I am currently working on a project that require a fair amount of libraries. I have also install some libraries into the local repository. The next question is how should I write my pom.xml to tell which one should pull from the Internet and which should pull from the local system?
You don't. All repositories are equal in the eyes of maven. You write ordinary <dependency/> elements in your pom, and they work the same either way. Maven will always search the local repository with no special <repository/> elements.
You might find it more convenient in the long term to install a repository manager to share local deployments (Atifactory, Nexus, etc), than to be running install:install-file all the time.
Related
Are https://mvnrepository.com/repos/central and http://central.maven.org/maven2/ the same maven repository (called Maven Central)?
Also there is https://repo.maven.apache.org/maven2/ which also calles itself a Central Repository.
I use mvnrepository.com as I find it more convenient, but many referencies to Maven Central in Internet lead to http://central.maven.org
Besides both sites above are for Maven2, right?
What are the analogues for Maven3?
Besides is Maven3 widely used?
As far as I know, mvnrepository is just a search site that is not maintained by the maven people directly. It's a search site as I see it. It has been around for a while. Since it contains multiple repository source to search in and lets you select which one you work with its pretty transparent and I don't see any harm there.
If you execute mvn help:effective-settings you should be able to determine what repositories are used, in case some changes where made. The current central default in maven seems to be https://repo.maven.apache.org/maven2/ - the official search interface being https://search.maven.org/
You can also look into the maven sources of the pom what config you running on.
The /maven2/ part in the Uri only means what repository format is used within. This has not changed for maven 3 (it was different for maven 1). So it's the correct and current one today, there is no maven 3 repository format. Everything new could be added to the maven 2 format (for example some search index files or checksum files).
Observation:
I was testing how Maven retrieves artifacts when building artifacts using mvn package (or) mvn install command. I noticed that Maven was connecting to the Internet to get the dependencies every single time. There was not much time gap (maybe around 1 or 2 minutes) between successive runs as well.
Question:
Therefore, if Maven connects to Internet (or the repository provided in my settings.xml) every time by default, why do they have a separate attribute that can force update (The -U attribute which is used like this: mvn install -U of a snapshot from the repo? What is the factor that governs/decides between connecting to an external repo or using local repo for retrieving dependencies?
Reference:
(Please refer http://www.sonatype.com/node/158?file=books/maven-definitive-guide.pdf Page 93 to know more about this attribute). The reference just explains about the attribute but the governing principle behind it is not explained.
I find -U/--update-snapshots to be a helpful hint at best, and seems to be different in Maven2 vs. Maven3.
Even with release artifacts, maven3 sometimes requires it to update the artifacts on both specific versions and version ranges. Other times, my local repository gets updated correctly. Go figure.
Do you know what artifacts Maven is checking/receiving when not specifying -U? I think, but have not confirmed, that Maven is checking/downloading plugins, which may have different rules than the dependencies in your POM.
The only way to truly convince Maven to not check outside the local repo is to use -O/--offline and then it'll use whatever you have.
I've been using maven since a year for managing my projects' dependencies, but I recently came to know that there is a concept of Maven Repository Manager.
I would like to ask What is a Maven Repository Manager and what is the purpose of using maven repository manager.
A "Maven Repository Manager" is basically a server that stores copies of all of your libraries so that they can be downloaded when a project is built. When you use Maven, you are using a repository manager already called "Maven Central." See here: https://maven.apache.org/repository-management.html
When you are working with a large project or corporation, they may host an alternative to Maven Central, like Sonatype Nexus. There are two reasons why they do.
First, a big corporation might have libraries that are intended only for internal use that are used across a large number of projects. For example, if you worked at Amazon, you might have libraries for completing credit card transactions. That shouldn't necessarily be shared with the rest of the world, so you don't want to put it in Central; you need to put it someplace private.
Second, it reduces bandwidth. If every developer at Amazon only used Maven Central, then that would be lots of network traffic. A repository acts as a "proxy" to Central. It searches internally for a library, and then if it doesn't find it, it downloads it from Central and then saves it for the next time someone asks for it.
To solve problems like:
how do you get your binary to your server in the first place?
which version do you want?
when you deploy a new version how do you revert to an old version?
which employees can access which binaries?
And so forth.
I have a project contains two sub projects:
A. a common library for external api
B. a program depends on above library
They are inside same directory. How I made B refer to A with maven?
Normally you will always share through a maven repository. That is mavens way to ensure a consistent and correct solution and a solution shareable by all developers.
You should search for a public maven repository with project A (e.g. http://search.maven.org or http://mvnrepository.com) and include in your pom
If it does not exist in public (is proprietary in someway or other), consider using an enterprise-wide maven repository such as nexus or artifactory to push to repositories.
Finally, some developers resort to either installing a mvn-local file if you are ever only going to work on an explicit workstation.
If you still prefer a filebased acces, it is possible to define a maven file repository and reference it in your pom. E.g. Heroku use this for bundling extra dependencies into their system.
Declare A as dependency in B's pom.xml. Make sure A has valid pom.xml and is deployed to your repository (local/nexus). We do that all the time. Take care to assign SNAPSHOT version if you always want latest to be pulled from repository.
I searched a lot in apache documentation and ibiblio.org and I could not find a decent straight answer.
My questions:
When I download a jar using maven dependency (setup in pom), how can I be sure that the file does not change on the remote repository? for example, if I'm using log4j version 1.2.3, downloaded from ibiblio.org (or any other repo for that matter), how can I be sure I'm getting the exact same jar each time?
Does maven delete jars from the local repository? let's assume I'm not clearing the repository at all, will it fill up eventually? or does maven have some kind of mechanism to clear old jars?
In Maven conventions a released version like log4j 1.2.3 will never be changed. It will be left in your locale repository until you manually delete it. It can't be changed by anyone except for the admins on maven central, but i suppose they don't do such a stupid thing.
Furthermore the download by default is done from maven central (repo1.maven.org/maven2 instead of ibiblio).
One of the "tricks" in Maven is download an artifact (released) only once...that improved your build performance in contradiction to the SNAPSHOT dependencies.
You could configure your own repository, and point all your project poms at that. It's easy to configure your poms to use a different (private) repository, but I've never set one up myself. Doesn't seem too hard, other than managing it to keep all the needed artifacts available.