The versions of Maven plugins specified in default-bindings.xml is not latest.
For example, maven-resources-plugin is 2.6, but latest is 3.1.0,
maven-jar-plugin is 2.4, but latest is 3.1.0.
https://github.com/apache/maven/blob/master/maven-core/src/main/resources/META-INF/plexus/default-bindings.xml
I think it's not necessary to update default-bindings.xml at every minor version update of plugins.
However, the above is major update.
I know I can change the versions myself if I want.
My Question is why default versions that affect most of the maven users are clearly old.
The thing is you should always pin all your plugin (and I mean all plugins) inside your build which means define the version of all plugins via <pluginManagement>..</pluginManagmenet> this is best practice and you should never rely on those in Maven Core.
Furthermore there is work done in the background to decouple the artifact handlers (plugin binding) from Maven Core and move it to the plugins1, 2 and 3 and so on (which is done in very small steps and will take a long time).
Related
Maven by default uses these versions of plugins such as clean, compile, jar etc. if I don't override them in my pom.xml.
Should I be using more recent version of these plugins? For example, the current version of maven-compiler-plugin is 3.6.1 while the default is 2.5.1. Or, are the default versions reasonable enough that anyone not consciously depending on newer features need worry?
The maven way is "convention over configuration", so if you're wondering about not using the default parameters when running a maven build, you should have a specific use case that is not covered by the default version.
Here for example, (according to here) the install plugin is still at version 2.5.2, so that would point to me that using 2.5.1 is not such a bad choice by default.
I think the biggest difference comparing version (I might be wrong) is the upgrading of compatible version as for example this pseudo release note of the maven compiler.
I have an Eclipse 4 project that is built using Tycho (0.19.0) and Maven (3.0-5)
During development of a version, say 1.0.0, the artifacts are configured with version 1.0.0-SNAPSHOT, and 1.0.0.qualifier depending on the files. When I want to release the version, I use the tycho-versions:set-version goal to change from 1.0.0-SNAPSHOT to 1.0.0.
I then build and copy the product to a remote share that publishes an update site so that older versions can be upgraded automatically at launch time.
Since I have some beta testers, I use more that one update site. One contains the stable versions, and my beta testers have one more update site to check at startup. The other one is actually an update site for snapshots that I have published, so those are not released versions of the product.
What I am experiencing seems strange: When the 1.0.0 application starts, it finds the previous snapshot (versioned 1.0.0.201312191455), thinks that those artifacts are more recent and updates itself back to an older version.
I'm guessing that Eclipse's version conventions state that x.y.z is older than x.y.z.u. Is that correct?
If so, then why does the tycho versions plugin remove the qualifier when a versions changes from snapshot to "release"? Doing so seems to make the artifacts look older than any of the snapshots. What's the correct way to handle this situation?
The answer was given in the tycho mailing list some time ago:
http://dev.eclipse.org/mhonarc/lists/tycho-user/msg01001.html
The details:
OSGi does not have a notion of "snapshot" versions, all versions are
treated the same and 1.0.0.qualifier is indeed considered to be newer
than 1.0.0.
There are two versioning schemes that result is reasonable behaviour
both for OSGi and Maven.
Use the same four part version (eg., 1.0.0.20111112-0735) for both Maven
and OSGi. This results in slightly odd version jump when going from
snapshots to releases on the maven side, i.e. 1.0.0-SNAPSHOT goes to
1.0.0.20111112-0735, but everything works otherwise.
Use even/odd convention to version snapshots and releases, i.e.
1.0.1-SNAPSHOT/1.0.1.qualifier is released as 1.0.2/1.0.2.
I think it is also possible to decouple maven and osgi versions of
released artifacts, i.e. use 1.0.0 for maven and 1.0.0.20111112-0735 for
OSGi, but personally I find this confusing and would not recommend. And
I am not sure if Tycho will allow this in the future.
--
Regards,
Igor
I use maven version range for the dependencies in my parent pom.It works fine when I do a build on snapshot or a release.
But how should I need to proceed when I want to use the specific version of dependencies in a branch ?
For example: when I use version range such as (1.2.0,) it will always fetch the latest jar from the nexus repository. The latest would be like 1.2.5 as of when I do a release, since the dependencies are getting changed over and over.Now the latest version of my dependencies is 1.2.8-SNAPSHOT
In branch when I want 1.2.5 version for my dependencies, it is always looking for the latest one which is 1.2.5+
How to resolve this, while searching for similar questions I found that it could be resolved using maven-version-plugin. That requires a changes in the pom to add the plugin. But is there a solution without changing the pom and getting exact version for a dependency?
Any suggestions?
There is no solution without changing the pom at this point, if I understand the scenario correctly: In the release of a prior version of your product, the version of one (or more) of its dependencies was not fixated to the version available at the time. Now, in support of that previous release, the build has a different result than at the time of release.
There is no suggestion except to change the branch's pom to use the 'back' version available at the time of the release. Consider it a short term fix to a bug in the release process.
