OpenRewrite is an Open Source Software (OSS) application used for automatically refactoring source code. Spring Application Advisor combines OSS recipes with commercial recipes built by the Spring team. These commercial recipes are available only in the Spring Commercial repository. To check how to configure your environment to run the commercial recipes, we recommend following one of the options described in Spring Enterprise Subscription for Application Developers

This topic provides steps for running the Spring Commercial OpenRewrite recipes to upgrade Spring applications. The published recipes use the rewrite version: 2.14.0

There are several options for running OpenRewrite recipes. For simplification purposes, instructions for only the OpenRewrite Maven Plugin are provided.

Upgrade to boot 3.0.x

Use the following Maven command:

./mvnw -B org.openrewrite.maven:rewrite-maven-plugin:5.35.0:runNoFork -Drewrite.recipeArtifactCoordinates=com.vmware.tanzu.spring.recipes:spring-boot-3-upgrade-recipes:1.0.0 -Drewrite.activeRecipes=com.vmware.tanzu.spring.recipes.boot30.UpgradeSpringBoot_3_0

Upgrade to boot 3.1.x

Use the following Maven command:

./mvnw -B org.openrewrite.maven:rewrite-maven-plugin:5.35.0:runNoFork -Drewrite.recipeArtifactCoordinates=com.vmware.tanzu.spring.recipes:spring-boot-3-upgrade-recipes:1.0.0 -Drewrite.activeRecipes=com.vmware.tanzu.spring.recipes.boot31.UpgradeSpringBoot_3_1

Upgrade to Spring Security 5.8.x

Use the following Maven command:

./mvnw -B org.openrewrite.maven:rewrite-maven-plugin:5.35.0:runNoFork -Drewrite.recipeArtifactCoordinates=com.vmware.tanzu.spring.recipes:spring-boot-3-upgrade-recipes:1.0.0 -Drewrite.activeRecipes=com.vmware.tanzu.spring.recipes.security58.UpgradeSpringSecurity_5_8

Upgrade to Spring Security 6.0.x

Use the following Maven command:

./mvnw -B org.openrewrite.maven:rewrite-maven-plugin:5.35.0:runNoFork -Drewrite.recipeArtifactCoordinates=com.vmware.tanzu.spring.recipes:spring-boot-3-upgrade-recipes:1.0.0 -Drewrite.activeRecipes=com.vmware.tanzu.spring.recipes.security60.UpgradeSpringSecurity_6_0

Upgrade to Spring Framework 6.0.x

Use the following Maven command:

./mvnw -B org.openrewrite.maven:rewrite-maven-plugin:5.35.0:runNoFork -Drewrite.recipeArtifactCoordinates=com.vmware.tanzu.spring.recipes:spring-boot-3-upgrade-recipes:1.0.0 -Drewrite.activeRecipes=com.vmware.tanzu.spring.recipes.framework60.UpgradeSpringFramework_6_0

Design Principles

Commercial Spring Recipes follow some design principles that are different from the OSS Spring recipes to avoid duplicated changes and to avoid executing unnecessary recipes. These principles are:

  • Recipes do not perform steps to upgrade previous steps. For instance, the recipe to upgrade to boot 3.1.x does not invoke the recipe to upgrade to boot 3.0.x. It assumes that the user knows that the repository uses boot 3.0.x.

  • Recipes do not upgrade downstream projects. The Spring Framework recipes does not upgrade Spring Security. We recommend using Spring Application Advisor if you don't want to have to remember what combination of recipes need to be executed in your repository.

check-circle-line exclamation-circle-line close-line
Scroll to top icon