Skip to content

Release 0.8.16#416

Merged
this-Aditya merged 19 commits intomasterfrom
release-0.8.16
Mar 18, 2026
Merged

Release 0.8.16#416
this-Aditya merged 19 commits intomasterfrom
release-0.8.16

Conversation

@pvannierop
Copy link
Copy Markdown
Contributor

@pvannierop pvannierop commented Mar 10, 2026

This PR will:

  • Impl. Gradle version catalog
  • Upgrade Gradle to v8.14
  • Apply March 2026 security updates
  • Add support for Sentry monitoring and Open Telemetry

@pvannierop pvannierop requested a review from this-Aditya March 10, 2026 18:14
@pvannierop pvannierop self-assigned this Mar 10, 2026
Comment on lines +1 to +12
plugins {
id("org.radarbase.radar-kotlin")
}

val libs = extensions.getByType<VersionCatalogsExtension>().named("libs")

// Versions of many dependencies defined by radar-commons-kotlin.
radarKotlin {
log4j2Version.set(libs.findVersion("log4j2").get().toString())
sentryEnabled.set(true)
openTelemetryAgentEnabled.set(false)
}
Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work on this modernization. I think using convention plugins might be a bit over engineered for our case, since we're wrapping one plugin in another plugin (same with publishing-convention.gradle.kts). Would a subprojects {} block in the root build file achieve the same thing (like how it currently works with the combination of subprojects and configure blocks) with less complexity? Not opposed to it, just wondering if you considered that route and chose convention plugins intentionally.

Copy link
Copy Markdown
Contributor Author

@pvannierop pvannierop Mar 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@this-Aditya point for discussion. I learned from the gradle docs that using subprojects is at the moment considered an anti-pattern (see here). I figured we may just as well do it the 'right way' when needed. We can chose to go back to subprojects section I guess because we do not have a lot of logic there and it is more easy to understand to users not so well versed in Gradle.

I realize I chose to use subprojects {...} to declare the pinned dependencies for visibility reasons also.

Comment thread java-sdk/build.gradle.kts Outdated
Comment thread java-sdk/radar-schemas-tools/build.gradle.kts Outdated
Comment thread java-sdk/build.gradle.kts

plugins {
id("com.github.davidmc24.gradle.plugin.avro-base")
id("java-library")
Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it is already applied in root build

@@ -1,40 +1,42 @@
plugins {
kotlin("plugin.allopen")
id("java-library")
Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here, this is already applied in root buildscript

@@ -1,17 +1,22 @@
plugins {
id("java-library")
Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This plugin is already applied in root build

Comment thread java-sdk/radar-schemas-core/build.gradle.kts
Comment thread java-sdk/build.gradle.kts
Comment on lines -51 to -55
afterEvaluate {
configurations.all {
exclude(group = "org.slf4j", module = "slf4j-log4j12")
}
}
Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are you sure this isn’t being pulled in transitively by any dependency now? I don’t see it excluded anywhere.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is strange. I use the 'Vulerable dependencies' tab/tool in IntelliJ IDEA and this no longer shows the vulnerable dependencies:

H maven:com.fasterxml.jackson.core:jackson-core:2.20.2
M maven:com.squareup.okio:okio-jvm:3.2.0
H maven:com.fasterxml.woodstox:woodstox-core:6.2.4
M maven:io.ktor:ktor-client-core-jvm:2.3.4
H maven:com.fasterxml.jackson.core:jackson-core:2.12.7
M maven:io.ktor:ktor-network-tls-jvm:2.3.4
M maven:org.apache.logging.log4j:log4j-core:2.20.0
M maven:io.ktor:ktor-client-core-jvm:2.3.9
L maven:org.glassfish.grizzly:grizzly-http:4.0.2

Co-authored-by: Aditya Mishra <98681758+this-Aditya@users.noreply.github.com>
Comment thread java-sdk/build.gradle.kts Outdated
Comment on lines 80 to 82
radarKotlin {
javaVersion.set(Versions.java)
log4j2Version.set(rootProject.libs.versions.log4j2)
}
Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's already set in the subprojects {} above, so they inherit that configuration, we can remove this.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, the difference here is the packaging of the Sentry Jar. Intended the Sentry JAR to be packaged by applications only, not the library projects. Would the current construct achieve this?

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah it does achieve this, but what are your thoughts on keeping the default sentryEnabled to false in the subprojects block? That way, at the outer scope we have false by default for any new subproject we add.

Copy link
Copy Markdown
Contributor Author

@pvannierop pvannierop Mar 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, that sounds great. I have updated the respective sections. I am unsure whether I need to repeat setting the log4j version. I think not, but I do not know how to test this.

Comment thread java-sdk/build.gradle.kts
Comment thread java-sdk/build.gradle.kts Outdated
apply(plugin = "java-library")
apply(plugin = "org.radarbase.radar-kotlin")
apply(plugin = "org.radarbase.radar-publishing")
apply(plugin = "org.radarbase.radar-kotlin")
Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

radar-kotlin is already set in the subprojects block above, so it applied here too without specifying here.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lets discuss the right approach for adding the Sentry JAR.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the context on Sentry. Right now sentryEnabled.set(true) is set in the subprojects {} block, which means it applies to all 5 modules including the libraries. If the intent is for only applications to have Sentry, maybe we should move sentryEnabled.set(true) and openTelemetryAgentEnabled.set(true) to the application configure block instead? That way the default at the outer scope (subprojects block) stays false, and only the apps get Sentry.

Also, I think we can configure the radarKotlin block in the configure block without re-applying the plugin, it's already applied in subprojects {}

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Update committed.

Copy link
Copy Markdown
Member

@this-Aditya this-Aditya left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the changes, LGTM 🎉

@this-Aditya this-Aditya merged commit 968f4f1 into master Mar 18, 2026
2 of 6 checks passed
@this-Aditya this-Aditya deleted the release-0.8.16 branch March 18, 2026 10:39
@pvannierop pvannierop restored the release-0.8.16 branch March 18, 2026 14:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants