Maven Version Checker is a GitHub action that checks for any available updates for maven dependencies and plugins in both single and multi-module projects. It has been compiled to native code using Ahead-Of-Time (AOT) compilation for increased performance and reduced memory usage. The native code is containerized using an Ubuntu-based .NET Chiseled Container to further reduce the image size while significantly improving security and loading speeds. In fact, the base image is made up of only 6 files, which accounts for less than 10MB of the final image size. Do keep in mind that GitHub only supports container actions on Linux runners, but as soon as this changes, support will be added.
- Supports single and multi-module Maven projects.
- Checks for version updates in pom parent, dependencies, plugins, and addons configured in plugins.
- Produces outputs that can be used for additional processing.
- Summary reports are generated after each run.
- Supports being ran locally or from another third-party pipeline.
- Implements standard resilience strategies like retry, circuit breaker, etc.
- Implements chaos strategies to test the resiliency of the application.
Below is a list of GitHub-hosted runners that support jobs using this action.
| Runner | Supported? |
|---|---|
 |
✅ |
 |
|
 |
Note
Windows and macOS is supported locally only.
The following inputs are available:
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
| location | string |
false |
./pom.xml |
Defines the location of the main pom.xml file for a maven project. |
The following outputs are available:
| Name | Type | Example(s) | Description |
|---|---|---|---|
| has_updates | string |
true | Indicates whether or not artifact updates are available. |
| number_of_updates | string |
5 | Holds the number of artifact updates available. |
| update_json | json |
{"parents":["example:parent:2.0.0"], "dependencies":["foo:bar:2.0.0"], "plugins":["marco:polo:2.0.0"]} | A map of grouped artifacts with updates in json format. Note: The parents field is maintained as an array so that processing can use the same code. |
Implementing this action is relatively simple with just a few steps.
name: 'build'
on:
push:
branches:
- main
pull_request:
branches:
- main
types: [opened, synchronize, reopened]
workflow_dispatch:
inputs:
reason:
description: 'The reason for running the workflow.'
required: true
default: 'Manual run'
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- name: Check for Artifact Updates
id: maven-artifacts
uses: stevenjdh/maven-version-checker@v1
with:
location: './pom.xml'
- name: Display Action Outputs
run: |
echo "Action Outputs:"
echo "- [has_updates]: ${{ steps.maven-artifacts.outputs.has_updates }}"
echo "- [number_of_updates]: ${{ steps.maven-artifacts.outputs.number_of_updates }}"
echo "- [update_json]: ${{ steps.maven-artifacts.outputs.update_json }}"
echo ""
echo "Deserialized Update JSON:"
echo "- [parents][0]: ${{ fromJSON(steps.maven-artifacts.outputs.update_json).parents[0] }}"
echo "- [dependencies][0]: ${{ fromJSON(steps.maven-artifacts.outputs.update_json).dependencies[0] }}"
echo "- [plugins][0]: ${{ fromJSON(steps.maven-artifacts.outputs.update_json).plugins[0] }}"
echo ""
echo "One approach to processing an array type field using bash:"
for element in ${{ join(fromJSON(steps.maven-artifacts.outputs.update_json).plugins, ' ') }}; do
IFS=":" read -r groupId artifactId version <<< "$element"
echo "groupId: $groupId"
echo "artifactId: $artifactId"
echo -e "version: $version\n"
doneSince this action is container-based, it can be ran locally or from another third-party pipeline like Azure Pipelines. To get started, create a GitHub PAT with at least read:packages permissions from here, and run the following commands from the root directory of a maven project:
echo <YOUR_GITHUB_PAT> | docker login ghcr.io -u <YOUR_GITHUB_USERNAME> --password-stdin
touch summary.txt output.txt
docker run --name maven-version-checker --workdir=/data --rm \
-e INPUT_LOCATION="./pom.xml" \
-e GITHUB_STEP_SUMMARY="./summary.txt" \
-e GITHUB_OUTPUT="./output.txt" \
-v "$(pwd):/data" \
ghcr.io/stevenjdh/maven-version-checker:latestIf all goes well, the summary.txt and output.txt files will be updated so that they can be leveraged for further processing.
Important
When running outside of GitHub, ensure that the summary.txt and output.txt files exist or are created before running the application.
Alternatively, compile the code for the target system using a matching Runtime Identifier (RID) as in one of the command line examples below. The .NET 8 SDK also needs to be installed in order to compile the code, which may be already included as part of the needed AOT Prerequisites for the target system.
Linux
git clone https://github.com/StevenJDH/maven-version-checker.git
cd maven-version-checker
dotnet publish -r linux-x64 -c Release --property:PublishDir=./bin/Publish
cd MavenVersionChecker.Action/bin/Publish
export INPUT_LOCATION="./../../../MavenVersionChecker.Action.Tests/Sample/Multi/pom.xml"
export GITHUB_STEP_SUMMARY="./Locals/summary.txt"
export GITHUB_OUTPUT="./Locals/output.txt"
./MavenVersionChecker.ActionWindows
git clone https://github.com/StevenJDH/maven-version-checker.git
cd maven-version-checker
dotnet publish -r win-x64 -c Release --property:PublishDir=./bin/Publish
cd MavenVersionChecker.Action\bin\Publish
set INPUT_LOCATION=./../../../MavenVersionChecker.Action.Tests/Sample/Multi/pom.xml
set GITHUB_STEP_SUMMARY=./Locals/summary.txt
set GITHUB_OUTPUT=./Locals/output.txt
MavenVersionChecker.Action.exemacOS (Apple Silicon)
git clone https://github.com/StevenJDH/maven-version-checker.git
cd maven-version-checker
dotnet publish -r osx-arm64 -c Release --property:PublishDir=./bin/Publish
cd cd MavenVersionChecker.Action/bin/Publish
export INPUT_LOCATION="./../../../MavenVersionChecker.Action.Tests/Sample/Multi/pom.xml"
export GITHUB_STEP_SUMMARY="./Locals/summary.txt"
export GITHUB_OUTPUT="./Locals/output.txt"
./MavenVersionChecker.ActionTo enable the chaos strategies, set an environment variable called ASPNETCORE_ENVIRONMENT to Chaos and restart the application. If using Visual Studio or another compatible IDE, select the ChaosConsole (Multi) profile before running the code. The table below shows the supported chaos strategies being used to test the standard resilience strategies and the business logic around it.
| Strategy | Type | What does the strategy do? |
|---|---|---|
| Fault | Proactive | Injects exceptions into the system. |
| Latency | Proactive | Injects latency into executions before the calls are made. |
| Outcome | Reactive | Injects fake outcomes (results or exceptions) into the system. |
Maven Version Checker is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
Thanks for your interest in contributing! There are many ways to contribute to this project. Get started here.
Many commonly asked questions are answered in the FAQ: https://github.com/StevenJDH/maven-version-checker/wiki/FAQ
| Method | Address |
|---|---|
| PayPal: | https://www.paypal.me/stevenjdh |
| Cryptocurrency: | Supported options |
// Steven Jenkins De Haro ("StevenJDH" on GitHub)