gRPC BOM

The gRPC BOM (Bill of Materials) provides centralized dependency management for all gRPC Java libraries. It uses Gradle's java-platform plugin and Maven's dependency management to ensure version consistency across the entire gRPC Java ecosystem, eliminating version conflicts and simplifying dependency declarations.

Package Information

• Package Name: grpc-bom
• Package Type: maven (Java platform BOM)
• Language: Java (build configuration)
• Installation: Import as platform dependency in build configuration

Core Imports

Maven

<dependencyManagement>
    <dependencies>
        <dependency>
            <groupId>io.grpc</groupId>
            <artifactId>grpc-bom</artifactId>
            <version>1.73.0</version>
            <type>pom</type>
            <scope>import</scope>
        </dependency>
    </dependencies>
</dependencyManagement>

Gradle (Kotlin DSL)

dependencies {
    implementation(platform("io.grpc:grpc-bom:1.73.0"))
}

Gradle (Groovy DSL)

dependencies {
    implementation platform('io.grpc:grpc-bom:1.73.0')
}

Basic Usage

After importing the BOM, declare gRPC dependencies without version numbers:

Maven

<dependencies>
    <dependency>
        <groupId>io.grpc</groupId>
        <artifactId>grpc-netty-shaded</artifactId>
    </dependency>
    <dependency>
        <groupId>io.grpc</groupId>
        <artifactId>grpc-protobuf</artifactId>
    </dependency>
    <dependency>
        <groupId>io.grpc</groupId>
        <artifactId>grpc-stub</artifactId>
    </dependency>
</dependencies>

Gradle

dependencies {
    implementation("io.grpc:grpc-netty-shaded")
    implementation("io.grpc:grpc-protobuf")
    implementation("io.grpc:grpc-stub")
}

Architecture

The gRPC BOM operates as a platform specification that provides:

• Version Constraints: Centralized version management for all gRPC components
• Consistency Guarantees: Ensures compatible versions across all gRPC dependencies
• Simplified Declarations: Eliminates need to specify versions for individual gRPC artifacts
• Conflict Resolution: Prevents version conflicts between different gRPC libraries

Capabilities

Dependency Management

The BOM provides version constraints for all published gRPC Java libraries, automatically managing compatibility between components.

<!-- Platform BOM import (Maven) -->
<dependency>
    <groupId>io.grpc</groupId>
    <artifactId>grpc-bom</artifactId>
    <version>1.73.0</version>
    <type>pom</type>
    <scope>import</scope>
</dependency>

// Platform BOM import (Gradle)
implementation platform('io.grpc:grpc-bom:1.73.0')

Managed Dependencies

The BOM manages version constraints for exactly 30 gRPC Java modules plus the protocol compiler plugin. All dependencies are managed at version 1.73.0:

Core Libraries

• grpc-all: Meta-package containing all common gRPC dependencies
• grpc-api: Core gRPC API interfaces and contracts
• grpc-core: Core gRPC implementation with client and server functionality
• grpc-context: Context propagation utilities for request scoping
• grpc-stub: Client and server stub generation support

Transport Implementations

• grpc-netty: Netty-based transport implementation
• grpc-netty-shaded: Shaded Netty transport preventing dependency conflicts
• grpc-okhttp: OkHttp-based transport implementation for mobile/constrained environments
• grpc-inprocess: In-process transport for testing and microservice communication

Protocol and Serialization

• grpc-protobuf: Protocol Buffers message serialization support
• grpc-protobuf-lite: Lightweight Protocol Buffers support for mobile
• grpc-googleapis: Google API support libraries and common protocols

Authentication and Security

• grpc-auth: Authentication support with OAuth2 and JWT integration
• grpc-alts: Application Layer Transport Security for Google Cloud
• grpc-s2a: Secure Service-to-Service Authentication

Service Discovery and Load Balancing

• grpc-xds: xDS-based service discovery and load balancing
• grpc-grpclb: gRPC load balancer support
• grpc-rls: Rate Limiting Service support

