Multi-module Maven project published under com.svenruppert. The parent POM centralises the dependency and plugin versions; every module ships as an independent artefact and can be consumed on its own. Build chain: Apache Maven 4, JDK 17+ (built against JDK 26 in CI), Surefire-based test execution, PIT mutation testing on selected modules, SpotBugs gate.
| Module | Artefact | Purpose | Web |
|---|---|---|---|
| core | com.svenruppert:core |
Small, dependency-light utility surface used as the common base of every other module: StringUtils, fs/PathUtils + fs/DirectoryUtils, net/HttpStatus + net/PortUtils, serviceprovider/ServiceProvider, immutable-collection collectors, system/SystemExitHandler, basepattern/builder/NestedBuilder, and the SLF4J-backed logger/HasLogger mixin (with ClassValue-cached loggers and a shared StackWalker). |
— |
| core-properties | com.svenruppert:core-properties |
Single-class layered Properties resolver — merges values from classpath, working directory, user-home, and a system-property-configurable directory. |
— |
| functional-reactive | com.svenruppert:functional-reactive |
Functional toolkit: sealed Result<T, E> + Try, checked function interfaces, record-based tuples (Single…Sept), Memoizer, Case, StringFunctions, CompletableFutureQueue, plus the legacy model.Result<T> behind a bridge. |
frp.svenruppert.com |
| ddi | com.svenruppert:ddi |
Dynamic Dependency Injection: classpath-scan bootstrap, @Inject field and constructor injection, @Produces / Producer<T>, ClassResolver, ProducerResolver, scope manager, optional @Named / @Qualifier narrowing, instance-based DIContainer for hermetic test setups. |
ddi.svenruppert.com |
Each module's README.md is a self-contained handbook covering coordinates, public API, and usage examples.
The historical logger-adapter module was retired in 06.02.01 — the HasLogger mixin lives in core now and the SLF4J integration is consumed through the standard org.slf4j:slf4j-api dependency.
Releases of this reactor target Maven Central via Sonatype's central-publishing-maven-plugin. The release-relevant work is split across four profiles in the parent POM; each profile owns one concern, and the standard maven-release-plugin orchestrates them.
| Profile | Owned concern | Activation |
|---|---|---|
_release_prepare |
Source and Javadoc jars, EUPL header check, requireReleaseDeps enforcement (no -SNAPSHOT deps). |
Auto-activated by maven-release-plugin via <releaseProfiles>_release_prepare</releaseProfiles> in _deploy. Do not pass -P_release_prepare manually. |
_release_sign-artifacts |
GPG signing of every released artefact (*.jar, *-sources.jar, *-javadoc.jar, *-tests.jar, *-cyclonedx.{xml,json} and the POMs). |
Pass -P_release_sign-artifacts explicitly on the command line. |
_release_scan_dependencies |
OWASP Dependency-Check scan (failBuildOnCVSS=8); requires NVD_API_KEY to be set. |
Pass -P_release_scan_dependencies explicitly. |
_deploy |
central-publishing-maven-plugin plus the maven-release-plugin configuration (autoVersionSubmodules, releaseProfiles=_release_prepare). |
Pass -P_deploy explicitly for deploy / release:* goals. |
SBOMs (CycloneDX, both bom.xml and bom.json per module plus the reactor-aggregate) are generated in the default lifecycle from the package phase onwards, so they are always in sync with the artefact even when running a plain mvn install. No profile flag is required for that.
JAVA_HOMEpoints to JDK 17+ (the wrapper resolves Maven 4.0.0-rc-5 itself).NVD_API_KEYis set in the environment (used by_release_scan_dependencies).- A GPG key matching the developer entry is available on the local keyring and unlocked.
- Working tree is clean and on
develop;git fetchis up to date withorigin. ./mvnw clean verifyis green (full reactor tests, SpotBugs, CycloneDX SBOM generation).
