maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "dennis lucero (Jira)" <j...@apache.org>
Subject [jira] [Comment Edited] (MNG-6763) Restrict repositories to specific groupIds
Date Wed, 04 Dec 2019 18:07:00 GMT

    [ https://issues.apache.org/jira/browse/MNG-6763?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16987844#comment-16987844
] 

dennis lucero edited comment on MNG-6763 at 12/4/19 6:06 PM:
-------------------------------------------------------------

Sorry, by missing dependencies I mean dependencies which are built by our Jenkins and cannot
be pulled from central. Jenkins puts those in our releases repo.

Sometimes I try to build a project depending on a library (version) which is not in our releases
repo yet. Without updatePolicy, Maven on my workstation remembers that the dependency is not
available in our releases repo. However, I just have to wait a few minutes for our Jenkins
to finish building the dependency. After that, it is available in our releases repo.

My primary concern is to speed up the build process by telling maven which repo/mirror are
able to provide a dependency, removing hundreds of unneccessary requests. Everything works,
but (as long as we don’t push to central) our releases repository will never provide the
dependencies found in central. Therefore requests to our releases repo should be skipped for
dependencies like Jackson, but currently there’s no way configure Maven this way.

For a better understanding, this is what my ~/.m2/settings.xml looks like:
{code:xml}
<settings>
    <activeProfiles>
        <activeProfile>default</activeProfile>
    </activeProfiles>
    <profiles>
        <profile>
            <id>default</id>
            <repositories>
                <repository>
                    <id>acme-releases</id>
                    <url>https://maven.example.org/repository/maven-releases/</url>
                    <releases>
                        <enabled>true</enabled>
                        <updatePolicy>always</updatePolicy>
                    </releases>
                    <snapshots>
                        <enabled>false</enabled>
                    </snapshots>
                </repository>
                <repository>
                    <id>acme-snapshots</id>
                    <url>https://maven.example.org/repository/maven-snapshots/</url>
                    <releases>
                        <enabled>false</enabled>
                    </releases>
                    <snapshots>
                        <enabled>true</enabled>
                        <updatePolicy>always</updatePolicy>
                    </snapshots>
                </repository>
            </repositories>
        </profile>
    </profiles>
    <mirrors>
        <mirror>
            <id>acme-central-mirror</id>
            <name>Acme Central Mirror</name>
            <url>https://maven.example.org/repository/maven-central/</url>
            <mirrorOf>central</mirrorOf>
        </mirror>
    </mirrors>
</settings>{code}
And a project’s POM contains
{code:xml}
<plugin>
    <groupId>org.codehaus.mojo</groupId>
    <artifactId>versions-maven-plugin</artifactId>
    <version>2.7</version>
    <executions>
        <execution>
            <phase>verify</phase>
            <goals>
                <goal>display-parent-updates</goal>
                <goal>display-plugin-updates</goal>
                <goal>display-property-updates</goal>
                <goal>display-dependency-updates</goal>
            </goals>
        </execution>
    </executions>
</plugin>{code}
And when building the project, this appears:
{quote}— versions-maven-plugin:2.7:display-dependency-updates (default) @ demo-project —
 artifact com.fasterxml.jackson.core:jackson-annotations: checking for updates from acme-releases
 artifact com.fasterxml.jackson.core:jackson-core: checking for updates from acme-releases
 artifact com.fasterxml.jackson.core:jackson-databind: checking for updates from acme-releases
{quote}
(hundreds of other requests omitted)

This is not an issue of the versions plugin, that plugin only makes it worse.


was (Author: striderapache):
Sorry, by missing dependencies I mean dependencies which are built by our Jenkins and cannot
be pulled from central. Jenkins puts those in our releases repo.

Sometimes I try to build a project depending on a library (version) which is not in our releases
repo yet. Without updatePolicy, Maven on my workstation remembers that the dependency is not
available in our releases repo.

My primary concern is to speed up the build process by telling maven which repo/mirror are
able to provide a dependency, removing hundreds of unneccessary requests. Everything works,
but (as long as we don’t push to central) our releases repository will never provide the
dependencies found in central. Therefore requests to our releases repo should be skipped for
dependencies like Jackson, but currently there’s no way configure Maven this way.

For a better understanding, this is what my ~/.m2/settings.xml looks like:
{code:xml}
<settings>
    <activeProfiles>
        <activeProfile>default</activeProfile>
    </activeProfiles>
    <profiles>
        <profile>
            <id>default</id>
            <repositories>
                <repository>
                    <id>acme-releases</id>
                    <url>https://maven.example.org/repository/maven-releases/</url>
                    <releases>
                        <enabled>true</enabled>
                        <updatePolicy>always</updatePolicy>
                    </releases>
                    <snapshots>
                        <enabled>false</enabled>
                    </snapshots>
                </repository>
                <repository>
                    <id>acme-snapshots</id>
                    <url>https://maven.example.org/repository/maven-snapshots/</url>
                    <releases>
                        <enabled>false</enabled>
                    </releases>
                    <snapshots>
                        <enabled>true</enabled>
                        <updatePolicy>always</updatePolicy>
                    </snapshots>
                </repository>
            </repositories>
        </profile>
    </profiles>
    <mirrors>
        <mirror>
            <id>acme-central-mirror</id>
            <name>Acme Central Mirror</name>
            <url>https://maven.example.org/repository/maven-central/</url>
            <mirrorOf>central</mirrorOf>
        </mirror>
    </mirrors>
</settings>{code}
And a project’s POM contains
{code:xml}
<plugin>
    <groupId>org.codehaus.mojo</groupId>
    <artifactId>versions-maven-plugin</artifactId>
    <version>2.7</version>
    <executions>
        <execution>
            <phase>verify</phase>
            <goals>
                <goal>display-parent-updates</goal>
                <goal>display-plugin-updates</goal>
                <goal>display-property-updates</goal>
                <goal>display-dependency-updates</goal>
            </goals>
        </execution>
    </executions>
</plugin>{code}
And when building the project, this appears:
{quote}— versions-maven-plugin:2.7:display-dependency-updates (default) @ demo-project —
 artifact com.fasterxml.jackson.core:jackson-annotations: checking for updates from acme-releases
 artifact com.fasterxml.jackson.core:jackson-core: checking for updates from acme-releases
 artifact com.fasterxml.jackson.core:jackson-databind: checking for updates from acme-releases
{quote}
(hundreds of other requests omitted)

This is not an issue of the versions plugin, that plugin only makes it worse.

> Restrict repositories to specific groupIds
> ------------------------------------------
>
>                 Key: MNG-6763
>                 URL: https://issues.apache.org/jira/browse/MNG-6763
>             Project: Maven
>          Issue Type: New Feature
>            Reporter: dennis lucero
>            Priority: Major
>
> It should be possible to restrict the repositories specified in settings.xml to specific
groupIds. Looking at [https://maven.apache.org/ref/3.6.2/maven-settings/settings.html#class_repository],
it seems this is currently not the case.
> Background: We use Nexus to host our own artifacts. The settings.xml contains our Nexus
repository with <updatePolicy>always</updatePolicy> because sometimes a project
is built while a dependency is not yet in our Nexus repo – without updatePolicy, it would
take 24 hours or manual deletion of metadata to make Maven re-check for the missing dependency.
> Additionally, we use versions-maven-plugin:2.7:display-dependency-updates in our build
process.
> This results in lots of queries (more than 300 in a simple Dropwizard project) to our
repo which will never succeed. If we could specify that our repo only supplies groupIds beginning
with org.example, Maven could skip update checks for groupIds starting with com.fasterxml.jackson
and so on, speeding up the build process.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message