No commits on GitHub since 2022, the slack channel is dead silent, and it seems everyone here recommends deps.edn. Is Leiningen worth using in 2023 or should I jump ship?

  • will_i_be_pretty@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I think it would be a terrible loss if it did, though it’s getting harder to compete with deps’ blessed status as the developers’ baby, even if I find the experience of the latter drastically worse.

    • BetGlass7087@alien.topOPB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Okay that is somewhat reassuring.

      So, where do most folks get support? On Slack, deps.edn questions are answered quickly, whereas lein questions tend to linger. I got stuck trying to get git deps to work, and it’s hard to ignore that many Clojure projects on GitHub have moved away from lein. It’s left me wondering if I am falling behind with the modern Clojure ecosystem

      • OknoLombarda@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        To be honest, I have no idea. Leiningen has a IRC channel, but I’m not sure it’s the right place to ask for support

    • seymores@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Cool! Now can we get a proper transitive deps so there is no more reason to not rely on lein long term? 😅

    • kosako2007@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      It is curious because babashka itself uses ‘bb.edn’ as a means of configuring the dependencies of a project.

      • kosako2007@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Babashka also made possible ‘lein2deps’ and ‘neil’ two commands that help with the definition of a deps.edn.

      • rahul_de@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        One of the babashka maintainers here. bb.edn is for projects that run on babashka not for standard JVM projects. Since babashka itself is a standard JVM project we use tools.deps/lein as usual.

    • rahul_de@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Don’t think there is a good reason to keep lein but one of the reasons we keep it is that it all “just works” and we would not like to change things just for the sake of it. “Don’t change anything unless its broken” :)

  • slifin@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I don’t think Leiningen is dead but I think Boot is

    My suggestion would be to start learning deps.edn though

  • lion_rouge@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I personally use Leiningen. Still not proficient with this deps.edn stuff. And it requires you to do lots of things from scratch. YAML vibes. I believe there are helper binaries but there are many with different features and you need to choose

  • flh13@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    lein just works and stable but deps and tools is newer and the usage within the community is about 50/50.

    I fear the new development of plugins etc may not happen for lein

    • NoahTheDuke@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      In my limited experience, writing leingen plugins was annoying. I don’t miss those days.

      • seancorfield@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        That was why we switched from Leiningen to Boot in 2015.

        And then we switched from Boot to CLI/deps.edn in 2018 and jumped on tools.build as soon as it appeared.

    • fszdg@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      It may sound bad, but I agree. The split between tools deps and lein just creates confusion and friction with newcomers, who start using clojure with deps, but inevitably run into a library that’s built with lein. Also, mixing lein dependencies into a tools deps project breaks things like overriding transitive dependencies.

      • weavejester@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I know tools.deps and Leiningen/Maven have subtly different dependency resolution logic, but is this a problem in practice? I’ve never run into myself, and surely its trivially fixed by making the dependencies explicit.

        • fszdg@alien.topB
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Apologies, I don’t have a lot of time to dig into this further and my memory has faded since I last ran into this, but I remember at least two issues:

          • when I want to use a :git/url version of a library that’s built with lein, I have to use :deps/manifest :deps and I believe that there’s basically no way for clj to know about the dependencies of the library that way (keep in mind that pom.xml is not usually checked into git for these libraries). The way I used this was to override the fi.metosin/reitit-openapi transitive sub-module of fi.metosin/reitit (which I got from clojars), so I already had all the other dependencies in the classpath.

          • I had a private fork of a library that was built with lein and was relying on build steps that could have been solved :deps/prep-lib if the lib was using tools deps

          The reasons I had to use git refs and private forks are fixed now in the upstream of the libraries so I don’t have my workarounds anymore.

  • weavejester@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I still use Leiningen for libraries, as it currently has better jar generation/deployment functionality than the deps.edn ecosystem.

    • seancorfield@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      What’s missing at this point? (comparing Leiningen to tools.deps + tools.build + deps-deploy – which is the stack I’ve switched all my library projects over to)

      • weavejester@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        tools.build lacks support for adding project descriptions, URLs and licenses to pom files. Or more accurately, it expects that you maintain a pom file in source control, which it then updates and edits for you. By contrast, Leiningen generates one from scratch from the project file.