# 1. Final smoke test (also produces the BOMs and runs SpotBugs)
./mvnw clean verify
# 2. Optional: explicit vulnerability scan
./mvnw -P_release_scan_dependencies verify
# 3. Cut the release tag + bump to the next SNAPSHOT via maven-release-plugin.
# This consumes the _deploy profile (which sets autoVersionSubmodules and
# forwards into _release_prepare), and the -Darguments string is what the
# plugin passes to its inner mvn invocation that builds the tagged source.
./mvnw -P_deploy release:prepare release:perform \
-DreleaseVersion=06.02.01 \
-DdevelopmentVersion=06.02.02-SNAPSHOT \
-Darguments="-P_release_sign-artifacts,_release_scan_dependencies"release:prepare creates two commits (release version + next snapshot version) plus a lightweight tag. release:perform checks out the tag, runs mvn verify deploy against it with _release_prepare auto-activated, the _release_sign-artifacts and _release_scan_dependencies profiles passed through -Darguments, and the _deploy profile in effect — that gives signed jars, signed source/javadoc/test/SBOM artefacts, an OWASP scan, and a Sonatype Central upload in one shot.
central-publishing-maven-plugin 0.10.0 did not understand the Maven 4 consumer-POM model: it emits the consumer POM as a consumer-classified artefact (*-consumer.pom), and the Central Portal validator rejects the deployment with Failed to associate file with coordinates …. As of 06.02.03 the plugin is pinned at 0.11.0; whether 0.11.0 resolves this is still to be verified at the next deploy. Until confirmed, the _deploy profile keeps <skipPublishing>true</skipPublishing> so that mvn deploy builds a signed bundle locally but does not upload it, and the manual bundle flow below remains the working path.
The working release flow against the current plugin is therefore:
# 1. Final smoke test
./mvnw clean verify
# 2. Bump versions across the reactor (or use release:prepare, which still works)
./mvnw versions:set -DnewVersion=06.02.01 -DprocessAllModules=true -DgenerateBackupPoms=false
# 3. Verify on the release version
./mvnw clean verify
# 4. Commit + tag
git commit -am "release 06.02.01"
git tag 06.02.01
# 5. Build the signed bundle (uploads nothing thanks to skipPublishing=true)
./mvnw -P_deploy,_release_sign-artifacts,_release_prepare clean deploy
# 6. Strip the Maven-4 consumer POMs and repackage the bundle
./scripts/clean-bundle-for-central.sh
# 7. Upload target/central-publishing/central-bundle.zip manually via
# https://central.sonatype.com/publishing → Publish Component
# (Deployment Name e.g. com.svenruppert:dependencies:<version>, Automatic publish.)
# 8. Bump to the next development cycle and commit
./mvnw versions:set -DnewVersion=06.02.02-SNAPSHOT -DprocessAllModules=true -DgenerateBackupPoms=false
git commit -am "prepare 06.02.02-SNAPSHOT"
# 9. Push branch + tag
git push origin develop 06.02.01The _deploy profile in pom.xml carries a comment block documenting the same workaround at the point where skipPublishing is set.
- Verify on Maven Central (full indexing typically takes 10–60 minutes for a fresh artefact).
- Add a new section in this README under "Versions" and a corresponding
RELEASE-NOTES-<version>.mdat the repository root with the per-module change set, migration notes for any breaking change, and the reactor-level verification numbers.
Infrastructure release: selectable deploy targets. distributionManagement is
fully parameterised and two new profiles switch the destination —
-P_deploy-jsentinel (repo.jsentinel.eu releases/snapshots) and
-P_deploy-jsentinel-sensitive (access-protected sensitive channels) — with
Maven Central remaining the default. Inherited by every child project; no code
or dependency changes. See
RELEASE-NOTES-06.02.04.md.
Maintenance release: dependency / plugin refresh, BOM modernisation, migration of the deploy infrastructure to the Sonatype Central Portal endpoints, adoption of SpotBugs 4.10.2, and EUPL 1.2 licence-header alignment. No source-level API changes — consumers of the modules upgrade without code changes; BOM importers should review the coordinate moves. See RELEASE-NOTES-06.02.03.md for the full breakdown.
Highlights:
- Dependencies — jackson 2.21.3 → 2.22.0 and 3.1.3 → 3.2.0, HikariCP 7.0.2 → 7.1.0, byte-buddy 1.18.8 → 1.18.10, javassist 3.31.0-GA → 3.32.0-GA, pitest 1.25.0 → 1.25.5, checkstyle 13.4.2 → 13.7.0.
