[jbossdeveloper] Maven Configuration - preferred method

Max Rydahl Andersen manderse at redhat.com
Wed Aug 27 11:24:28 EDT 2014


On 27 Aug 2014, at 15:37, Rafael Benevides wrote:

> After reading it I have some more reasons to think that we should do 
> it.
>
> The blog isn't totally against. It says: "The short answer is: 
> settings. The long answer is: it depends."

Since I was the one being referenced let me summarize too:

It is just bad period for any widely publically shared pom to add 
additional repositories since
it will change any downstream projects using it.

That is why we say it should not be in any of the product runtime POM, 
BOM's etc.

For examples and quickstarts there is the crucial difference that these 
pom's are *not* intended to be shared by other projects
thus it is less of an issue and we in that thread and others weighted 
that the out-of-box usability was greater than
the proper best practice since these pom's are *not* to be used/shared 
by other projects.

> The main reason that they identify is that " The entries you have 
> defined will be burned forever into your released POMs. This means 
> that, should the URLs change down the road, anyone consuming your POMs 
> will face these broken URLs and have to track down the new ones 
> manually."

Right now we are looking at the repository url changing multiple times 
(/earlyaccess/all, /techpreview/all, /all) for examples so things are 
changing (unfortunately)

> For our products we have the obligation to keep it for 5 years, so we 
> already can't change the repo URL. Plus the fact that our quickstarts 
> are not available through the Maven Central.

don't know where you get 5 years from - they need to be much longer.

> The blog itself also says: " If you are exposing your source and want 
> to make it easy for others to build, then consider adding a repository 
> entry to your POM, but don’t pick a URL lightly, think long-term, 
> and use a URL that will always be under your control. If your URL has 
> to change down the road, make sure that you will always be able to 
> track 404s and write the appropriate mod_rewrite rules to ensure that 
> future builds will be able to find the appropriate artifacts."
>
> Maybe I can be trying to convince myself, but what we're trying to 
> achieve is "exposing your our source and want to make it easy for 
> others to build"

Look under the "Open Source Projects" - those are the concerns we are 
under. The article is talking more about it being more okey for your 
inhouse stuff.


Anyway - I believe for the released runtime pom's we cnanot add the 
repository urls but for the quickstart examples it is okey because of 
the usability aspect.

/max

> Em 8/27/14, 8:52, Sande Gilda escreveu:
>> This was the email discussing the cons....
>>
>>
>> -------- Original Message --------
>> Subject: 	Re: Maven Configuration - preferred method
>> Date: 	Thu, 26 Apr 2012 18:50:57 +0200
>> From: 	Max Rydahl Andersen <max.andersen at redhat.com>
>> To: 	Sande Gilda <sgilda at redhat.com>
>> CC: 	Burr Sutter <bsutter at redhat.com>, Pete Muir <pmuir at redhat.com>, 
>> Paul Gier <pgier at redhat.com>, 
>> jboss-developer-usability-internal at redhat.com
>>
>>
>>
>> > I have inherited some Maven configuration documentation and am 
>> trying to verify a statement that was made in a topic on how to 
>> configure the project POM file to use the JBoss EAP Maven Repository.
>> >
>> > It basically says:
>> > "Red Hat recommends configuring the Maven repository in your 
>> project's pom.xml file so the configuration applies regardless of 
>> where the project is built."
>> > This is as opposed to using the Maven settings.
>>
>> This recommendation is broken standing on its own.
>>
>> Read:http://www.sonatype.com/people/2009/02/why-putting-repositories-in-your-poms-is-a-bad-idea/
>>
>> We don't even do this for our own products and with good reasons.
>>
>> I know some projects do still do this but it has to be done very 
>> carefully.
>>
>> All the arguments is in the blog from Sonatype.
>>
>> Thus in my opinion we should say something like:
>>
>> "Red Hat recommends configuration the Maven repository in your 
>> settings.xml and only place the repositories in your pom.xml if you 
>> understand the consequence of doing so, see <linktosontaypeblog>"
>> "For a team the simplest way is to host the maven repository on a 
>> shared webserver or use a repository manager such as Nexus or 
>> Artifactory and use these settings in their ~/.m2/settings.xml"
>>
>> > Here are my questions:
>> > 	• Is the really the preferred and recommended configuration? 
>> This would only work if the repository is stored on a shared server. 
>> If the repository is installed on the local file system, this 
>> wouldn't work.
>>
>> Yes, exactly.
>>
>> > 	• For distributed development, it seems like it limits what a 
>> developer can do to optimize the build process.
>>
>> Yup.
>>
>> plus if the customer is putting this into  a pom that is referred to 
>> by other projects he can actually "inject" this repository into other 
>> users/customers builds which expect their builds to use nothing but 
>> their hosted repository.
>>
>> > What should we be recommending here? Maven settings or project POM? 
>> Or does it just depend? Should we be recommending anything?
>>
>>
>>
>>
>
> _______________________________________________
> jbossdeveloper mailing list
> jbossdeveloper at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/jbossdeveloper


/max
http://about.me/maxandersen



More information about the jbossdeveloper mailing list