DEV Community: purewater02 The latest articles on DEV Community by purewater02 (@pw_dev_77cd4ebd591e47b410). https://dev.to/pw_dev_77cd4ebd591e47b410 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3991062%2Fb4a49748-f7a2-4414-8a0d-bf002bd82bf6.png DEV Community: purewater02 https://dev.to/pw_dev_77cd4ebd591e47b410 en Spring Boot 3 migration: I built a local CLI that generates risk estimates in minutes purewater02 Sun, 21 Jun 2026 18:26:36 +0000 https://dev.to/pw_dev_77cd4ebd591e47b410/spring-boot-3-migration-i-built-a-local-cli-that-generates-risk-estimates-in-minutes-223k https://dev.to/pw_dev_77cd4ebd591e47b410/spring-boot-3-migration-i-built-a-local-cli-that-generates-risk-estimates-in-minutes-223k <h1> Spring Boot 3 migration: I built a local CLI that generates risk estimates in minutes </h1> <p>Spring Boot 3 is not just another dependency bump.</p> <p>For many teams, the upgrade from Spring Boot 2.x to 3.x bundles several migrations at once:</p> <ul> <li>Java 17+ baseline</li> <li> <code>javax.*</code> → <code>jakarta.*</code> namespace migration</li> <li>Spring Security 5 → 6 configuration changes</li> <li>Hibernate 5 → 6 compatibility risks</li> <li>dependency coordinate updates</li> <li>CI/runtime surprises</li> </ul> <p>The hard question usually comes before implementation:</p> <blockquote> <p>What will break, how risky is it, and how many sprints should we reserve?</p> </blockquote> <p>I built <strong>Spring Upgrade Radar</strong> as a local-first CLI and GitHub Action to answer that planning question.</p> <h2> What it does </h2> <p>Spring Upgrade Radar scans a Spring Boot Maven/Gradle project and generates:</p> <ul> <li>Executive summary for CTOs, EMs, tech leads, and backend teams</li> <li>Risk score and migration readiness grade</li> <li>Top migration risks ranked by impact</li> <li>Estimated sprint-by-sprint roadmap</li> <li>Recommended migration backlog</li> <li>Ticket exports for JSON, Jira CSV, and GitHub Issues Markdown</li> <li>Markdown and HTML reports</li> </ul> <p>The goal is not automatic rewriting. The goal is to give teams a practical first estimate before they start a migration project.</p> <h2> Why local-first matters </h2> <p>Your source code does not need to leave your machine.</p> <p>Many teams cannot upload production code to a hosted SaaS scanner. Spring Upgrade Radar runs locally, in your own CI, or on a private runner. The default workflow generates a full report without uploading source code anywhere.</p> <h2> Why this helps before AI coding agents </h2> <p>Spring Upgrade Radar can also be used as a deterministic preflight step.</p> <p>Instead of letting an LLM explore the codebase from scratch, run the CLI or GitHub Action first. The tool produces a risk map, estimated roadmap, and migration ticket backlog. That structured plan becomes the starting context for your coding agent, reducing token spend on repeated discovery and letting the LLMfocus on implementation and review.</p> <h2> GitHub Action usage </h2> <p>The v0.1.1 release is available as a free GitHub Action:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">Spring Upgrade Radar</span> <span class="na">on</span><span class="pi">:</span> <span class="na">workflow_dispatch</span><span class="pi">:</span> <span class="na">pull_request</span><span class="pi">:</span> <span class="na">paths</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">**/pom.xml"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">**/build.gradle"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">**/*.java"</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">scan</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/setup-python@v5</span> <span class="na">with</span><span class="pi">:</span> <span class="na">python-version</span><span class="pi">:</span> <span class="s2">"</span><span class="s">3.11"</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">purewater02/spring-upgrade-radar@v0.1.1</span> <span class="na">with</span><span class="pi">:</span> <span class="na">project-path</span><span class="pi">:</span> <span class="s2">"</span><span class="s">."