Skip to main content

In reply to Java Build Tools: Ant vs Maven

I noticed via @jvanzyl that Kent R. Spillner has been taking apart Maven and some of its features in a recent rant.

The twittersphere has shown support for Kent's views - and being the Maven fan I am, I figured I'd take some time to try countering his post a bit (forgive me if this post is a bit unstructured, I'm trying to squeeze it out under some time pressure).
"The best build tool is the one you write yourself..."

I think this first paragraph contains a lot of absolute statements that happen to be false in a lot of cases. My experience is that a lot of projects or modules are built the same way. It's a bunch of source code, and in the end you end up with a JAR-file. We've got a 25 module web application at work, and I just mavenized the whole thing from Ant. All of the modules exlucding the final web-app module itself were easily built with Maven. Nobody says that every module in the world is built this way, but it sure is a lot. Java code goes in, JAR-file comes out.

It's easy to write an Ant task that does the same thing, but then you end up with all the dependencies in one libs blob, and you invent a big bunch of conventions for your project, which may or may not be more practical than Maven's conventions. You have to document and maintain these conventions, and in all the handful of large Ant-built projects I have seen, these home-made conventions have been unclear, impractical and poorly documented. If you exclude Maven from your tool-suite, I sure hope your build-script developers are real professional smart people. I've met some people like this, and they have made great Ant-powered build conventions, but these same people are most of the time big Maven fans as well.
"If you don’t want to write your own build tool, then you should use Rake."
I only know the concepts of Rake, and I'm not sure it would be the best fit for every project. I would also say take a look at these:

* Gradle
* Ant+Ivy
* Buildr

.. and Maven of course. I am now so addicted to proper dependency management and artifact (Maven) repositories, that I wouldn't want to use a build-system lacking this, so I wouldn't use Ant without Ivy, for instance.
"So, you should write custom build tools for your projects"
No, you shouldn't. In fact, the next few paragraphs have this dogmatic ring to it, which displays a lack of understanding the purpose of Maven, and the whole using the best tool for the job thing.

You do run into tasks that are hard to do with Maven, and in some cases, configuring up the respective Maven plugin is harder. But this depends on the maturity of the plugin, just as it does on the maturity of the Ant task. I recently generated some web service stubs using some Maven Axis plugin, and it was some few lines of configuration just pointing at the wsdl, and worked like a charm after ten minutes of fiddling. The equivelant Ant job wasn't any smaller, and the authors had fallen into this nasty routine of checking the generated stubs into SVN, instead of doing it as part of the build, leading to more manual build steps you have to remember (if anyone has noticed a correlation between working with an Ant environment, and the number of manual steps included for doing a build, well, I share that feeling).

The rest of the post also have this opinionated feel to it. Saying Maven is the worst implementation of bad ideas, well, I think the ideas of dependency resolution and standardized build conventions are good ideas, and Maven is the only tool that really implements all the things I want from a build/dependency/release management system, and it does this fairly well.

Sure the configuration could be less verbose (Maven 3 has solutions for this), it could be optimized for more speed and so forth. But as of today, I'm happy that there is at least some standard system we can use for 80% of the Java world's normal projects.

Onwards with the whole "Maven advocates are liars. " part. Well, this looks like a collection of whining about problems that are fairly well documented and also solved in the Maven world. Yes, you need to have at least one Maven guru in your company to make it work for you, but at least he's dealing with a standard system for which a wide range of resource exists on the web. These are tricky problems you need to solve, and solving them with your own custom build will be hard. Maven can't accommodate every build in the world, nor should it. We have several modules which still are built with Ant, but in the end they end up in the same repository where they can be easily pulled in and used by Maven or Ivy projects.

The dependency management is not broken in Maven. As long as you have a Maven repository you trust, your build is entirely deterministic if you have no snapshot dependencies. You need to have a standard version of Maven everyone should use (of course people are free to experiment with newer versions, and it will probably work fine, but version 2.x is *the* version, running on CI environment and such.

