How to change updatePolicy for my local Maven repository? - maven

I know how to do it for an external repository but not for my local repository, since I don't have a <repository> for my local repository in my settings.xml.
I use snapshot versions for my sub-projects, so when I re-build the parent project I want maven to get all the sub-projects snapshot versions from my local repository not only once a day (which seems to be what happens by default) but always.

If I'm understanding your comment, I think #FrVaBe may have the correct answer. When you change code for a child project on your development machine, it's up to you to rebuild the snapshot and get it into your local artifact repo (via mvn install) so it's available for the parent project to use.
If, however, you want your parent project build to pull in changes made by your teammates and published to the corporate remote repository more often than once per day, read on.
Here is a summary of how Maven central (and kin), remote repositories (e.g a company instance of Nexus or Artifactory) and your local repository work together. If you always want the latest version of snapshots to download on every build, go into your settings.xml file, find <snapshot> repository containing the snapshot you want, and change the <updatePolicy> value to "always". Personally I rarely do this, I simply add the '-U' option to my mvn command line when I want to ensure I have the latest version of a snapshot from my remote repo.

There is no update policy for the local repository!
The local repository is just a bunch of files. When you install to your local repository your local projects already reference the artifacts directly. There is no update that needs to be performed except that maybe your IDE needs to be refreshed to pickup the newer files.
In this manner you can build local snapshots all day long with no versioning headaches, no updates required and no old artifacts left hanging around afterwards. Nice and clean but not so obvious if you're new to Maven and still getting to grips with all these repositories and their fancy update mechanisms.

I think you missunderstood something. Maven will always take the latest/newest SNAPSHOT from your local respository. But in your project setup (Project Inheritance) you need to build the sub projects on their own if you changed something.
An automatical build of the sub project only happens on a Project Aggregation layout.
The difference is explained in the Project Inheritance vs Project Aggregation section of the documentation.

Related

How to ensure that maven doesn't accidentally deploy to release repoisitory?

So I'm working for a customer that uses mvn deploy statements in his build scripts and I'm trying to figure out a way to prevent maven to accidentally overwrite artifacts in the release repo of Artifactory, for instance if a developer forgets to mark his POM version with -SNAPSHOT on his feature branch.
I'm no maven expert, but I've seen some suggestions, like using certain maven plugins, but these plugins' usage must be configured in the POM and then I'm back where I started, what if this is forgotten on a feature branch? There must be an established method to ensure that no artifacts from feature branches are deployed into the release repo and that no artifacts from release branches are deployed into the snapshot repo by accident.
One way I can think of and that also has been suggested is, to simply disallow redeployment on the release repo in Artifactory, but what if I have a validation build that fires after a PR is created and then another CI build fires and tries to redeploy?
Is there another good way to achieve this?
One solution is to ensure specific users/groups do not have the Delete permission.
See more here: https://www.jfrog.com/confluence/display/JFROG/Permissions#Permissions-RepositoryPermissions.
NOTE: I haven't used Artifactory in a while, but this makes sense according to the docs.

clean up and maintain local maven cached artifact in .m2

I have an .m2 repository on my Jenkins slave which is growing every day, currently it's nearly ~40 GB.
Since I have multiple jobs running and picking dependencies from .m2 I cannot remove everything, but I can see in each repo of .m2 there is an older and useless version of the artefact.
Are there any means of way available in maven so that when a job triggers $mvn install maven will keep the latest version only in the .m2 repo (example versioning x.y.z.w which is incremental) for every repo inside .m2?
If you don't care that external dependencies are pulled in every build, you could use a private Maven repository per job (Maven -> Advanced -> Check 'use private Maven repository') and clean the workspace at the start of your build. The private repository creates a .repository in your workspace, so cleaning your workspace will ensure you start with an empty repository.
Should you have many shared external dependencies, then you may be using even more diskspace, since they are present multiple times in the different repositories. In that case you could write a script that periodically (using a task scheduler like cron) removes unused files from the shared repository, see for example this Stack Overflow answer.
However be cautious with a shared Maven repository! Maven by default is not threadsafe, so concurrent jobs downloading the same artifact might use the incomplete downloads. Consider using the Takari extensions to make your Maven repository thread-safe.
Having been through a similar problem, I came up with a solution and made it open source as it might help others. The application is available on Github and it can clean up old dependencies and retain just the latest.
https://github.com/techpavan/mvn-repo-cleaner
Apart from cleaning old dependencies, it has other features like date based cleanup based on download date / last accessed date, removing snapshots, sources, javadocs, ignoring or enforcing deletion of specific groups or artifacts.
Additionally, this is cross platform and can run on both Windows and Unix / Linux environments.