In a variety of places online I have seen it discussed that for a maven build to be reproducible it is important to explicitly specify the version numbers of all the plugins used so that a newer plugin does not break the build. The recommend approach seemed to be to use the enforcer plugin. Below is a copy and pasted settings I found online.
<execution>
<id>enforce-plugin-versions</id>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<requirePluginVersions>
<message>Best Practice is to always define plugin versions!</message>
<banLatest>true</banLatest>
<banRelease>true</banRelease>
<banSnapshots>true</banSnapshots>
<phases>clean,deploy,site</phases>
<additionalPlugins>
<additionalPlugin>org.apache.maven.plugins:maven-eclipse-plugin</additionalPlugin>
<additionalPlugin>org.apache.maven.plugins:maven-reactor-plugin</additionalPlugin>
</additionalPlugins>
<unCheckedPluginList>org.apache.maven.plugins:maven-enforcer-plugin,org.apache.maven.plugins:maven-idea-plugin</unCheckedPluginList>
</requirePluginVersions>
</rules>
</configuration>
</execution>
When I run the pom I get the following error from the enforcer plugin.
[INFO] --- maven-enforcer-plugin:1.1.1:enforce (enforce-plugin-versions) # seedling ---
[WARNING] Rule 0: org.apache.maven.plugins.enforcer.RequirePluginVersions failed with message:
Some plugins are missing valid versions:(LATEST RELEASE SNAPSHOT are not allowed )
org.apache.maven.plugins:maven-clean-plugin. The version currently in use is 2.4.1
org.apache.maven.plugins:maven-deploy-plugin. The version currently in use is 2.7
org.apache.maven.plugins:maven-install-plugin. The version currently in use is 2.3.1
org.apache.maven.plugins:maven-site-plugin. The version currently in use is 3.0
org.apache.maven.plugins:maven-reactor-plugin. The version currently in use is 1.0
org.apache.maven.plugins:maven-eclipse-plugin. The version currently in use is 2.9
Best Practice is to always define plugin versions!
It seems to me that some plugins are such as maven-clean-plugin,maven-install-plugin,maven-reactor-plugin are a core central part of maven, and i should have the versions of these "core" plugins tied to the version of maven that I am using.
My questions:
Are plugin versions on the same release cycle as a maven itself?
Is there a group of core maven plugins that comprise a maven release? If yes, how to get a list of such plugins for a maven release?
When I see a maven release such as 3.0.4 is that version inclusive of some core plugins, or will it always get the latest plugins such as reactor that were released after maven 3.0.4 were released?
Is there a way to say to maven use plugins that were released at the time that 3.0.4 was released?
How is compatibility between different plugin versions indicated, is there some convention that is universally followed by plugins such as all minor 2.x are all compatible with each other but 3.x is not compatible with 2.x?
Is the practice of specifying plugin version numbers really a best pest practice or just overkill?
Maven binds some plugin to its lifecycle phases, e.g. the maven-compiler-plugin to the compile phase, the maven-install-plugin to the install phase and so on. These are the plugins that you mean by "a core central part of maven". However, these plugins have an individual release cycle. For example, take a look at the maven-deploy-plugin which is bound to maven's deploy lifecycle phase. The latest release (2.7) was in October 2011 whereas the latest Maven release (3.0.4) was in January 2012. Another example is the maven-compiler-plugin whose latest release was in June 2012, half a year after the release of Maven 3.0.4.
To answer your questions in particular:
No, they aren't. Each plugin has its own release cycle. See the examples above.
There are various plugins that are bound to Maven's package-specific lifecycle phases. You can consider these as "core maven plugins". Take a look at the maven book to get a complete list.
If you don't specify the plugin versions in your POM files, maven will use the latest release of each used plugin.
No. If this is a requirement for you, you can find the release dates of the plugins on http://search.maven.org and compare them to the latest release of Maven. But this shouldn't be necessary, if you specify the version of each used plugin in your POM file and maven produces the corrects artifacts for you.
There are no compatibility problems (at least no problems that I know of) between different maven plugins. For different version of the same plugin, you have to try it and see if your specific project works with a new version of a plugin.
If you want reproducible builds, it's a must.
Here the answers to the list of questions:
No
No. Maven itself has a small kernel but there are no plugins in the kernel. All plugins will be downloaded during the run if they needed. In Maven 2 there had been some parts of maven which are released with Maven itself (parts of the site generation) which has been changed with Maven 3.
No a Maven release includes a super pom which contains the definitions of some plugins versions etc. but only via the super pom.
No you can't define the time of a release only via the versions.
The different plugins are maintained by different communities / people and they have different opinions of versions and their relationship to the maven release. Usually the sites of the appropriate plugins will document that if it's documented (for example maven-site-plugin).
Yes it is and works for different Maven releases without any problems.
Old versions of maven-dependency-plugin include a dependency:properties goal. New versions don't seem to include it. Has it been moved to another plugin, or is it simply deprecated with no chance to access its features (namely having a property for each dependency, allowing as an example activation of profile based upon dependencies) ?
The properties-goal is available since version 2.2 (the latest version) of the dependency plugin. Maven 3 uses 2.1 as default, so you have to specify the version of the dependency plugin manually in your pom in the build section.