What kind of files belongs in a maven repo? - maven

I have made a decent effort trying to google this but can't seem to find some good guidelines for this.
I suspect *.jar and *.pom are obvious candidates but there might be others.
As one should not just use a maven repo as a file server I guess there are files that should likely never go there (like *.java).
Is there er definitive guide or at least a best practice someone could refer to?
And what about "fat jars" *.ear and *.war.... do they belong in a maven repo? I'm leaning towards no, but maybe my understanding of what a maven repo should provide is just limited.

Technically a Maven repo can have a jar or a war or esb(jboss archive) or any other file type. Think of your local .m2 or a Nexus repository that can have any file type that is an outcome of a build. But for dependency purposes it is almost always the JAR files that are in the repo you would need. HTH

Related

Unable to browse artifacts on Nexus Repository ManagerOSS 3.3.0-01

I have created a maven plugin, this is dependent on a series of JARS. i have uploaded these JARs and poms to the relevant location on the server under nexus-data/blobs/maven-thirdparty/{group-id}.
when i run a task to "Rebuild Maven repository metadata" and "Rebuild repository index" these files does not appear when i try and browse the files http://{nexus-server}:port/#browse/browse/assets.
How can i have nexus server recognize the files in the repository?
i will look to that in future. I posted this same question to Sonatype forum and they assisted me with a utility that assists with this and it worked perfectly.
https://github.com/simpligility/maven-repository-tools/tree/master/maven-repository-provisioner
Thanks to Peter Lynch - https://support.sonatype.com/hc/en-us/articles/236210187-How-do-I-export-import-a-Maven-2-format-repository-over-HTTP-
What you are trying to do will not work, although it did in Nexus Repo 2. There currently is no mechanism for adding jars in to the blobstore in this way. We've intentionally added the blobstore and all that goes along with it so that we can do more fun things with searching, metadata, etc... that were much more difficult with a system that just has files on a path. What I might suggest instead is using something like this:
Nexus Exchange - Nexus Repository Import Scripts
GitHub Repo for Scripts
That should help you get the JARs into Nexus Repository 3, into a repo of your choice. I maintain that repo, so if you run into issues, create an issue and I'll see what I can do to help you out! ~Sonatype Community Nerd

Should I backup maven/ivy dependencies?

In a project with an online dependency management done by ivy/maven, is it good practice to back-up the artifacts e.g. by including them in the projects source code / version control (e.g. svn, git) or is it (safe) enough to so so with pom.xml / ivy.xml? Of course, having the artifacts not backed up somehow makes the project totaly depend on the availability of the maven repo.
EDIT:
The reason for my question is that I fear that certain artifacts are no longer available on the official maven repository, or even that the repository itself is down. In such a case, having the libs under version control gives the security to be able to build the project in such a case.
My advice is not to backup the artifacts . if the artifact is not available , then you should consider it to change with replacement however I see very rare possibility of this to happen . Any way , you can always get old artifact JAR from your previous build for the scenario when we do't have any option and you have to use old artifact So i will not suggest to keep separate backup .
thanks ..

Determine Maven provided dependencies

I've inherited a few maven projects which have added a /dependencies directory to capture Java jar libraries that aren't part of the project war and must be installed by a DevOps into a Tomcat installation.
The libraries in this directory seem to fall into four categories:
"provided" scope libraries,
downstream dependencies of those provided libraries, and
discoverable implementations of api jars
"mystery" libraries, i.e., not available in an external repository, and maybe unsure where they ever came from.
Is there a strategy to get Maven to help manage these dependencies and perhaps fetch them for external install?
There are probably several strategies to choose from.
Number one: leave it as it is. If it works and the build is reproducible (on different environments) that seems one valid solution.
The "mystery" part of the build might not be more of an issue for new people working with it.
I think it is valid to create an own maven module to be delivered to the infrastructure team. This module can contain the jars in the /dependencies folder.
What you would need to do is create a pom.xml and add all dependencies currently in that directory (of course not the transitive ones). The magic ones would need to go in a repository proxy (nexus, artifactory, ...). If you don't have a maven repository yet: you want one! (its easy to setup and it does help a lot!)
I would then use the assembly plugin or some ant task to build the zip do be delivered. So the infrastructure team is able to just unzip / copy the files where they need to be. This step can then even be scripted (so the upload / unzip is done through SSH or something like that).
This is probably only one way to do it. I would assume to resolve the jar's in the /dependencies directory may be a bit of a pain.
The advantage is obviously that you document and simplify the management of those libraries. I would also assume if you update some of them it is easier across branches to merge since there are no binary files around. So it may be worth the effort.

Multiple Maven modules with dependency on a JAR

In my multi-module Maven project, suppose I have two modules, car and horse. They both depend on a JAR file, transport.jar, a file not available in any online Maven repositories. As such, I need to find a way to make these modules depend on a file found somewhere in the project folder structure.
From what I understand, the default Maven solution would be to manually register the JAR file in the local repository. While this would work on a development machine, it breaks on the build server, which clears its local repository before each build.
I've been searching online on how to do this on and off for a while and found some helpful things, but nothing that completely works.
For instance, a common answer is to add a dependency to the file using <scope>system</scope>. However, not only do others claim that it's extremely bad practice to do so, it also doesn't work on the build server. (On a side note, I would also like to point out that using absolute paths to the JAR is also out of the question due to, again, it being built on several different machines.)
A more useful method I found was to define a local repository in the POM file, pointing towards the path file:${project.basedir}/lib. (Such as in this article) Unfortunately, if I place the JAR and repository definition in the car POM, I cannot successfully add a dependency to the JAR in horse. I've tried both with and without an additional reference to car in horse, as well as defining a second repository in horse, pointing to file:${project.basedir}/../car/lib. This problem would also remain if I tried to make a third module, transport-lib, specifically for wrapping the JAR dependency.
I could most likely add the JAR file to both modules and define two separate module-local repositories, but I really don't want to unless I have to due to the need to keep the two (often updated) JARs in sync etc.
So, my question is as follows: Can someone give me a confirmed-to-work method to have two modules depend on the same JAR file inside the project, given the parameters and restrictions mentioned?
Best solution is to use a repository manager like Archiva, Artifactory or Nexus and install that artifact into the repository manager. Afterwards you can use this artifact directly in your pom files without any issue.
Don't use the scope system, cause it will cause other problem after a release for other etc.

Maven and ibiblio

I searched a lot in apache documentation and ibiblio.org and I could not find a decent straight answer.
My questions:
When I download a jar using maven dependency (setup in pom), how can I be sure that the file does not change on the remote repository? for example, if I'm using log4j version 1.2.3, downloaded from ibiblio.org (or any other repo for that matter), how can I be sure I'm getting the exact same jar each time?
Does maven delete jars from the local repository? let's assume I'm not clearing the repository at all, will it fill up eventually? or does maven have some kind of mechanism to clear old jars?
In Maven conventions a released version like log4j 1.2.3 will never be changed. It will be left in your locale repository until you manually delete it. It can't be changed by anyone except for the admins on maven central, but i suppose they don't do such a stupid thing.
Furthermore the download by default is done from maven central (repo1.maven.org/maven2 instead of ibiblio).
One of the "tricks" in Maven is download an artifact (released) only once...that improved your build performance in contradiction to the SNAPSHOT dependencies.
You could configure your own repository, and point all your project poms at that. It's easy to configure your poms to use a different (private) repository, but I've never set one up myself. Doesn't seem too hard, other than managing it to keep all the needed artifacts available.

Resources