Observability and Monitoring

• grpc-census: Census-based monitoring (deprecated, use OpenTelemetry)
• grpc-opentelemetry: OpenTelemetry integration for tracing and metrics
• grpc-context-override-opentelemetry: OpenTelemetry context override utilities
• grpc-gcp-observability: Google Cloud Platform observability integration
• grpc-gcp-csm-observability: GCP Client Side Monitoring

Testing and Development

• grpc-testing: Testing utilities and helpers for unit and integration tests
• grpc-testing-proto: Protocol definitions for interoperability testing
• grpc-interop-testing: Interoperability testing support
• grpc-benchmarks: Performance benchmarking tools and utilities

Extended Functionality

• grpc-services: Additional gRPC services (health checking, reflection, channelz)
• grpc-servlet: Java Servlet container integration
• grpc-servlet-jakarta: Jakarta EE servlet integration
• grpc-util: Utility classes and helper functions

Code Generation

• protoc-gen-grpc-java: Protocol compiler plugin for Java code generation (POM-type dependency)

Version Consistency

/**
 * All managed dependencies inherit the BOM version (1.73.0)
 * ensuring compatibility across the entire gRPC ecosystem.
 * No explicit version numbers needed in dependency declarations.
 */

Implementation Details

Build Configuration

The BOM is implemented using Gradle's java-platform plugin with automatic module discovery:

plugins {
    id 'java-platform'
    id 'maven-publish'
}

// Automatically includes all publishable gRPC subprojects as constraints
gradle.projectsEvaluated {
    def projectsToInclude = rootProject.subprojects.findAll {
        return it.name != 'grpc-compiler'  // Explicitly excluded
            && it.plugins.hasPlugin('java')
            && it.plugins.hasPlugin('maven-publish')
            && it.tasks.findByName('publishMavenPublicationToMavenRepository')?.enabled
    }
    dependencies {
        constraints {
            projectsToInclude.each { api it }
        }
    }
}

// Manually add protoc-gen-grpc-java as POM-type dependency
publishing {
    publications {
        maven(MavenPublication) {
            from components.javaPlatform
            pom {
                withXml {
                    def dependencyManagement = asNode().dependencyManagement[0]
                    def dependencies = dependencyManagement.dependencies[0]
                    dependencies.appendNode('dependency').with {
                        appendNode('groupId', 'io.grpc')
                        appendNode('artifactId', 'protoc-gen-grpc-java')
                        appendNode('version', version)
                        appendNode('type', 'pom')
                    }
                }
            }
        }
    }
}

Platform Compatibility

• Java Versions: Compatible with all Java versions supported by individual gRPC components (Java 8+)
• Build Tools: Maven 3.x+, Gradle 6.x+
• Artifact Type: Java platform BOM (uses <type>pom</type> in Maven, java-platform in Gradle)
• Publishing: Published to Maven Central as a platform artifact

Usage Patterns

Standard gRPC Application:

dependencies {
    implementation platform('io.grpc:grpc-bom:1.73.0')
    implementation 'io.grpc:grpc-netty-shaded'
    implementation 'io.grpc:grpc-protobuf'
    implementation 'io.grpc:grpc-stub'
}

Testing with gRPC:

dependencies {
    implementation platform('io.grpc:grpc-bom:1.73.0')
    implementation 'io.grpc:grpc-netty-shaded'
    testImplementation 'io.grpc:grpc-testing'
    testImplementation 'io.grpc:grpc-inprocess'
}

Full-featured gRPC Service:

dependencies {
    implementation platform('io.grpc:grpc-bom:1.73.0')
    implementation 'io.grpc:grpc-netty-shaded'
    implementation 'io.grpc:grpc-protobuf'
    implementation 'io.grpc:grpc-stub'
    implementation 'io.grpc:grpc-services'
    implementation 'io.grpc:grpc-auth'
    implementation 'io.grpc:grpc-opentelemetry'
}