        So in Leiningen you have a user generated project file which you keep in source control, and a machine generated pom file you keep out of source control. In tools.deps, the pom file is intended to be both user and machine edited, an approach I really don’t like.

        deps-deploy insists on getting the GPG signing password itself, rather than relying on gpg-agent to manage authentication. This means that if I want to deploy a signed package with deps-deploy, I need to enter my password in every time. Leiningen defers this to gpg-agent, which allows the OS to handle authentication.

            • gnl_@alien.topB
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              Yup, seemed like the most straightforward solution. But other than installing it once and writing a basic ~/.m2/settings.xml to point it to the environment for repo credentials, you should never have to think about it again.

              If all you need from Leiningen is build/install/deploy a library jar, build.simple should have you covered. I’m dogfooding it in my other recent project Playback – so far so good.

        • seancorfield@alien.topB
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          tools. Build lacks support for adding project descriptions, URLs and licenses to pom files

          No, it specifically supports this now.

          it expects that you maintain a pom file in source control

          Nope. That’s never been true. It’s always been optional.

          GPG

          Fair enough. I haven’t signed JARs for years and found the whole gpg-agent thing to be a giant mess on both Mac and Windows (is it even possible on Windows?). Pretty much everyone has given up on signing at this point, I think? Clojars certainly doesn’t care any more. In other words, this feels like a straw man / moot argument.

          • gnl_@alien.topB
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Pretty much everyone has given up on signing at this point, I think?

            I sign all my packages (and also my release commits and tags) – the infrastructure and tools to support easy and thorough artifact verification may not exist at this point, but I’d rather see us collectively push things in that direction than give up on supply chain security altogether.

            Nope. That’s never been true. It’s always been optional.

            Maybe technically optional, but practically not so much – if you wanted to edit any metadata like project description, licenses, etc., you needed a pom.xml template file. The recent :pom-data in 0.9.6 is certainly a step forward.

          • weavejester@alien.topB
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Build lacks support for adding project descriptions, URLs and licenses to pom files

            No, it specifically supports this now.

            That’s good to hear. It looks like that functionality was only added in 2 weeks ago, though.

            it expects that you maintain a pom file in source control

            Nope. That’s never been true. It’s always been optional.

            It’s possible I misinterpreted Alex Miller’s response, but when I asked previously about how to support extra pom data (before :pom-data), that was the answer I was given: “We don’t support lots of elements as we can sync from a source pom[. ]So write the pom template with whatever you need and sync that”

            Pretty much everyone has given up on signing at this point, I think? Clojars certainly doesn’t care any more. In other words, this feels like a straw man / moot argument.

            I still sign all my packages. I mean, why not? I already have it all set up. It may be that I’m in the minority, but removing signatures would feel like a step backward.

            I’m not sure why you consider this a “straw man / moot argument”. Note that I’m not advocating people use Leiningen, I’m just stating the reasons I still use Leiningen.

            • alexdmiller@alien.topB
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              You interpreted my response correctly at the time … my mind was changed. :)

              Nobody anywhere checks the signature (and if you try using the tools provided, you’ll find out why), so signatures are largely security theater in maven world. This is bad, and we should do better. Hoping to eventually have time to work more on this, and have had some sidebars with Phil H about it.

  • hrrld@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Very much still alive - we find it simpler than deps.edn and related tools for many tasks. Learn both.

      • flh13@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        We should stop repeating this line - it is simpler but not easier… or similar variant. It is becoming extremely cringe.

        Whenever there’s some criticism we paste this line

        • seancorfield@alien.topB
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          It’s core to Clojure’s design principles tho’. If you think it’s “cringe” then maybe Clojure isn’t for you? Seriously, the mantra of Clojure’s design is small, simple pieces, composed together. Easy = familiar. Leiningen is “easy” because it’s like build tools in other languages. Clojure CLI / deps.edn is simple because it’s designed specifically for composition. It’s a really important distinction.