Well, the problem is that I want maven to check dependency version on build and warn me if there are any newer dependency versions (in fact - notify me if I use an outdated version of some module). My maven module A has the following dependency:
<dependency>
<groupId>com.example.mycompany</groupId>
<artifactId>commons</artifactId>
<version>1.0.3</version>
</dependency>
And com.example.mycompany:commons module in fact can already have 1.0.4 version. Is there any way to check version of the dependency in repo and fail the build if newer version is already available.
I hope that versions-maven-plugin can make it. But I can not find appropriate configuration.
If you are using source control and a continuous integration server (which is a safe assumption) you can:
use the versions plugin and let it modify the pom
then use the scm:check-local-modification or the release plugin as the release plugin IIRC checks for local modifications.
Here is an example checking for the latest parent pom:
mvn versions:update-parent scm:check-local-modification -DallowSnapshots=false -DgenerateBackupPoms=false
This problem can be solved with the maven-enforcer-plugin. You have to create your own custom rule, because non of the standard rules seem to match your needs.
The notion of the rule you are going to implement should be enforce dependencies are up to date. To implement the check you could get some inspiration by the versions-maven-plugin you mention.
Related
I would like to use the jgitver maven plugin to automatic define the version of eclipse plugins, features, repository that are built with tycho in pomless mode.
The version management of this 3 plugins are:
jgitver computes a version depending on git tree and tags, create a logical copy of pom, set the new version and associate the new pom to the current plugin in the maven reactor.
For tycho, version are defined in pom and in manifest.mf or feature.xml files. A version consistency check is performed.
When the pom is not defined, pomless maven generates a temporary pom file named .polyglot.build.properties using versions defined in manifest or feature file.
The input path are defined here and depends on PolyglotModelUtil.
The easier way would be a Jgitver evolution to locally update the feature.xml and manifest.MF. It would be a bad idea because a local file would be modified that is not compliant with the plugin philosophy.
A better way would be a Jgitver evolution to generate temporary feature.xml and manifest.MF files that would have been updated with the computed version. Then tycho and tycho-pomless should be forced to use them.
It seems to be possible if i succeed in setting a new ModelProcessor.LOCATION option
Do you think it's an effective way to solve this compatibility problem?
Do you see an alternative?
Thanks for your help.
You could also use directly the jgitver library to participate into your build environment ; it is a pure java library.
The library is the base of both the maven and gradle plugins.
So lets say you have a common library repo. A release changes library latest version from 1.1 to 1.2.
Now any microservices that use this library need to have their pom.xml files updated manually.
Appreciate any suggestions on how to get around this.
There are couple of options;
On the dependent projects pom.xml execute mvn
versions:use-latest-releases command to automatically upgrade
dependency versions.
If all the projects are inheriting from same parent(and dependency configuration is done through dependency management), you can use mvn versions:set -DnewVersion=xx on the aggregator pom.xml to upgrade versions.
If versioning will happen quite often, Snapshot versions can be used.
I recognized that Maven not always uses the latest version of a plugin.
For example org.codehaus.mojo:sonar-maven-plugin version 2.7 has beed released on 19th of October but on 23th of October, 2.6 was still used by Maven (mvn sonar:sonar).
I even remember some plugins, where the latest version was several minor releases above the version that Maven decided to use.
Is there any (central) index/list/database where Maven looks up what version to use? If yes, where can it be accessed manually?
I know this is an ancient thread but in the interest of posterity and accuracy: all pom.xmls logically inherit from the super POM. You can always see what your "real" pom.xml looks like by typing:
mvn help:effective-pom
The resulting pom.xml that is printed is a combination of the super POM, your pom.xml, and of course any parent POMs in the mix as well.