The bloated war thing, well, having to exclude the transitive deps that you don't need is the price you pay for having automated transitive deps, which is a *great* feature in itself. Having to manually go to the dependency-documentation of every dependency, and then onwards recursively, well, I like that Maven gives me a good start with my classpath, and after that I can exclude what I don't need. This is work, and I have to do it, but its less work than how it would be without the automated deps. No matter which build system you use, you need to keep track of your dependencies, which scope they are, which versions they are, and what they are needed for.

The last few paragraphs in the blog post is more complaining caused by lack of understanding of Maven's features and software modularity in general. Of course you need to keep track of which versions you dependencies have. You should keep your dependencies in a repository. If you're unwilling to host a maven repository, or you don't see why having your dependencies in Subversion is a bad idea, then Maven is not for you. Either your project is simple enough to not need this kind of complexity, or you will later run smack into the problems a Maven infrastrcuture solves for you.

I would love to counter the arguments in the last few paragraphs in more detail, but I'm afraid I'm out of time. Refer to my previous "Why Maven" posts if you want more of my thoughts on this.

Comments

  1. Build tooling is one of the few areas where we are able to get reuse to work consistently. I am fairly certain creating a one-off build tool for my project doesn`t cause the world to become a better place.

    ReplyDelete
  2. Actually having a repository you trust is not enough to make a Maven build deterministic. You also need to specify the version of every Maven plugin you happen to use, knowingly or not.

    ReplyDelete
  3. xpmatteo, since one of the early maven 2.0.x releases, there have been default versions for the standard maven plugins in the super-pom. If you know which maven version is being used (usually standard for a company/team), you know which plugin versions were used. If you add new plugins and forget to define version, well, I share the opinion that this is a weakness in maven's design.

    ReplyDelete
  4. Anonymous10/2/12 20:33

    Where to start?

    "and I just mavenized the whole thing from Ant."

    why on Earth did you do that?


    "but then you end up with all the dependencies in one libs blob,"

    exactly, far, far superior to a repos that is no longer under source control.

    "and you invent a big bunch of conventions for your project, which may or may not be more practical than Maven's conventions."

    Right, with about 99.999% of the time being MORE practical, and 0.001% of the time being LESS practical.

    "and Maven of course. I am now so addicted to proper dependency management "

    So, storing all the required jars in one directory (call it 'libs') and letting each module link to that jar (each having the version in the name), is this somehow not 'proper'? I would argue that it is:
    1. easier to understand
    2. easier to remove a jar and swap out with the source should debugging be required
    3. does not require a plug-in that destroys the meticulously optimized incremental build logic of Eclipse.

    "I have seen, these home-made conventions have been unclear, impractical and poorly documented."

    Have a look at H2. It has a nice built-in build tool. By using the Ant project logic (the recursive dependency 'topo sort') you can have a complete build tool without the baggage in about 2 days. This solution is clearer, more practical and requires less code and therefore less documentation

    "Yes, you need to have at least one Maven guru in your company to make it work for you"

    you must be joking. This statement is an admission of the complete failure of Maven.

    "As long as you have a Maven repository you trust, your build is entirely deterministic "

    Why would you trust a repository not under SCMS control?

    "well, having to exclude the transitive deps that you don't need is the price you pay for having automated transitive deps, which is a *great* feature in itself."

    automated transitive deps is a HORRIBLE feature, causing libs to be in the classpath of upstream modules that would not otherwise be explicitly included. They are not the default in NetBeans OR Eclipse (being bad design) as they introduce the possibility of coupling where before there was none (i.e., is this 'leaf' library required by an upstream module?), thereby decreasing modularity. The Eclipse Maven plugin includes all downstream jars, making projects that previously only required one or two libraries appear as if they required 10. This makes it more difficult to understand what a module does.

    Why Maven continues to have so many fanboys is a mystery.

    ReplyDelete
  5. Hi Anonymous,

    I've argued for pretty much all these points in this 3-part series: http://blog.tfnico.com/2009/04/reason-3-dont-build-everything-all-time.html

    In the end it's a subjective choice where each side has its plus'es and minuses. There are certainly contexts where maven isn't the right tool for the job, but the arguments all still stand in their own right.

