I have a stable opensource library and was wondering how (and if) I can publish my lib to maven official repositories so people can include it in their pom.xml files and get the dependency downloaded automatically.
The process to get your library in the central repostiory is documented in the Guide to uploading artifacts to the Central Repository. In short, the new process is to get your project hosted by one of the approved Forges that will be synced with central, the Maven folks don't rsync personal repository anymore. In your case, your best bet would be to use the Sonatype Forge (open to any OSS Project). Check the given link (and also this document).
If you want reliable access for everyone out there, you need to stick with central. Due to the tendency of people at dev.java.net to break rules about the immutability of released artifacts, some people don't trust it. Further, it can be Very Slow.
To get your project into central, you need have your code in some public repo that they can sync from.
Central repository
A bit less bureaucratic dev.java.net Maven2 repository - allows completely automatic deployment.
Related
I am setting up an ant build system on a project with dependency resolution being managed by ivy. I have it up and running with the file system being used for the local and shared repository currently. My ultimate goal would be that when developers are fixing bugs or creating new functionality, they would only be able to put artifacts into their local repository. When they belive their code is ready to be used by the rest of the team, it would be promoted to the proper branch in SVN and the group in charge of doing official builds would compile and publish the new artifacts.
So I guess my questions are how can you control who can publish to a repository? Does ivy just rely on filesystem permissions?
Also, I would eventually like to make my shared repository available via http. I think I could point apache to the file system repository directories for retrieving artifacts, but how do you setup publishing to an http repository?
I would suggest that you setup a repository manager to manage your project's build artifacts.
The best choices are one of the following:
nexus
artifactory
archiva
Publishing to a Maven repository means that your artifacts can be consumed by projects using other build technologies. All modern build systems support Maven (Including ivy, see the ibiblio resolver).
You could specify three resolvers in your ivy settings file. First would be a chain resolver which include remote and local ivy repositories. Second would be a local resolver for local ivy repository. Third a resolver to remote ivy repository only.
Every developer retrieves artifacts using first chain resolver.
Usual developer publish artifacts using second local resolver.
Your special team could use third remote resolver to publish in remoter ivy repository.
To protect remote repository from usual developers place it on (S)FTP server with write protection by password.
The only problem in this case is how to set versions on artifacts so that artifacts published in remote repository in some cases override locally published in some not.
Our team used such scheme few years ago. But now we use only local ivy repositories and CI server to build and run tests from various branches. We came up to this after switching to git.
for existing ivy repo easy to setup this: rest-ivy
Is there any free online private maven2 or maven3 repository? So that team can access the repository from various region.
If you use github, you could use a private github project as your maven repository. There are instruction on how to publish your maven artifacts to github here: https://stackoverflow.com/a/14013645/82156
we can use dropbox for online maven repository. But it is not completely private. you can use it if it gives you enough privacy.
This is the instruction to create free maven online maven repository on dropbox
Create an account on dropbox
Download and install dropbox client
After you install dropbox client, A folder called "Dropbox" will create in Users folder. There is a public folder in it. Create a sub folder in public folder and copy the url of that sub folder(ex: C:\Users\Lakshman\Dropbox\Public\repository)
Execute the following command to deploy the project artifacts to this path
mvn deploy -DskipTests=true -DaltDeploymentRepository=dropbox::default::file:///C:/Users/Lakshman/Dropbox/Public/repository
you can use this in your pom file to the above task
<distributionManagement>
<repository>
<id>dropbox.repo</id>
<url>file:///C:/Users/Lakshman/Dropbox/Public/repository</url>
</repository>
</distributionManagement>
if you have sync your local folder with dropbox it will automatically upload artifacts to online repository. you can get the link by login to Dropbox and go to public folder and click copy public link.
This solution got from here and referenced this also.
I just found a free repo for personal projects. Might not be suitable for team work and/or professional use though. Note that it seems to be from Russia. I am not connected in any kind to that project so I have no idea about the privacy of the data posted there. But it seems to work ok.
https://mymavenrepo.com
I have not tried but there is also
https://bintray.com/
This one might have a better reputation :)
We use https://repsy.io in one of our project. It's straight simple and convenient with 1GB free limit.
Update: GitHub launches the Package feature in Beta which supports the Maven: https://github.com/features/package-registry
Update: the Deveo has been acquired by Perforce, see this link
As of September 12, Deveo is now Helix TeamHub. The new name and branding represent our new, integrated solution from Deveo and Perforce.
Helix TeamHub can be hosted in our cloud or on your own servers with Helix TeamHub Enterprise, powered by Helix4Git.
Have you tried Deveo, I am using this cloud service and has 1G storage for free. You can deploy the Maven repository on it.
New features in Deveo 3.17
Pull requests between repositories
Maven and Ivy repositories
Deadlines for issues
Emojis
I recently wrote a lightweight Google App-Engine application to host my private repositories, backed by Google Cloud Storage (which is multi-regional per default):
https://github.com/renaudcerrato/appengine-maven-repository
Thanks to Google App-Engine free quotas, and depending on the scale needed, you won't have to pay anything.
