Generating a BOM with gradle

I currently have the following build.gradle, I have 2 problems with it that I’d like to sort out, I’ve asked on Stackoverflow but so far no response

  1. withXml(…) seems like a bit of a hack, is there a cleaner way to generate the file using the dsl and then use that file to override the default generated file?
  2. How can I add a parent to this BOM? I’m thinking it would be better to continue an extension of spring platform than to try to use a flat structure. Everything I’ve tried has either failed to build, or simply adds nothing.
group 'com.xenoterracide'
version '0.1.0-SNAPSHOT'

repositories {
    maven {
        url System.getenv('JAR_REPOSITORY_URI')

apply plugin: 'maven-publish'
apply plugin: 'maven'

publishing {
    repositories {
        maven {
            url System.getenv('JRS_S3_URI')
            credentials(AwsCredentials) {
                accessKey System.getenv('JRS_ACCESSKEYID')
                secretKey System.getenv('JRS_SECRETACCESSKEY')
    publications {
        maven(MavenPublication) {
            pom.withXml {
                def sb = asString()
                sb.setLength 0
                sb.append  file( "$buildDir/bom.pom" ).text
                println( sb.toString() )

build.doFirst {
    pom {
        project {
            packaging 'pom'
            properties {
                equalsverifier   version: "2.3.3"
                mbassador        version: "1.3.1"
                tika             version: "1.15"
                immutables       version: "2.5.5"
                assertj          version: "3.8.0"
                s3mock           version: "0.2.2"
                aws              version: "1.11.207"
                "slf4j-test"     version: "1.1.0"
                "jcabi-matchers" version: "1.3"
            dependencyManagement {
                dependencies {
                    dependency 'org.assertj:assertj-core:${assertj.version}'
                    dependency 'nl.jqno.equalsverifier:equalsverifier:${equalsverifier.version}'
                    dependency 'net.engio:mbassador:${mbassador.version}'
                    dependency 'org.apache.tika:tika-core:${tika.version}'
                    dependency 'org.immutables:builder:${immutables.version}'
                    dependency 'org.immutables:value:${immutables.version}'
                    dependency 'io.findify:s3mock_2.12:${s3mock.version}'
                    dependency 'com.jcabi:jcabi-matchers:${jcabi-matchers.version}'
                    dependency '${slf4j-test.version}'
            licenses {
                license {
                    name 'The Apache Software License, Version 2.0'
                    url ''
                    distribution 'repo'


First of all, you are using both ‘maven-publish’ and ‘maven’ plugins, which is wrong: select one or another. Personally, I prefer maven-publish.

I’m using a separate module to generate a bom file where target pom is modified with withXml section (using my pom plugin, but it doesn’t matter as its essentially using maven-publish’s withXml).

You can see it here:
Dependencies are managed with spring’s dependency-management plugin in the root project (and so dependencyManagement section is automatically included into the bom). I only have to manually add project modules to the bom.