The super POM is provided by the org.apache.maven.model.superpom.DefaultSuperPomProvider class (https://github.com/apache/maven/blob/bce33aa2662a51d18cb00347cf2fb174dc195fb1/maven-model-builder/src/main/java/org/apache/maven/model/superpom/DefaultSuperPomProvider.java#L56-L85). The resource it loads is org/apache/maven/model/pom-4.0.0.xml (https://github.com/apache/maven/blob/bce33aa2662a51d18cb00347cf2fb174dc195fb1/maven-model-builder/src/main/resources/org/apache/maven/model/pom-4.0.0.xml#L23-L149).
As far as i know, this link will answer your question.
Automatic Plugin Version Resolution
When a plugin was invoked without an explicit version given in the POM
or on the command line, Maven 2.x used to pick the latest version
available where the latest version could either be a release or a
snapshot. For the sake of stability, Maven 3.x prefers the latest
release version over the latest snapshot version.
Given the threat of non-reproducible builds imposed by automatic
plugin version resolution, this feature is scheduled for removal as
far as plugin declarations in the POM are concerned. Users of Maven
3.x will find it output a warning when missing plugin versions are detected to encourage the addition of plugin versions to the POM or
one of its parent POMs. The Enforcer rule requirePluginVersions can be
used additionally check for missing plugin versions in the POM
For command line execution if a version is not specified Maven looks up the latest version from the GA (group ID/artifact ID) maven-metadata.xml file.
Example: http://repo1.maven.org/maven2/org/apache/maven/plugins/maven-clean-plugin/maven-metadata.xml
If you're encoding command line execution of Maven goals into your builds you should specify a version for these, otherwise your builds may change as new versions of plugins are released.
The command mvn -U forcing all project dependencies to get updated from remote repository.
Is it possible to force such update for specific selection of dependencies, by explicit selection / by some logic?
The reasoning:
I don't want to force checking all the dependencies we have because how time consuming it is. All I need, is to verify a few of them or even specify only one dependency. So, such solution is highly desired.
There are two maven plugins that may help you here.
The first, dependency, will simply download the given version of a dependency:
mvn dependency:get -Dartifact=groupId:artifactId:version
The second, versions, offers some behaviors which you may also find helpful.
By running mvn versions:use-latest-releases -Dincludes=groupId:artifactId your project's pom will be updated with the latest release version of the dependency specified by the '-Dincludes' flag. You could then run the first command to download the version now referenced by your pom.
Both of these behaviors can be heavily customized and automated to do some quite awesome things. To get more help on a plugin goal, run: mvn plugin:help -Ddetail=true -Dgoal=goal
Example: mvn versions:help -Ddetail=true -Dgoal=use-latest-releases
For further information:
versions, dependency, and plugins
I'm trying to add "com.google.api-ads" % "adwords-axis" % "1.23.0" as a dependency in build.sbt file in a Play 2.2.1 project. When I do play eclipse for generating the eclipse project file, I get the following error:
[error] (*:update) sbt.ResolveException: unresolved dependency: com.google.http-client#google-http-client-jackson2;RELEASE: not found
Later I found out that adwords-axis depends on ads-lib which has the following dependency (note RELEASE version):
<dependency>
<groupId>com.google.http-client</groupId>
<artifactId>google-http-client-jackson2</artifactId>
<version>RELEASE</version>
</dependency>
I read that the version can be specified as RELEASE in Maven in this answer.
Does SBT not allow specifying the version as RELEASE? If so, is there a workaround to use adwords-axis dependency?
I don't think there is such functionality in SBT and it is probably also not a good idea since the API might change totally between two releases and your project would then download any new version making your build non-repeatable, if you check out an old version from your VCS its not certain that it will compile etc. So it is a pretty bad decision by the project maintainers of the library that uses RELEASE as the version of any dependency.
What you can do though is to figure out what version it would resolve to now, if it really works and then override the transitive dependency with that specific version of google-http-client-jackson2 and depend directly on that.
So for example (not that I'm just randomly guessing that 0.17.0-rc would be a good version):
libraryDependencies := Seq(
"com.google.api-ads" % "adwords-axis" % "1.23.0",
"com.google.http-client" % "google-http-client-jackson2" % "1.17.0-rc"
)