If you’re using Maven in a corporate environment, then you’re struggling with the same problems all over again: How to make sure that the build builds?
While a simple task at first glance, there are a few hidden obstacles which boil down to two things: Downloads via the Internet and plugin or dependency version stability. Both can be solved by a using a proxy or a in-house repository.
The guys from Sonatype have been busy in the last months and have released Nexus 1.0.0-beta-4.2 which gives you another option to chose from besides Archiva or DSMP (my own Maven 2 proxy). I’ve tried Nexus yesterday and I have to say that I’m very pleased with the result. As usual for Open Source Software, the beta is more stable than some post-beta commercial products and it delivers with very little setup (follow the link to see the documentation).
Now, we have a second issue: version stability. Here is my recipe to achieve that. First of all, version anything in your POM. All dependencies, all plugins, everything. I’m using properties for that which I define in a common parent POM plus I’m using the dependency management. Maven 2.0.9 helps a lot here because it forces you to add version elements everywhere.
The next step is to make sure the maven builds can find their stuff. To do that, I suggest to set up two Nexus repositories. The first one is the “build” repository, the second one is the “cache” repository. While all developers should use the “build” repository, the “cache” repository can actually download dependencies from the Internet.
The “build” repository, on the other hand, is just a local repository with no Internet connection. To avoid mistakes, I suggest to install the build repo with the default settings but with all remote repositories deleted or turned into local ones. The “cache” repository should run on an unusual port and with the remote repositories enabled as described in the installation documentation.
Next, you need to create a profile in your settings.xml which switches mirrors between the two. When you want to check out a new version of some plugin, switch to the cache repository and have it download all the new stuff. This will pollute your local copy of the maven repository but only yours. After you have verified that the build completes (or fixed all the problems you’ve got), check the RSS feeds of Nexus for stuff it downloaded. Then, all you have to do, is to copy those to the “build” repository. After a refresh, all the other developers in your company can use the new, verified downloads.
Clean your local repository and build again to make sure that your colleagues won’t have any problems after the change and you’re set.