You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "dennis lucero (Jira)" <ji...@apache.org> on 2019/12/04 13:10:00 UTC
[jira] [Commented] (MNG-6763) Restrict repositories to specific
groupIds
[ https://issues.apache.org/jira/browse/MNG-6763?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16987844#comment-16987844 ]
dennis lucero commented on MNG-6763:
------------------------------------
Sorry, by missing dependencies I mean dependencies which are built by our Jenkins and cannot be pulled from central. Jenkins puts those in our releases repo.
Sometimes I try to build a project depending on a library (version) which is not in our releases repo yet. Without updatePolicy, Maven on my workstation remembers that the dependency is not available in our releases repo.
My primary concern is to speed up the build process by telling maven which repo/mirror are able to provide a dependency, removing hundreds of unneccessary requests. Everything works, but (as long as we don’t push to central) our releases repository will never provide the dependencies found in central. Therefore requests to our releases repo should be skipped for dependencies like Jackson, but currently there’s no way configure Maven this way.
For a better understanding, this is what my ~/.m2/settings.xml looks like:
{code:xml}
<settings>
<activeProfiles>
<activeProfile>default</activeProfile>
</activeProfiles>
<profiles>
<profile>
<id>default</id>
<repositories>
<repository>
<id>acme-releases</id>
<url>https://maven.example.org/repository/maven-releases/</url>
<releases>
<enabled>true</enabled>
<updatePolicy>always</updatePolicy>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
<repository>
<id>acme-snapshots</id>
<url>https://maven.example.org/repository/maven-snapshots/</url>
<releases>
<enabled>false</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
<updatePolicy>always</updatePolicy>
</snapshots>
</repository>
</repositories>
</profile>
</profiles>
<mirrors>
<mirror>
<id>acme-central-mirror</id>
<name>Acme Central Mirror</name>
<url>https://maven.example.org/repository/maven-central/</url>
<mirrorOf>central</mirrorOf>
</mirror>
</mirrors>
</settings>{code}
And a project’s POM contains
{code:xml}
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>versions-maven-plugin</artifactId>
<version>2.7</version>
<executions>
<execution>
<phase>verify</phase>
<goals>
<goal>display-parent-updates</goal>
<goal>display-plugin-updates</goal>
<goal>display-property-updates</goal>
<goal>display-dependency-updates</goal>
</goals>
</execution>
</executions>
</plugin>{code}
And when building the project, this appears:
{quote}— versions-maven-plugin:2.7:display-dependency-updates (default) @ demo-project —
artifact com.fasterxml.jackson.core:jackson-annotations: checking for updates from acme-releases
artifact com.fasterxml.jackson.core:jackson-core: checking for updates from acme-releases
artifact com.fasterxml.jackson.core:jackson-databind: checking for updates from acme-releases
{quote}
(hundreds of other requests omitted)
This is not an issue of the versions plugin, that plugin only makes it worse.
> Restrict repositories to specific groupIds
> ------------------------------------------
>
> Key: MNG-6763
> URL: https://issues.apache.org/jira/browse/MNG-6763
> Project: Maven
> Issue Type: New Feature
> Reporter: dennis lucero
> Priority: Major
>
> It should be possible to restrict the repositories specified in settings.xml to specific groupIds. Looking at [https://maven.apache.org/ref/3.6.2/maven-settings/settings.html#class_repository], it seems this is currently not the case.
> Background: We use Nexus to host our own artifacts. The settings.xml contains our Nexus repository with <updatePolicy>always</updatePolicy> because sometimes a project is built while a dependency is not yet in our Nexus repo – without updatePolicy, it would take 24 hours or manual deletion of metadata to make Maven re-check for the missing dependency.
> Additionally, we use versions-maven-plugin:2.7:display-dependency-updates in our build process.
> This results in lots of queries (more than 300 in a simple Dropwizard project) to our repo which will never succeed. If we could specify that our repo only supplies groupIds beginning with org.example, Maven could skip update checks for groupIds starting with com.fasterxml.jackson and so on, speeding up the build process.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)