- BOM modernisation — managed entries move to their maintained successors: HttpClient 4 →
org.apache.httpcomponents.client5:httpclient55.6.1,javax.servlet→jakarta.servlet:jakarta.servlet-api6.1.0, defunctdom4j:org.dom4j→org.dom4j:dom4j2.1.4, abandoned javafaker →net.datafaker:datafaker2.4.3. The archived OpenTracing artefacts and the 1.x-onlycache2k-base-bomare removed. Pre-release pins are replaced by stable versions (slf4j 2.0.17, log4j 2.26.0, jackson-annotations 2.22, assertj 3.27.3). slf4j-simplemoves totestscope in the parent — published libraries ship onlyslf4j-api; consumers bring their own binding.- Licence — generated file headers now carry the declared EUPL 1.2 text (custom licence descriptor under
src/license/); previously they still said EUPL 1.1. - Plugins — spotbugs-maven-plugin 4.9.8.3 → 4.10.2.0, maven-dependency-plugin 3.10.0 → 3.11.0, cyclonedx-maven-plugin 2.9.1 → 2.9.2, central-publishing-maven-plugin 0.10.0 → 0.11.0. The Maven core plugins offering only
4.0.0-beta/3.6.0-M1pre-releases were intentionally left on their stable lines. - Deploy —
distributionManagementand the deploy URLs moved to the Central Portal (central.sonatype.com); the OSSRH hosts01.oss.sonatype.orgwas decommissioned on 2025-06-30. Repository ids are nowcentral/central-snapshots. - Quality — SpotBugs 4.10.2 added two new detectors; both findings were fixed at source rather than excluded.
functional-reactive:Casevalidates in its factory methods so the constructor no longer throws (CT_CONSTRUCTOR_THROW).ddi:DIContainersynchronizes on a private lock instead ofthis(USO_UNSAFE_METHOD_SYNCHRONIZATION). Both changes are behaviour-preserving. - Verification — core 16/16, core-properties 4/4, functional-reactive 312/312 (1 skipped), ddi 124/124; 0 SpotBugs findings reactor-wide.
Removal of the legacy single-type Result<T> API from functional-reactive and
the new typed MediaType enum in core. See
RELEASE-NOTES-06.02.02.md for the full breakdown.
Breaking — functional-reactive: the legacy com.svenruppert.functional.model.Result<T>, the functional.result.Results bridge, the six functional.functions.Checked* interfaces and functional.matcher.Case (all deprecated forRemoval in 06.02.01) are deleted; migrate to com.svenruppert.functional.result.Result<T, E>. core: the HttpStatusContentTypes string constants are replaced by the typed MediaType enum.
Highlights:
functional-reactive— modernResult<T, E>is now the onlyResultsurface. NewUnitvoid-marker,result.functions.CheckedExecutorreturningResult<Unit, Throwable>, and aresult.matcher.Case<T, E>with lazy condition evaluation.core— newMediaTypeenum (RFC 9110 §8.3 with RFC 6839*+json/*+xmlstructured-syntax-suffix predicates), 33 constants plus charset helpers andfromMime(String).- Release tooling —
scripts/clean-bundle-for-central.shrebuilt for Maven 4.
Security patch, build-chain hardening, and the retirement of the historical logger-adapter module. See RELEASE-NOTES-06.02.01.md for the full breakdown.
Breaking — com.svenruppert:logger-adapter is no longer published. The HasLogger mixin now lives natively in com.svenruppert:core; consumers replace the dependency coordinate but keep the import (com.svenruppert.dependencies.core.logger.HasLogger is unchanged). Also: jakarta.annotation-api jumps from 2.1.1 to 3.0.0 — consumers that pin the 2.x line explicitly should align or drop the pin.
Highlights:
- Security —
tools.jackson.core:jackson-core/jackson-databindbumped pastGHSA-2m67-wjpj-xhg9(CVSS 7.5,maxDocumentLengthenforcement bypass). Now pinned at3.1.3in<dependencyManagement>. core—HasLoggerrewritten on top ofClassValue<LoggingService>(noConcurrentMapboxing, class-unloading-safe) with a sharedStackWalkerinstance. No API change.- Build —
org.cyclonedx:cyclonedx-maven-plugin:2.9.1now runs in the default lifecycle: everymvn install/mvn deployemits per-modulebom.xml+bom.jsonplus a reactor-aggregate, attached as*-cyclonedx.{xml,json}sub-artefacts. - Build —
maven-source-pluginexecution split into Apache-conventionalattach-sources/attach-test-sourceswith the*-no-forkgoal variants, so downstream POMs that ship their own source-attach setup merge with the parent instead of producing duplicatesourcesattachments. - Dependencies — 19 properties / pinned versions refreshed (pitest 1.25.0, junit-jupiter / junit-platform-launcher 6.1.0, ASM 9.10.1, javassist 3.31.0-GA, jakarta.annotation-api 3.0.0, jakarta.inject-api 2.0.1.MR, jackson 3.1.3 / 2.21.3, gson 2.14.0, commons-codec 1.22.0, commons-io 2.22.0, checkstyle 13.4.2, …).
