SOLR-17406: Introduce Version Catalogs

build-tools/build-infra/build.gradle

@@ -17,7 +17,7 @@
 
 plugins {
   id "java-gradle-plugin"
-  id 'com.diffplug.spotless' version '6.5.2' apply false
+  alias(libs.plugins.diffplug.spotless) apply false
 }
 
 repositories {
@@ -34,12 +34,9 @@ apply from: file('../../gradle/validation/check-environment.gradle')
 tasks.register("checkJdkInternalsExportedToGradle") {}
 apply from: file('../../gradle/validation/spotless.gradle')
 
-// Load common script dependencies.
-apply from: file("../scriptDepVersions.gradle")
-
 java {
-  sourceCompatibility = scriptDepVersions['min-java-version']
-  targetCompatibility = scriptDepVersions['min-java-version']
+  sourceCompatibility = JavaVersion.toVersion(libs.versions.minJava.get())
+  targetCompatibility = JavaVersion.toVersion(libs.versions.minJava.get())
 }
 
 gradlePlugin {
@@ -57,5 +54,5 @@ dependencies {
   implementation gradleApi()
   implementation localGroovy()
 
-  implementation "commons-codec:commons-codec:${scriptDepVersions['commons-codec']}"
+  implementation libs.commonscodec.commonscodec
 }

build-tools/build-infra/settings.gradle

@@ -16,3 +16,12 @@
  */
 
 rootProject.name = 'build-infra'
+
+// Use project's version catalog for centralized dependency management
+dependencyResolutionManagement {
+    versionCatalogs {
+        libs {
+            from(files("../../gradle/libs.versions.toml"))
+        }
+    }
+}

build-tools/build-infra/src/main/java/org/apache/lucene/gradle/buildinfra/BuildInfraPlugin.java

@@ -14,7 +14,6 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package org.apache.lucene.gradle.buildinfra;
 
 import java.nio.file.Path;

build-tools/missing-doclet/build.gradle

@@ -17,14 +17,13 @@
 
 plugins {
   id 'java-library'
-  id 'com.diffplug.spotless' version '6.5.2' apply false
+  alias(libs.plugins.diffplug.spotless) apply false
 }
 
 repositories {
   mavenCentral()
 }
 
-version = "1.0.0-SNAPSHOT"
 group = "org.apache.solr.tools"
 description = 'Doclet-based javadoc validation'
 
@@ -36,12 +35,9 @@ apply from: file('../../gradle/validation/check-environment.gradle')
 tasks.register("checkJdkInternalsExportedToGradle") {}
 apply from: file('../../gradle/validation/spotless.gradle')
 
-// Load common script dependencies.
-apply from: file("../scriptDepVersions.gradle")
-
 java {
-  sourceCompatibility = scriptDepVersions['min-java-version']
-  targetCompatibility = scriptDepVersions['min-java-version']
+  sourceCompatibility = JavaVersion.toVersion(libs.versions.minJava.get())
+  targetCompatibility = JavaVersion.toVersion(libs.versions.minJava.get())
 }
 
 tasks.withType(JavaCompile).configureEach {

build-tools/missing-doclet/settings.gradle

@@ -16,3 +16,12 @@
  */
 
 rootProject.name = "missing-doclet"
+
+// Use project's version catalog for centralized dependency management
+dependencyResolutionManagement {
+    versionCatalogs {
+        libs {
+            from(files("../../gradle/libs.versions.toml"))
+        }
+    }
+}

build.gradle

@@ -21,21 +21,23 @@ import java.time.format.DateTimeFormatter
 plugins {
   id 'base'
   id 'solr.build-infra'
-  id 'com.palantir.consistent-versions' version '2.16.0'
-  id 'org.owasp.dependencycheck' version '9.0.8'
-  id 'ca.cutterslade.analyze' version '1.10.0'
-  id 'de.thetaphi.forbiddenapis' version '3.7' apply false
-  id 'de.undercouch.download' version '5.5.0' apply false
-  id 'net.ltgt.errorprone' version '3.1.0' apply false
-  id 'com.diffplug.spotless' version '6.5.2' apply false
-  id 'com.github.node-gradle.node' version '7.0.1' apply false
-}
 
