Good configuration for Archiva? - maven

We have recently decided to use Maven as build system. I'm responsible to migrate all the projects from Ant to Maven. We also decided to use Apache Archiva to configure an internal repository in the company.
I see that Archiva create two repositories by default (internal and snapshots). I also see that it configures the internal repository to proxy the central and java.net repositories.
Are there some best practices regarding Archiva configuration?
In the Archiva documentation, there is a possibility to configure Maven to use only the internal repository and then access the remote repository through the internal repository. What do you think about this option?
Thanks for your help

A Maven repository manager is essential to support Enterprise Maven development. The Maven installer is merely a bootstrap, running Maven for the first time downloads everything it needs from the Maven Central repository in order to compile your project.
The benefits of using a Maven repository aree documented elsewhere but I'll summarize:
Efficiency. Repository acts as a cache for Maven Central artifacts
Resilience. Repository protects against remote repository failures or lack of internet connection
Repeatability. Storing common artifacts centrally, avoids shared build failures caused by developers maintaining their own local repositories.
Audit. If all 3rd party libraries used by development come from a single entry point in the build process one can assess how often they're used (based on download log files) and what kinds of licensing conditions apply.
To that end I'd encourage you to use the following Archiva features:
Locking down to only use Archiva. Configure Maven clients download everything from Archiva.
Virtual repositories for each team. Configure all the remote repositories used by teams centrally in Archiva instead of leaving the details to the teams themselves.
PS
I use Nexus for my Maven repository management, but the same concepts apply.

Related

Should every application group have their own artifactory release/snapshot repo?

I want to setup Artifactory for a large company and I have a question:
Should every application group have their own set of snapshot and release repos so module collisions don't occur?
The best practice for setting up maven repositories in large companies is to have a SNAPSHOT and a RELEASE maven repo for a functional domain, group of applications or similar.
Probably you need remote repos for external dependencies that are in Maven Central or in other external repositories, in this case, you need to create a remote repo to access these dependencies.
Also, you can have a virtual repo to group all of these local and remote repositories.
For, example:
You have a banking website for personals finances with these maven repos:
SNAPSHOT maven repo: personal-finance-local-SNAPSHOT
RELEASE maven repo: personal-finance-local-RELEASE
You have a banking website for enterprise finances with these maven repos:
SNAPSHOT maven repo: enterprise-finance-local-SNAPSHOT
RELEASE even repo: enterprise-finance-local-RELEASE
If you have external dependencies in Maven Central, you can create two remote maven repos: remote-SNAPSHOT and remote-RELEASE
Finally, create a virtual maven repo in Artifactory to group all maven repos that you want, for example, all of this example. You can have the repo virtual-maven-SNAPSHOT and the virtual-maven-RELEASE where you can have all the SNAPSHOTs or all the RELEASEs dependencies.
If you don't want to have a virtual repo for SNAPSHOTs and another for release versions you can have an unique virtual repo like: virtual-maven
If the company is really that big,(beside the thing you mentioned) it has probably internal release procedures. Like, to be able to release a product even internally some quality assurance protocols must be fullfiled.
In this case, different groups should not able to access other groups repositories without this qa protocols being fullied.
Private repositories for each software group is way to go in this case. And if a group's products can be used internally, It should have another repo for internal releases where others can access.

Publishing licensed artifact to Maven Central Repository

I need to push our project API's (bundled jar) to Maven Central Repository. As Part of that,i have gone through this link . However, am quite confused whether our project is eligible to publish in maven central repo,
Our API is not open source. it need to distribute only to client who purchase from us. is Maven provides any restrictions to download jar only for specific user who has some key etc?
POM.xml is requesting for licensing information. ours is not open source, if we allowed to publish, what should be licensing content in pom.xml?
Why we have to give our repo information in pom.xml? we are using bitbucket and hence providing the repo url is not accessible for others. can we have dummy repo or it is mandatory?
Please help me out guys.
Everything you publish to maven central will be available to everyone in the world.
For your use case, you can consider hosting your own maven repository.
Check sonatype nexus, artifactory, archiva...
With your own repo, you can configure a password in your server. Then your clients will need to configure your server in their pom.xml or settings.xml to download your artifacts.

