Wine get better with age, and I hope also good ideas does since it took me 3-4 year before making this one real.
With this post I want to introduce a new section of this blog: the Pathfinder Opensource Project.
If you are working in a big company, or simply to a big software project you will surly have to deal with tons of dependencies, many of them will be classical “third parties” libraries you are using, but a good part of them will be part of your project and you will have to move carefully among them, like an elephant in a crystal shop, to be sure that your awesome new feature doesn’t break anyone else code, somewhere else in the company.
Modifying an API library can be extremely simple, but avoid regression over all projects which are including it (many of them you are probably not even aware of) surely it’s not.
Maven and other dependency management tools can somehow help you, but usually their “no-panic zone” ends with the boundaries of your own project leaving you alone with your towel, facing all other developer blaming you that “your code mess up all their project”.
If you, like me, live on the thin line of DevOps, managing many people libraries to put them together in a product release being sure that all your developers did not introduce any deprecated or hidden-SNAPSHOT libraries, you surely know how boring and difficult can be digging for dependencies tree to check everything is ok.
Pathfinder project aims to provide developers and release managers a more complete overview over your whole company software, helping them find the proper path to walk safe in such a dangerous way.
Pathfinder maven plugin is an extension of the well-know maven-dependency-plugin, which extract each project dependency tree, but instead of simply showing them to screen, sends all information to Pathfinder server which saves them and merge all dependencies with other project’s ones which already undergoes to such analysis.
The resulting graph is the full ecosystem of all your project dependencies relations, not simply a narrow view of some of them.
In the screenshot below you can see Pathfinder web interface displaying the full graph of dependency of Pathfinder project itself.
Each node represents a maven artifact and each relation a dependency of some kind (parent, compile, test, etc..)
Even without knowing the name of any of the involved libraries, some of them will surely catch your attention because of their color:
- RED artifacts are the SNAPSHOT packages, the one which needs more care, being you a developer or a configuration manager. Keeping them under control and being sure your release pack doesn’t contains any of them is crucial.
- YELLOW artifacts are the BRANCH packages, which means any stable artifact which doesn’t respect the standard regular expression of maven versions. They still need some care to be sure they are stable code and not some Release Candidate or even worst, feature branches.
- BLUE artifact are well-know standard release code, you can usually trust them.
Since the very first analysis, Pathfinder immediately provided you with a useful tool to keep your project under control with less effort, but this is just the beginning.
As you probably already guess the full graph of all your projects dependencies is probably not the best way to deal with big projects since its size will grow exponentially with the number of library involved.
Pathfinder web interface then provides you with che capability to filter the graph over all typical maven artifact attributes (GroupId, ArtifactId, Version, Classifier and Packaging).
You can decide to apply a filter only on the graph inner node, still showing the “third parties dependencies” over the leaves.
This is the resulting graph over the project itself:
Much more readable and really useful to know direct dependencies of your projects, but we can make things even easier by filtering even leaf nodes dependencies:
Now pathfinder is showing you just YOUR libraries and their relations, in the more simple and straightforward way.
(Yes, I know, at the moment they are all SNAPSHOT one, I’ll try to have a stable release asap, be patient! 😉 )
Simply showing artifact relations it’s surely not enough, we want to start addressing everyday developer/CM issues.
With Impact path I want to tell Pathfinder which artifact I’m working on and I want him to provide me which the full list of OTHER libraries which depends on my work and will be impacted by my release.
This can happen not only on direct dependencies, but also on transitive ones, that’s why you can deepen your search, by increasing the Search depth threshold to increase the number of “hop” relations Pathfinder can traverse to provide you with impacted libraries.
That’s all Pathfinder can do for you at the moment, but there’s still a lot of work in roadmap:
- Other build tool support: Maven is the main stream, but I’m sure also other ones like Gradle, Ivy and even non-java tools could be successfully integrated.
- More features: Impact Path is just the first one, but dependency analysis can provide many other useful information to help Dependency management optimization, speed-up developer release days by providing the correct release path to be followed to close all needed code and many more.
- Better UI: the current one is little more then a Proof of Concept, it surely can be improved.
- Tests, tests, test: being a tool for large project management it has to be test over big projects to improve usability and result correctness.
- Improved deploy: Spring boot is the only way at the moment, more alternatives have to be introduced and a live demo would be really useful.
- Other tools integration: extracting informations from other CI tools like Artifactory or Sonar could provide additional hint to work on!
That’s why PathFinder has been released as an OpenSource project, its has it own GitHub Repository where you can find all the code, Getting started instructions (it’s all one-shot maven based, really simple!) and a more detailed User Guide
Installation steps are really easy, you do not even need an existing application server, since everything is bundled into a Spring Boot application and integration with any CI chain can be done through maven plugin configuration or simple CommandLineInterface trigger.
I’m looking for contributor for the code (Gradle, Ivy non-java integration most wanted!), for people willing to test the tool over their project an send me feedback and bug reporting (yes, there will be bugs, I can tell you in advance!), or ever experienced Developers/SCMs who want to submit their ideas to improve the tools!
Waiting for your feedbacks!