-apply from: file('build-tools/scriptDepVersions.gradle')
+  alias(libs.plugins.carrotsearch.dependencychecks)
+  alias(libs.plugins.owasp.dependencycheck)
+  alias(libs.plugins.cutterslade.analyze)
+  alias(libs.plugins.benmanes.versions)
+  alias(libs.plugins.littlerobots.versioncatalogupdate) apply false
+  alias(libs.plugins.thetaphi.forbiddenapis) apply false
+  alias(libs.plugins.undercouch.download) apply false
+  alias(libs.plugins.ltgt.errorprone) apply false
+  alias(libs.plugins.diffplug.spotless) apply false
+  alias(libs.plugins.nodegradle.node) apply false
+  alias(libs.plugins.openapi.generator) apply false
+}
 
 // Declare default Java versions for the entire project and for SolrJ separately
-rootProject.ext.minJavaVersionDefault = JavaVersion.toVersion(scriptDepVersions['min-java-version'])
-rootProject.ext.minJavaVersionSolrJ = JavaVersion.toVersion(scriptDepVersions['min-solrj-java-version'])
+rootProject.ext.minJavaVersionDefault = JavaVersion.toVersion(libs.versions.minJava.get())
+rootProject.ext.minJavaVersionSolrJ = JavaVersion.toVersion(libs.versions.minSolrJJava.get())
 
 apply from: file('gradle/globals.gradle')
 
@@ -100,7 +102,7 @@ ext {
   }
 
   luceneBaseVersionProvider = project.provider { 
-    def luceneVersion = getVersion('org.apache.lucene:lucene-core')
+    def luceneVersion = libs.versions.apache.lucene.get()
     def m = (luceneVersion =~ /^\d+\.\d+\.\d+\b/)
     if (!m) {
       throw GradleException("Can't strip base version from " + luceneVersion)
@@ -150,7 +152,6 @@ apply from: file('gradle/validation/precommit.gradle')
 apply from: file('gradle/validation/forbidden-apis.gradle')
 apply from: file('gradle/validation/jar-checks.gradle')
 apply from: file('gradle/validation/git-status.gradle')
-apply from: file('gradle/validation/versions-props-sorted.gradle')
 apply from: file('gradle/validation/validate-source-patterns.gradle')
 apply from: file('gradle/validation/rat-sources.gradle')
 apply from: file('gradle/validation/owasp-dependency-check.gradle')
@@ -161,7 +162,7 @@ apply from: file('gradle/validation/validate-log-calls.gradle')
 apply from: file('gradle/validation/check-broken-links.gradle')
 
 apply from: file('gradle/validation/solr.config-file-sanity.gradle')
-
+apply from: file('gradle/validation/dependencies.gradle')
 apply from: file('gradle/validation/spotless.gradle')
 
 // Wire up included builds to some validation tasks.

dev-docs/dependency-upgrades.adoc

@@ -16,30 +16,34 @@
 // specific language governing permissions and limitations
 // under the License.
 
-Solr has lots of 3rd party dependencies, defined mainly in `versions.props`.
+Solr has lots of 3rd party dependencies, defined in `gradle/libs.versions.toml`.
 Keeping them up-to-date is crucial for a number of reasons:
 
 * minimizing the risk of critical CVE vulnerabilities by staying on a recent and supported version
 * avoiding "dependency hell", that can arise from falling too far behind
 
-Read the https://github.com/apache/solr/blob/main/help/dependencies.txt[help/dependencies.txt] file for an in-depth explanation of how gradle is deployed in Solr, using
-https://github.com/palantir/gradle-consistent-versions[Gradle consistent-versions] plugin.
+Read the https://github.com/apache/solr/blob/main/help/dependencies.txt[help/dependencies.txt] file for an in-depth
+explanation of how dependencies are managed.
 
