for Efficient Development

Ramière begins with audience polling: most work on Java EE/Spring applications involving databases, often exceeding 100 tables. He focuses on large-scale management apps, sharing experiences from consulting across projects.

Demonstrating in Eclipse with Jetty embedded, he launches an internationalized app using an in-memory database for independence. Maven builds the project; SpringFuse aggregates best practices.

Key promise: simplicity is hard; knowing tools accelerates work. If nothing new learned, a Mojito offered – or a fun fact on calculating light speed with chocolate.

The app handles accounts: listing, searching, navigating. CRUD dominates; business logic intersperses.

Core Operations: Querying, Validation, and Data Manipulation

Search uses query-by-example: fields like ‘admin’ or ‘Tokyo’ filter results. JPA with Hibernate enables this; Bean Validation ensures integrity.

Editing involves JSF with PrimeFaces for UI: dialogs, calendars, auto-completes. Commons and Guava libraries aid utilities; Lombok reduces boilerplate.

Saving triggers validations: required fields, formats. Excel exports via JXLS; imports validate before persisting.

Full-text search with Hibernate Search (Lucene) indexes entities, supporting fuzzy matches and facets.

@Entity
@Indexed
public class User {
    @Id
    private Long id;
    @Field(index=Index.YES, analyze=Analyze.YES)
    private String name;
    // ...
}

This annotates for indexing, enabling advanced queries.

Testing and Quality Assurance: From Unit to Integration

JUnit with Fest-Assert and Mockito tests services: mocking DAOs, verifying behaviors.

Selenium with Firefox automates UI tests: navigating, filling forms, asserting outcomes.

JMeter scripts load tests: threading simulates users, measuring throughput.

Sonar integrates for code reviews: violations, discussions directly in Eclipse.

@Test
public void testService() {
    User user = mock(User.class);
    when(user.getName()).thenReturn("Test");
    assertEquals("Test", service.getUserName(1L));
}

Mockito example for isolated testing.

Performance and Deployment: Profiling and Continuous Integration

JProfiler attaches for heap/thread analysis: identifying leaks, optimizing queries.

Hudson (now Jenkins) builds via Maven: compiling, testing, deploying WARs.

iSpace visualizes dependencies, aiding architecture.

Profiles manage environments: dev/test/prod configurations.

Navigating Complexities: Best Practices and Pitfalls

Ramière advises command-line Maven for reliability; avoid outdated WTP.

For large schemas, tools like SpringFuse generate CRUD, reducing tedium.

NoSQL suits big data, but relational fits structured needs; patterns transfer.

Embrace profiles for configurations; Git for code reviews alongside Sonar/Gerrit.

Impact of profilers on tests: significant, but use for targeted optimizations via thread dumps.

In conclusion, enterprise Java demands tool mastery for efficiency; simplicity emerges from knowledge.

Links:

Posted in en-US | Tags: CI, DevoxxFR2013, EnterpriseJava, FlorentRamière, Jaxio, JPA, JSF, Maven, Profiling, Spring, SpringFuse, testing | No Comments »

Maven: How to use jars in a lib/ folder?

Author: Jonathan Lalou

Case

I have to work on an “old-school” project: without Maven (and even without integration within Eclipse). The JARs depended on by the application are located in a lib/ folder. Besides, I cannot add JARs to company repository.
How to integrate Maven with this lib/ folder?

Solution

First of all, you have to enable the support of Maven within IntelliJ IDEA: select the project > right click > add framework support > select Maven.

Create a pom.xml and complete the main information.
Identify the JARs which are relatively common (eg those available in http://repo1.maven.org/maven2/), and add them as dependencies.

Now, you still have to deal with “uncommon” JARs

Quick and (very) dirty

The quickest way is to add the JARs as dependencies, declared with scope system, eg:
[xml]<dependency>
<groupId>unknownGroupId</groupId>
<artifactId>someArtifactId</artifactId>
<version>someVersion</version>
<scope>system</scope>
<systemPath>${project.basedir}/lib/foo.jar</systemPath>
</dependency>[/xml]

The main drawback of this dirty solution is that when you generate your archive, the JARs depended on with scope system will not be exported… Quiet a limitation, isn’t it?

(A bit) Slower and (far) cleaner

You have to declare a “remote repository”, of which URL is local, such as:
[xml]<repository>
<id>pseudoRemoteRepo</id>
<releases>
<enabled>true</enabled>
<checksumPolicy>ignore</checksumPolicy>
</releases>
<url>file://${project.basedir}/lib</url>
</repository>[/xml]

Then, declare the dependencies like:
[xml]<dependency>
<groupId>UNKNOWN</groupId>
<artifactId>foo</artifactId>
<version>UNKNOWN</version>
</dependency>[/xml]
Move and/or rename the JARs, for instance from lib/foo.jar folder to the actual one, such as lib/UNKNOWN/foo/foo-UNKNOWN.jar.

Now it should be OK ;-).
In my case I prefered to add Maven Assembly plugin with the goal jar-with-dependencies, to be sure to build a unique JAR with complete exploded dependencies.

Posted in en-US | Tags: Maven, Maven 3 | No Comments »

Unable to instantiate default tuplizer… java.lang.NoSuchMethodError: org.objectweb.asm.ClassWriter.

Author: Jonathan Lalou

Case

On running a web application hosted on Jetty, I get the following stracktrace:
[java]Nested in org.springframework.beans.factory.BeanCreationException: Error creating bean with name ‘sessionFactory’ defined in ServletContext resource [/WEB-INF/classes/config/spring/beans/HibernateSessionFactory.xml]: Invocation of init method failed; nested exception is org.hibernate.HibernateException: Unable to instantiate default tuplizer [org.hibernate.tuple.entity.PojoEntityTuplizer]:
java.lang.NoSuchMethodError: org.objectweb.asm.ClassWriter.<init>(I)V[/java]
Unlike what I immediatly thought at first glance, the problem is not induced by the Tuplizer ; the actual error is hidden at the bottom: java.lang.NoSuchMethodError: org.objectweb.asm.ClassWriter.

Here are some of the dependencies:
[java]org.hsqldb:hsqldb:jar:2.2.8:compile
org.springframework:spring:jar:2.5.6:compile
org.hibernate:hibernate:jar:3.2.7.ga:compile
javax.transaction:jta:jar:1.0.1B:compile
| +- asm:asm-attrs:jar:1.5.3:compile
| \- asm:asm:jar:1.5.3:compile[/java]

Fix

Main fix

The case is a classic problem of inherited depencencies. To fix it, you have to excluse ASM 1.5.3, and replace it with more recent version. In the pom.xml, you would then have:
[xml]
<properties>
<spring.version>3.1.0.RELEASE</spring.version>
<hibernate.version>3.2.7.ga</hibernate.version>
<asm.version>3.1</asm.version>
</properties>
…
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate</artifactId>
<version>${hibernate.version}</version>
<exclusions>
<exclusion>
<groupId>asm</groupId>
<artifactId>asm</artifactId>
</exclusion>
<exclusion>
<groupId>asm</groupId>
<artifactId>asm-attrs</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>asm</groupId>
<artifactId>asm</artifactId>
<version>${asm.version}</version>
</dependency>
[/xml]

Other improvements

I took the opportunity to upgrade Spring 2.5 to Spring 3.1 (cf the properties above).
Besides, I modified the *.hbm.xml files to use object types, rather than primary types, eg replacing:
[xml]<id name="jonathanId" type="long">[/xml]
with:
[xml]<id name="jonathanId" type="java.lang.Long">[/xml]

Posted in en-US | Tags: ASM, Hibernate, Maven, Spring | No Comments »