- Quality — DDI: 124 / 124 tests green, PIT 311 / 324 (96 %), 0 SpotBugs findings; functional-reactive: 304 / 304 green.
- Documentation — Root README gains a "Releasing" section that documents the four release profiles, the GPG / SBOM / Sonatype flow, and the manual deploy variant.
ddi/README.mdgains a "Constructor injection" section. - Deploy —
_deployprofile now sets<skipPublishing>true</skipPublishing>oncentral-publishing-maven-plugin(v0.10.0 is incompatible with Maven 4 consumer POMs; the validator rejects the-consumer.pomclassifier).scripts/clean-bundle-for-central.shstrips those files from the staged bundle so the resultingcentral-bundle.zipcan be uploaded manually via https://central.sonatype.com/publishing. 06.02.01 was published that way.
Major modernisation wave across ddi and functional-reactive plus a full build-chain refresh. See RELEASE-NOTES-06.02.00.md for the full breakdown.
Breaking — ddi consumers must move @Inject from javax.inject to jakarta.inject and @PostConstruct from javax.annotation to jakarta.annotation. The vendored javax/inject/Inject.java shipped in earlier releases is gone; depend on jakarta.inject:jakarta.inject-api:2.0.1 and jakarta.annotation:jakarta.annotation-api:2.1.1 instead.
Highlights:
ddi— reflection library swapped from the unmaintainednet.oneandone.reflections8toorg.reflections:reflections:0.10.2; static singleton state lifted into an instance-basedDIContainer(withDIContainer.global()powering the existing static facade); configurable classpath scan prefix viaDIContainer.builder().withScanPrefix(...); optional@Named/@Qualifiernarrowing on the resolver path.functional-reactive— newResult<T, E>sealed type with records (Success,Failure), aTry.of(ThrowingSupplier)helper, checked function interfaces, and record-based tuplesSinglethroughSept. Legacy types stay in place behind aResultsbridge.- Build — Apache Maven 4 wrapper pinned to
4.0.0-rc-5(only-scriptdistribution);de.sormuras.junit:junit-platform-maven-pluginreplaced bymaven-surefire-plugin; nine plugin patch/minor bumps pluspitest 1.23.1andjunit-jupiter / junit-platform-launcher 6.1.0-RC1. - Quality — DDI mutation coverage 88 % → 96 % (PIT), zero SpotBugs findings across the reactor, 304 + 119 tests green in
functional-reactiveandddi.
- Project licence changed to the European Union Public Licence 1.2 (EUPL-1.2). Source headers and
LICENSE.txtupdated; SPDX identifierEUPL-1.2. - Routine maven-plugin and dependency version bumps.
Added more codes plus default message including a flag that indicates if it is a nonStandard code. With the message family() you will get the group of each code. For performance a cache is added into the lookup The method fromCode() will transform an int into the instance of the status code
Merged functional reactive lib into the project as sub-module.
Switched away from jitpack, it is just not working! Started with new Major-Version for current developments and to get rid of the example stuff that I have done for jitpack.
Using JDK 21 (LTS) - managed by sdkman sdk install java 21.0.4-tem sdk use java 21.0.4-tem
Used infrastructure for development
java -Xmx32M -jar reposilite-3.5.18-all.jar inside the console you need to generate a token first token-generate --secret=admin admin m This will generate a user admin with pwd admin and the role manager
Add maven central https://repo1.maven.org/maven2/ to the mirrored repos.
one round for jitpack...
fixed jitpack.yml
updated plugins and minimum maven version to 3.9.6
skipped
Switched to the groupd ID com.github.svenruppert because custom domain names (com.svenruppert) are not working properly with Jitpack. Java Packages are still under com.svenruppert
Added the Modules:
- Logger Adapter
- Core
- Core Properties
I archived the original git repos and merged everything into this one. With this, building new versions is way easier or better - less work. :-)
updated versions
Fixed the pitest pattern com.svenruppert. junit.com.svenruppert.
removed the distribution repo definitions, because jitpack is doing it.