 == Manual dependency upgrades
 In order to upgrade a dependency, you need to run through a number of steps:
 
 1. Identify the available versions from e.g. https://search.maven.org[Maven Central]
-2. Update the version in `versions.props` file
-3. Run `./gradlew --write-locks` to re-generate `versions.lock`. Note that this may cause a cascading effect where
+2. Update the version in `gradle/libs.versions.toml` file
+3. Run `./gradlew writeLocks` to re-generate `versions.lock`. Note that this may cause a cascading effect where
    the locked version of other dependencies also change.
-4. Run `./gradlew updateLicenses` to re-generate SHA1 checksums of the new jar files.
-5. Once in a while, a new version of a dependency will transitively bring in brand-new dependencies.
+4. In case of a conflict, resolve the conflict according to `help/dependencies.txt`
+5. Check if there are any constraints that are obsolete after the dependency update
+6. Update the license and notice files of the changed dependencies if necessary. See `help/dependencies.txt` for
+   details.
+7. Run `./gradlew updateLicenses` to re-generate SHA1 checksums of the new jar files.
+8. Once in a while, a new version of a dependency will transitively bring in brand-new dependencies.
    You'll need to decide whether to keep or exclude them. See `help/dependencies.txt` for details.
 
 == Renovate bot Pull Requests
 A member of the Solr community operates a Github bot running https://github.com/renovatebot/renovate[Renovate], which
 files Pull Requests to Solr with dependency upgrade proposals. The PRs are labeled `dependencies` and do include
-changes resulting from `gradle --write-locks` and `updateLicenses`.
+changes resulting from `./gradlew writeLocks` and `updateLicenses`.
 
 Community members and committers can then review, and if manual changes are needed, help bring the PR to completion.
 For many dependencies, a changelog is included in the PR text, which may help guide the upgrade decision.

gradle/documentation/markdown.gradle

@@ -33,10 +33,10 @@ buildscript {
   }
 
   dependencies {
-    classpath "com.vladsch.flexmark:flexmark:${scriptDepVersions['flexmark']}"
-    classpath "com.vladsch.flexmark:flexmark-ext-abbreviation:${scriptDepVersions['flexmark']}"
-    classpath "com.vladsch.flexmark:flexmark-ext-attributes:${scriptDepVersions['flexmark']}"
-    classpath "com.vladsch.flexmark:flexmark-ext-autolink:${scriptDepVersions['flexmark']}"
+    classpath libs.flexmark.flexmark
+    classpath libs.flexmark.extensions.abbreviation
+    classpath libs.flexmark.extensions.attributes
+    classpath libs.flexmark.extensions.autolink
   }
 }
 

gradle/documentation/pull-lucene-javadocs.gradle

@@ -45,11 +45,11 @@ configure(project(":solr:documentation")) {
     //   from all Solr javadocs?) then perhaps we can find a way to build this list programatically?
     // - If these javadocs are (only every) consumed by the ref guide only, then these deps & associated tasks
     //   should just be moved to the ref-guide build.gradle
-    javadocs group: 'org.apache.lucene', name: 'lucene-core', classifier: 'javadoc'
-    javadocs group: 'org.apache.lucene', name: 'lucene-analysis-common', classifier: 'javadoc'
-    javadocs group: 'org.apache.lucene', name: 'lucene-analysis-stempel', classifier: 'javadoc'
-    javadocs group: 'org.apache.lucene', name: 'lucene-queryparser', classifier: 'javadoc'
-    javadocs group: 'org.apache.lucene', name: 'lucene-spatial-extras', classifier: 'javadoc'
+    javadocs variantOf(libs.apache.lucene.core) { classifier 'javadoc' }
+    javadocs variantOf(libs.apache.lucene.analysis.common) { classifier 'javadoc' }
+    javadocs variantOf(libs.apache.lucene.analysis.stempel) { classifier 'javadoc' }
+    javadocs variantOf(libs.apache.lucene.queryparser) { classifier 'javadoc' }
+    javadocs variantOf(libs.apache.lucene.spatialextras) { classifier 'javadoc' }
   }
 
 

gradle/generation/javacc.gradle

@@ -26,7 +26,7 @@ configure(rootProject) {
   }
 
   dependencies {
-    javacc "net.java.dev.javacc:javacc:${scriptDepVersions['javacc']}"
+    javacc libs.javacc.javacc
   }
 
   task javacc() {

gradle/ide/eclipse.gradle

@@ -21,65 +21,68 @@ import org.gradle.plugins.ide.eclipse.model.ClasspathEntry
 def resources = scriptResources(buildscript)
 
 configure(rootProject) {
-  apply plugin: "eclipse"
+  plugins.withType(JavaPlugin) {
+    apply plugin: "eclipse"
 