    ReplyDelete

Post a Comment

Popular posts from this blog

Open source CMS evaluations

I have now seen three more or less serious open source CMS reviews. First guy to hit the field was Matt Raible ( 1 2 3 4 ), ending up with Drupal , Joomla , Magnolia , OpenCms and MeshCMS being runner-ups. Then there is OpenAdvantage that tries out a handful ( Drupal , Exponent CMS , Lenya , Mambo , and Silva ), including Plone which they use for their own site (funny/annoying that the entire site has no RSS-feeds, nor is it possible to comment on the articles), following Matt's approach by exluding many CMS that seem not to fit the criteria. It is somewhat strange that OpenAdvantage cuts away Magnolia because it "Requires J2EE server; difficult to install and configure; more of a framework than CMS", and proceed to include Apache Lenya in the full evaluation. Magnolia does not require a J2EE server. It runs on Tomcat just like Lenya does (maybe it's an idea to bundle Magnolia with Jetty to make it seem more lightweight). I'm still sure that OpenAdvant

Encrypting and Decrypting with Spring

I was recently working with protecting some sensitive data in a typical Java application with a database underneath. We convert the data on its way out of the application using Spring Security Crypto Utilities . It "was decided" that we'd be doing AES with a key-length of 256 , and this just happens to be the kind of encryption Spring crypto does out of the box. Sweet! The big aber is that whatever JRE is running the application has to be patched with Oracle's JCE  in order to do 256 bits. It's a fascinating story , the short version being that U.S. companies are restricted from exporting various encryption algorithms to certain countries, and some countries are restricted from importing them. Once I had patched my JRE with the JCE, I found it fascinating how straight forward it was to encrypt and decrypt using the Spring Encryptors. So just for fun at the weekend, I threw together a little desktop app that will encrypt and decrypt stuff for the given password

The Git Users Mailing List

A year ago or so, I came across the Git-user mailing list (aka. "Git for human beings"). Over the year, I grew a little addicted to helping people out with their Git problems. When the new git-scm.com webpage launched , and the link to the mailing list had disappeared, I was quick to ask them to add it again . I think this mailing list fills an important hole in the Git community between: The Git developer mailing list git@vger.kernel.org  - which I find to be a bit too hard-core and scary for Git newbies. Besides, the Majordomo mailing list system is pretty archaic, and I personally can't stand browsing or searching in the Gmane archives. The IRC channel #git on Freenode, which is a bit out-of-reach for people who never experienced the glory days of IRC. Furthermore, when the channel is busy, it's a big pain to follow any discussion. StackOverflow questions tagged git , these come pretty close, but it's a bit hard to keep an overview of what questio

Git tools for keeping patches on top of moving upstreams

At work, we maintain patches for some pretty large open source repositories that regularly release new versions, forcing us to update our patches to match. So far, we've been using basic Git operations to transplant our modifications from one major version of the upstream to the next. Every time we make such a transplant, we simply squash together the modifications we made in the previous version, and land it as one big commit into the next version. Those who are used to very stringent keeping of Git history may wrinkle their nose at this, but it is a pragmatic choice. Maintaining modifications on top of the rapidly changing upstream is a lot of work, and so far we haven't had the opportunity to figure out a more clever way to do it. Nor have we really suffered any consequences of not having an easy to read history of our modifications - it's a relatively small amount of patches, after all. With a recent boost in team size, we may have that opportunity. Also the need for be

Managing dot-files with vcsh and myrepos

Say I want to get my dot-files out on a new computer. Here's what I do: # install vcsh & myrepos via apt/brew/etc vcsh clone https://github.com/tfnico/config-mr.git mr mr update Done! All dot-files are ready to use and in place. No deploy command, no linking up symlinks to the files . No checking/out in my entire home directory as a Git repository. Yet, all my dot-files are neatly kept in fine-grained repositories, and any changes I make are immediately ready to be committed: config-atom.git     -> ~/.atom/* config-mr.git     -> ~/.mrconfig     -> ~/.config/mr/* config-tmuxinator.git       -> ~/.tmuxinator/* config-vim.git     -> ~/.vimrc     -> ~/.vim/* config-bin.git        -> ~/bin/* config-git.git               -> ~/.gitconfig config-tmux.git       -> ~/.tmux.conf     config-zsh.git     -> ~/.zshrc How can this be? The key here is to use vcsh to keep track of your dot-files, and its partner myrepos/mr for o