For this purpose you could use a SVN repository. Some of them are available for private usage for free. Take a look on Maven: Commit single artifact to svn repository
My customer needs a more organized inventory of all 3rd-party libraries (such as JAR files) that are used in production for their projects. I am involved with a number of their Java-based projects. Their inventory has not been consistently maintained in the past and the time has come to account for all the libraries that are currently being used (there are quite a few!) and to enforce a structured process for introducing new libraries into the build environment.
I have tried pitching the idea of using Maven and Artifactory in their build process to leverage those tools' ability to manage a repository of binary libraries and handle transitive library dependencies. The customer is resistent to the suggestion because they think it will create more work for them to maintain an Artifactory server and learn the basics of Maven.
Currently, their Java projects are all built using Ant scripts. Transitive dependencies are largely managed by trial-and-error. The inventory of libraries currently in use is maintained by hand and the binaries are stored in a Subversion repository. The customer recognizes that this needs to be improved, but the current suggestions for improvement involve more ad-hoc "manage it by hand" approaches.
I want to convince the customer that a combination of Maven and Artifactory is a viable off-the-shelf solution for their Java library management needs. Can anyone direct me to literature/materials that I can use to create a presentation for my customer on the features and strengths of Maven and Artifactory?
Any other arguments/suggestions/etc that would assist me in this would also be appreciated.
I want to convince the customer that a combination of Maven and Artifactory is a viable off-the-shelf solution for their Java library management needs.
As pointed out in a comment, your customer doesn't necessarily need to fully adopt Maven to benefit from dependency management, you could adapt the existing ant scripts to use the Maven Ant tasks or Ivy. This might be less scary and already remove some pain.
Regarding the way Maven manages dependencies, I would simply explain that:
An artifact is identified by coordinates (groupId, artifactId, version).
This allows to store store them using a standardized directory structure (a repository)
A dependency is more that a JAR: it's a JAR with a POM which enables things like transitive dependencies resolution.
And the benefits of such a dependency management solution are:
no mess with dependencies, they are uniquely identified (no more "what version is that?" syndrom)
no more binary data in the VCS (faster checkout, less space)
easier reuse of artifacts between projects (no more jars sent by email)
easier management with transitive dependency resolution
And because you don't want to rely on public repositories, because you need to store your own artifacts, you need an enterprise repository. My personal choice would be Nexus:
because it's file based (unlike Artifactory, and I don't want to put my artifacts in a database)
because it's simple to install/use
because it's easy to administrate
Here are some resources about Nexus (sorry, I just don't use Artifactory):
Should we use Nexus or Artifactory for a Maven Repo?
Ning’s Migration from Artifactory to Nexus Professional
From Apache Archiva to Sonatype Nexus
And just in case, here are some presentation material about Maven:
Several presentations by Arnaud Héritier.
Maven 2.x by Jason van Zyl.
Maven 2.0 - Improve your build patterns by Vincent Massol.
3.5. Core Concepts in the Maven Definitive Guide
I have open-sourced some of my projects. I'd like to publish the artifacts in a common place. If I don't have to host my own repository, that would be ideal, otherwise I will have to setup my own instance of Nexus (or other repository that you recommend).
Can I publish artifacts to Maven Central? What process do I need to follow to get them there?
Yes you can, especially if it is an open source project. Here is some info:
http://central.sonatype.org/pages/ossrh-guide.html
I have some proprietary.jar that I need to include in my project, but I don't wish to install it to the local repository.
What I did initially was to put the jar into version control in my project's lib/ folder, and then specify the Maven dependency as:
<!-- LOCAL DEPENDENCY -->
<dependency>
<groupId>topsecret</groupId>
<artifactId>proprietary</artifactId>
<version>0.0.1</version>
<scope>system</scope>
<systemPath>${basedir}/lib/java/proprietary.jar</systemPath>
</dependency>
However, this becomes a big problem when my project becomes someone else's dependency. Maven will not be able to validate this POM because the path is not absolute.
What is the best way to overcome this problem?
I think the first question that needs to be answered is, why don't you want to install it in the local repository?
Maven follows a convention over configuration philosophy, so the more you fight "The Maven Way" the harder things are going to be for you. Unless you have a compelling reason for not installing the jar to the repository, that seems like the best solution to me.
If you are concerned about unauthorized users gaining access to the proprietary jar, there are alternative solutions such as using a repository manager like Nexus or Archiva.
I described in a previous answer how you can setup a file based repository and avoid the evil system scope when you can't use a corporate repository. Check it out.
For third party artefacts, it's cleanest and least pain free to create a separate repository dedicated to 3rd party artefacts. This makes it easy for anyone else in your team to build your project.
For example, I'm using Nexus (community editoin) to manage maven artefacts. When someone has a dependency on a 3rd party lib not in maven central, we add it to the third party repo. This allows everyone else to build without having to manually find and download the artefact.
Nexus supports various authentication strategies, including LDAP, so can guard sensitive artefacts from unauthorized use. Since moving to a repository manager, managing artefacts, particularly 3rd party artefacts has become a whole lot easier.
See
Repository management with Nexus
PS: Another plus with Nexus is that you can create a "virtual" repository that is the composition of several repositories "flattened" into one. This puts an end to adding repositories to settings.xml or putting repositories in the project pom. You can dd your own repository, your 3rd party repository, and other popular repositories (central, apache, codehaus, jboss etc...) and set nexus up as a mirror. All requests then go through Nexus, speeding up the build and easing repository configuration.