-  def relativize = { other -> rootProject.rootDir.relativePath(other).toString() }
+    def eclipseJavaVersion = propertyOrDefault("eclipse.javaVersion", libs.versions.minJava.get())
+    def relativize = { other -> rootProject.rootDir.relativePath(other).toString() }
 
-  eclipse {
-    project {
-      name = "Apache Solr ${version}"
-    }
+    eclipse {
+      project {
+        name = "Apache Solr ${version}"
+      }
 
-    classpath {
-      downloadSources = true
-      downloadJavadoc = true
-      defaultOutputDir = file('build/eclipse')
+      classpath {
+        downloadSources = true
+        downloadJavadoc = true
+        defaultOutputDir = file('build/eclipse')
 
-      file {
-        beforeMerged { classpath -> classpath.entries.removeAll { it.kind == "src" } }
+        file {
+          beforeMerged { classpath -> classpath.entries.removeAll { it.kind == "src" } }
 
-        whenMerged { classpath ->
-          def projects = allprojects.findAll { prj ->
-            return prj.plugins.hasPlugin(JavaPlugin) &&
-                   prj.path != ":solr:solr-ref-guide"
-          }
-
-          Set<String> sources = []
-          Set<File> jars = []
-          projects.each { prj ->
-            prj.sourceSets.each { sourceSet ->
-              sources += sourceSet.java.srcDirs.findAll { dir -> dir.exists() }.collect { dir -> relativize(dir) }
-              sources += sourceSet.resources.srcDirs.findAll { dir -> dir.exists() }.collect { dir -> relativize(dir) }
+          whenMerged { classpath ->
+            def projects = allprojects.findAll { prj ->
+              return prj.plugins.hasPlugin(JavaPlugin) &&
+                     prj.path != ":solr:solr-ref-guide"
             }
 
-            // This is hacky - we take the resolved compile classpath and just
-            // include JAR files from there. We should probably make it smarter
-            // by looking at real dependencies. But then: this Eclipse configuration
-            // doesn't really separate sources anyway so why bother.
-            jars += prj.configurations.compileClasspath.resolve()
-            jars += prj.configurations.testCompileClasspath.resolve()
-          }
+            Set<String> sources = []
+            Set<File> jars = []
+            projects.each { prj ->
+              prj.sourceSets.each { sourceSet ->
+                sources += sourceSet.java.srcDirs.findAll { dir -> dir.exists() }.collect { dir -> relativize(dir) }
+                sources += sourceSet.resources.srcDirs.findAll { dir -> dir.exists() }.collect { dir -> relativize(dir) }
+              }
+
+              // This is hacky - we take the resolved compile classpath and just
+              // include JAR files from there. We should probably make it smarter
+              // by looking at real dependencies. But then: this Eclipse configuration
+              // doesn't really separate sources anyway so why bother.
+              jars += prj.configurations.compileClasspath.resolve()
+              jars += prj.configurations.testCompileClasspath.resolve()
+            }
 
-          classpath.entries += sources.sort().collect {name -> new SourceFolder(name, "build/eclipse/" + name) }
-          classpath.entries += jars.unique().findAll { location -> location.isFile() }.collect { location ->
-            new LibEntry(location.toString())
+            classpath.entries += sources.sort().collect {name -> new SourceFolder(name, "build/eclipse/" + name) }
+            classpath.entries += jars.unique().findAll { location -> location.isFile() }.collect { location ->
+              new LibEntry(location.toString())
+            }
           }
         }
       }
     }
 
     jdt {
-      sourceCompatibility = rootProject.minJavaVersionDefault
-      targetCompatibility = rootProject.minJavaVersionDefault
-      javaRuntimeName = "JavaSE-${rootProject.minJavaVersionDefault}"
+      sourceCompatibility = eclipseJavaVersion
+      targetCompatibility = eclipseJavaVersion
+      javaRuntimeName = "JavaSE-${eclipseJavaVersion}"
     }
-  }
 
-  eclipseJdt {
-    doLast {
-      project.sync {
-        from rootProject.file("${resources}/dot.settings")
-        into rootProject.file(".settings")
+    eclipseJdt {
+      doLast {
+        project.sync {
+          from rootProject.file("${resources}/dot.settings")
+          into rootProject.file(".settings")
+        }
       }
     }
   }