</span> <span class="na">target-version</span><span class="pi">:</span> <span class="s2">"</span><span class="s">3.5"</span> <span class="na">output-dir</span><span class="pi">:</span> <span class="s2">"</span><span class="s">spring-upgrade-radar-output"</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/upload-artifact@v4</span> <span class="na">with</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">spring-upgrade-radar-report</span> <span class="na">path</span><span class="pi">:</span> <span class="s">spring-upgrade-radar-output/</span> </code></pre> </div> <h2> Local CLI quick start </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git clone https://github.com/purewater02/spring-upgrade-radar.git <span class="nb">cd </span>spring-upgrade-radar python3 <span class="nt">-m</span> venv .venv <span class="nb">.</span> .venv/bin/activate pip <span class="nb">install</span> <span class="nt">-e</span> <span class="nb">.</span> spring-upgrade-radar scan /path/to/your/spring-project <span class="se">\</span> <span class="nt">--target</span> 3.5 <span class="se">\</span> <span class="nt">--output</span> out/report.md <span class="se">\</span> <span class="nt">--html-output</span> out/report.html <span class="se">\</span> <span class="nt">--tickets-json</span> out/tickets.json <span class="se">\</span> <span class="nt">--jira-csv</span> out/jira.csv <span class="se">\</span> <span class="nt">--github-issues-md</span> out/github-issues.md </code></pre> </div> <h2> Example output </h2> <p>A report starts with an executive summary like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight markdown"><code><span class="gh"># Executive Summary</span> <span class="p"> -</span> Spring Boot: 2.6.2 → 3.5 <span class="p">-</span> Java: 8 <span class="p">-</span> Risk score: 100/100 | Grade: C (Critical) <span class="gu">## Top 3 Risks</span> <span class="p">1.</span> Spring Boot 2.x → 3.x major migration <span class="p">2.</span> Java 17 baseline gap <span class="p">3.</span> JPA javax.persistence imports <span class="gu">## Estimated Roadmap</span> <span class="p">-</span> Sprint 1: Java 17+ build/runtime baseline — Estimated Time: 2 weeks <span class="p">-</span> Sprint 2: javax → jakarta namespace migration — Estimated Time: 2 weeks <span class="p">-</span> Sprint 3: dependency major upgrades — Estimated Time: 2 weeks <span class="p">-</span> Sprint 4: Spring Boot 3.x migration validation — Estimated Time: 1 week </code></pre> </div> <p>The full report includes evidence for each finding and exportable tickets for Jira and GitHub Issues.</p> <h2> Current check scope </h2> <p>v0.1.1 intentionally starts narrow. Current checks include:</p> <ul> <li>Spring Boot 2.x → 3.x migration risk</li> <li>Java baseline compatibility</li> <li>Jakarta Persistence import migration (<code>javax.persistence</code> → <code>jakarta.persistence</code>)</li> <li>Spring Security legacy configuration patterns</li> <li>JSP/JSTL Jakarta compatibility risks</li> <li>MySQL Connector/J coordinate migration</li> <li>Wrapper and CI execution readiness</li> </ul> <p>More checks will be added in later releases.</p> <h2> Links </h2> <ul> <li>Landing page: <a href="https://purewater02.github.io/spring-upgrade-radar/" rel="noopener noreferrer">https://purewater02.github.io/spring-upgrade-radar/</a> </li> <li>GitHub repo: <a href="https://github.com/purewater02/spring-upgrade-radar/" rel="noopener noreferrer">https://github.com/purewater02/spring-upgrade-radar/</a> </li> <li>Sample report: <a href="https://purewater02.github.io/spring-upgrade-radar/sample-report-SpringBoot_JPA_Blog_Prj.md" rel="noopener noreferrer">https://purewater02.github.io/spring-upgrade-radar/sample-report-SpringBoot_JPA_Blog_Prj.md</a> </li> <li>Migration checklist article: <a href="https://purewater02.github.io/spring-upgrade-radar/articles/spring-boot-27-to-3x-migration-checklist.html" rel="noopener noreferrer">https://purewater02.github.io/spring-upgrade-radar/articles/spring-boot-27-to-3x-migration-checklist.html</a> </li> </ul> <h2> Feedback wanted </h2> <p>This is an early v0.1.1 release. I am especially interested in feedback from teams that have already done, or are currently planning, Spring Boot 3 migrations.</p> <p>Useful feedback would be:</p> <ul> <li>Which migration risks are missing?</li> <li>Which report sections are actually useful for planning?</li> <li>Would your team use this in CI before starting an upgrade?</li> <li>What output format would make adoption easier?</li> </ul> <p>If you try it on a real project, please open a GitHub issue or discussion. Real-world migration edge cases are exactly what will make the next versions better.</p> springboot java opensource devtools