With version 5.x I will switch the namespace from org.rapidpm to com.svenruppert This has to do with organisational requirements on my side. I will move this repo to the Github organisation svenruppert. The licence will be still the same. The change on your side, should be only the declaration of the parent pom.
- version updates
- maven plugin updates
- compile JDK will be 21 LTS
- switch from docker to podman - _tools/docker/develop
- version updates
- maven plugins updates
- version updates
- maven plugins updates
- version updates
- deploy target - via property on command line
- deploy-repo-url
- deploy-repo-snapshots-url
- V14.1 activated
- V15 alpha version update
- version updates
- Kotlin version update
- deactivate V08 dependencies
- deactivate V10 dependencies
- version update nodeJS/NPM (12.13.0/6.12.0)
- V14 update - V14.0.10
- added jCenter to repositories
- removed jitpack from repositories
- vaadin update V14 - V14.0.9
- cleared _release profiles
- update V14.0.7 to V14.0.8
- splitted the _release profile
- _release
- _release_prepare
- version updates
- version updates
- removed lic checker (flow) mix from transitive deps
- removed all indirect vaadin flow dependencies / components
- added flow minimal needed dependencies
- revert BUGFIX from 04.01.14-RPM
- BUGFIX - combobox dependency
- junit update 1.5.2
- switched VaadinXX to manual latest version compositions
- VaadinXX excludes all transitive webjars
- vaadin v14.0.3
- V10/V14/Vxx - removed the dependency to vaadin - way to heavy To get the dev cycle up to usable, add only the flow dependencies you need into your pom. example : Nano-Vaadin-Demos
- added minimal Flow dependencies, no themes, no components
- logger-adapter
- functional-reactive-lib
- pitest 1.4.10
- added junit-platform-testkit to scope test
- vaadinXX switched from V14 to V15 - 15.0.0.alpha1
- cache2k update to v1.2.4.Final
- added java-faker to scope test
- vaadin v14.0.2
- Update to V14 Final
- Update to stagemonitor 0.89.0
- junit-platform-maven-plugin.timeout - default 300 [s]
- version updates
- added Google Truth as default dependency into scope test
- excluded generated NodeJS/ NPM things from lic check
- version updates
- config changes for vaadin dependencies
- version updates
- config changes for vaadin dependencies
- version updates
- added rapidpm-vaadin-dependencies for V08/V10/V14/Vxx
- replaced reflections with reflections8
- deleted module - reflections
- changed compile cycle for AnnotationProcessing
- replaced dom4j to org.dom4j
- kotlin version update
- version updates
- externalizing version definitions
- version updates
- smaller BugFixings
- reduced maven minimum version to 3.3.9 for compatibility reasons
- added development profile for NodeJS/NPM - for Vaadin 14 projects
- externalizing required maven version
To define your maven version you could override the property maven-enforcer-plugin.version. The default is mostly the latest maven version.
- minimum-maven.version - setting required maven version, default is latest version
- activateJavaOnly - true = JDK only / false JDK plus Kotlin activated
- kotlin.compiler.jvmTarget - default latest release
- kotlin.version - default mostly latest version
- kotlin.compiler.incremental - default true
To make search/replace easier, I started with a new version format. 04.00.05-RPM ( -SNAPSHOT). The x.y.z is used in the same way, as before, but added RPM and leading zeros to make this format different from others. With this it is less possible to mix/change version numbers from other dependencies. A 4.0.3 could be used from different dependencies. ;-)
There a re a few modules deactivated and removed.
- reflection : moved as module into dynamic-dependency-injection project
- jdbc* : all deactivated and removed, code is available in the history
This will be the version based on Java8 I will create a LTD branch for this The version 4.* will be based on the JDK 10/11 (as soon as 11 is released) JDK 11 will be a LTS Version again.
With the beginning of this version the project will be compiled with the actual JDK but on source level Java 8.