Jars in Maven Central needs to go into Nexus OSS?

I need to set up my own maven repository, since some open sourced libraries are not in Maven Central. I want to use Nexus OSS, and then I can upload the libraries I need to Nexus OSS.
My question is, do I also need to upload those libraries that are originally in Maven Central and I can directly use in POM to Nexus OSS?
Nexus is a proxy for global repositories. You can define in Nexus configuration what repositories are you going to use. You do not need to upload libraries that are accessible from configured global repositories.
You can also host your own repository for your local libraries. Everything is configurable.
When you configure your Nexus you need to just connect to it trough maven config and all actions are done behind the scene. Don't worry about it.
All libraries that are needed to compile your project, firstly are downloaded to your Nexus and then from Nexus to your local repo.
For example this is the easiest way to configure Nexus with your maven:
Nexus - maven - Configuration
Not at all: In your local $userprofile/.m2/settings.xml file (as well as in every pom.xml, altough is not a good practice) you can define as many repositories as you want. And so, you will be able to reference artifacts published to different repositories.

Can Sonatype Nexus use maven's local repository

I now have a PC working as a Sonatype Nexus server and a development environment. I know Nexus stores artifacts for proxy type repository in SonatypRoot\sonatype-work\nexus\storage, and Maven will use a local repository to store artifacts (default directory is C:\USERS\USER_NAME\.m2\repository).
So the question comes when I'm using Maven with Nexus running on the same machine, because i have two copies of every artifact which is big waste of storage.
In Nexus's configuration tab for proxy type repository, there is an option named Override Local Storage Location.
My question is can I set this to my Maven's local repository?
That's a bad idea. One common purpose of nexus to publish artifact internally within your organisation. Typically this is done using mvn deploy. On the other hand your maven local repository serves purpose as a cache to avoid downloading stuff that has been obtained before. If you mix them together you might be accidentally publishing artifacts to your organisation while you just want to test locally in your PC.

Reusing Artifactory's maven repo

I'm trying to figure out if its possible to reuse Artifactory's maven repo on the local machine where the Artifactory server is running. The following details what I am trying to do.
I have a server where Artifactory runs and I'm planning on setting up Jenkins on the same server. If possible, I would like to have only one maven repository on the server. Since Artifactory already runs there, I would expect it is maintaining some kind of a maven repository (I looked around for it but couldn't find it).
Currently, when Jenkins uses Maven to build a maven project, it downloads the dependent jars into a local maven repo (a .m2 folder) on the server. Instead of this, would it be possible to point the settings.xml that maven is using to some local folder under Artifactory where artifactory stores all the jars? Basically, I would like maven to think that all the jars are already available in a local repo (which artifactory is maintaining) and so it wouldnt have to download all the jars from artifactory.
If maven and artifactory can share the same repo folder, this would be possible. But if Artifactory uses its own strucuture to maintain the maven repository (something other than the structure maven follows with its .m2 folder) this would not be possible.
I should state that I have very minimal knowledge of Artifactory, other than the fact that it is a maven repository manager.
Answering my own question here, as more research suggests that this is not possible. I found another question here on SO that states:
Artifactory uses Java Content Repository (JCR) standard to store artifacts. It is an abstraction above various storage implementations, which include filesystem, relational databases, etc. In any case, JCR manages the store by checksums (to reduce size and bandwith), so the repository is not directly browesable in the filesystem. The default implementation is storing the binaries on the filesystem (inside $ARTIFACTORY_HOME/data/filestore and the metadata in Derby DB.
How Artifactory manages repos
A blog post by the Nexus guys also suggests that this is not possible.
Contrasting Nexus and Artifactory -> Contrast #2

Resources