Add a managed dependency for kubernetes-kit-starter

[javier-godoy]

The Vaadin 23.3 BOM includes a managed dependency for kubernetes-kit-starter:1.0-SNAPSHOT. This, in turn, gets inherited by the project's effective POM as a managed dependency. Consequently, Maven Central rejects the build because it does not allow releases to have SNAPSHOT managed dependencies, even if the dependency isn't directly used in the project.

See https://github.com/FlowingCode/AddonsInternal/issues/111

Summary by CodeRabbit

• Chores
  • Upgraded the underlying UI framework version, delivering stability and compatibility improvements.
  • Updated demo-related components to a newer version, aligning with recent enhancements and fixes.
  • Added Kubernetes integration capability via a new starter, improving deployment and operational robustness for Kubernetes environments.

[coderabbitai]

Walkthrough

Updates the Vaadin BOM version, adds a new managed dependency for Kubernetes Kit Starter, and bumps the commons-demo dependency version within dependencyManagement in pom.xml.

Changes

Cohort / File(s)	Summary of changes
Vaadin BOM version update pom.xml	Property vaadin.version updated from 23.3.15 to 23.3.35.
Add managed dependency: Kubernetes Kit Starter pom.xml	Added com.vaadin:kubernetes-kit-starter:1.0.0 to dependencyManagement.
Update managed dependency: commons-demo pom.xml	Updated com.flowingcode.vaadin.addons.demo:commons-demo from 3.8.0 to 3.10.0 in dependencyManagement.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title accurately and concisely summarizes the primary change in this PR: adding a managed dependency for kubernetes-kit-starter. It directly reflects the POM modification shown in the raw_summary and aligns with the PR objectives to manage that dependency to avoid a SNAPSHOT inheritance issue. The phrasing is short, specific, and suitable for someone scanning the repository history.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch 20250922

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9ecf02d and cdf4a99.

📒 Files selected for processing (1)

• pom.xml (2 hunks)

🔇 Additional comments (3)

pom.xml (3)

13-13: Vaadin BOM bumped to 23.3.35 — looks good.

Keeps plugin alignment via ${vaadin.version} and updates javadoc links accordingly.

---

62-66: Approve — override looks correct; run local Maven checks (mvn unavailable in sandbox)

Explicitly setting com.vaadin:kubernetes-kit-starter to 1.0.0 should remove the BOM SNAPSHOT; add this XML comment to prevent accidental reversion.

File: pom.xml (lines 62–66)

             <dependency>
+                <!-- Override Vaadin BOM's managed SNAPSHOT (com.vaadin:kubernetes-kit-starter:1.0-SNAPSHOT)
+                     with a release to satisfy Central publishing requirements. -->
                 <groupId>com.vaadin</groupId>
                 <artifactId>kubernetes-kit-starter</artifactId>
                 <version>1.0.0</version>
             </dependency>

Run these checks locally (mvn required):

#!/bin/bash
set -euo pipefail

# 1) Ensure no SNAPSHOT deps are present in the effective POM
mvn -q help:effective-pom -Doutput=effective-pom.xml
if rg -n -- '-SNAPSHOT<' effective-pom.xml; then
  echo "ERROR: SNAPSHOT dependency found in effective POM" >&2
  exit 1
fi

# 2) Verify artifact exists in Maven Central
mvn -q dependency:get -Dartifact=com.vaadin:kubernetes-kit-starter:1.0.0 -Dtransitive=false
echo "OK: com.vaadin:kubernetes-kit-starter:1.0.0 resolved"

# 3) Show the managed version that will apply
mvn -q help:evaluate -Dexpression=project.dependencyManagement -DforceStdout | rg -n "kubernetes-kit-starter|version"

---

70-70: commons-demo: 3.10.0 resolves on Maven Central; API compatibility not verified — confirm locally

• Verified: commons-demo-3.10.0 POM and JAR are present on Maven Central.
• Tests reference com.flowingcode.vaadin.addons.demo (examples in src/test/java/com/flowingcode/vaadin/addons/gridhelpers/, e.g. AddToolbarFooterDemo.java, GridHelpersDemoView.java).
• Action: run locally mvn -q dependency:get -Dartifact=com.flowingcode.vaadin.addons.demo:commons-demo:3.10.0 -Dtransitive=false and execute the test suite (or inspect commons-demo-3.10.0.jar for DemoSource/TabbedDemo and the method signatures used by tests) to confirm there are no breaking API changes.

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[javier-godoy]

Close in favor of #139