Maven different local repositories for SNAPSHOTs and RELEASE artifacts

is it possible in Maven to configure different local repositories for SNAPSHOT and RELEASE artifacts?
The reason I am asking, we are using Jenkins for continuous build for our project. To ensure the consistency (if same artifact is built from different Jenkins jobs because of race condition, we can experience chaotic behavior) before build start, we create a fresh local repository for Jenkins.
Now the problem is, our project is huge, so for every build we have to download lots of dependencies from our Nexus but when you think about it, there is no reason to download every time new the RELEASE artifacts. The RELEASE artifacts don't change from build to build, for ex, Spring 4.5, httpclient 4.0, aspectj 1.8.1 is same for one build to another.
So actually to ensure the consistency, we only should not have the SNAPSHOT dependencies in the repository. If we could have two local repositories one for RELEASE artifacts and the other for SNAPSHOT's, then before every build start, we could delete the SNAPSHOT repository but re-use the local RELEASE repository, which would save me gigabytes of download from Nexus.
I know we can do RELEASE, SNAPSHOT configurations for remote repositories, is it possible to do same sort of configuration for local repositories?
If this is not possible, how would you solve this problem.
There is currently no way to achieve this, and yes, I agree with the sentiment.
A reasonably recent versions of Jenkins' Maven plugin allow you to specify a custom local repository without having to edit a settings.xml file — the option is right there at the job definition screen (in the Advanced section, select Use private Maven repository).
So, what I would do is use this option, and precede the Maven build step with a script that deletes all directories, in the local private repository, which end in -SNAPSHOT.
It's repulsive, but I can't think of any other way.

what is the difference maven generating artifacts from cache and updates

I would like to know the difference between generating artifacts from and cache and updates.
Does generating artifacts get from remote repository if it is not available in local repository?
I did not find any relevant posts regarding the same.
I do not know if I understand correctly your question, tell me if I have to delete the answer.
In Maven, there are the remote repositories and the local repository (under .m2 folder the local one).
In the moment you build a project, the dependencies to build that project are downloaded from the remote repositories and saved into the local repository. So the next time you build a project with that dependency there should be no need to download because there is in your local repository.
There are people who say that the cache and the local repository are the same. But for example, if you use Eclipse and if you go into .m2 folder, you can see a .cache folder. There should be a m2e folder. Here Eclipse save indexes to manage the dependencies.

How do I get my local Maven to overwrite an existing artefact that was overwritten in my network repository

I have a Maven repository folder on our network drive, which contains all the artefacts we use.
Everyone in the office uses a standard settings.xml file on their local Maven setup which contains the location of that network drive as a remote repository.
In this way, we keep the network Maven repository folder updated so the local environment on everyone's computers simply downloads from that central repository folder, which avoids re-downloading off the internet for everyone.
We are busy developing a new library, lets say "MyLib 1.0.0". We install it into the central network maven folder repository, and everyone's local Maven projects use that dependency in their project(s). But now, we have not officially released "MyLib 1.0.0", its still a work in progress, so once we make further updates to it, we overwrite the "MyLib 1.0.0" artefact in the central repository.
Problem is, because all our local Maven's have already downloaded the artefact into their local Maven repositories, they wont re-download it. It already exists. I don't want to increase the version of "MyLib" yet because its not an official release, and I also don't want everyone to have to change their dependency version in their pom.xml files. I just want to replace the "MyLib 1.0.0" file and have everyone's local Maven's download and overwrite their local copy automatically. (At the moment everyone has to be told to go and remove the artefact from their local Maven repository manually, as which point it will re-download the latest copy of "MyLib 1.0.0")
What is best practice for the above, or how can I go about achieving this?
Based on your description there are comming two things into my mind.
First:
Stop using a network drive. Better start using a repository manager.
Apart from that a network drive is dammed slow.
Second:
In Maven a release is immutable which means if you have version 1.0 and deploy to your repository it will never being changed anymore. If you need to make a change on that you have to use a different version for example 1.0.1 etc.
You should start using SNAPSHOT's instead of releases if you are developing which is exactly causing the problem:
At the moment everyone has to be told to go and remove the artefact
from their local Maven repository manually, as which point it will
re-download the latest copy of "MyLib 1.0.0"
Which shows you are working against the concepts of Maven.
And third. It sounds like you don't use a continious integration for your builds.

Resources