repositories vs pluginRepositories in maven settings.xml

Question

I have the below settings.xml file in my ~/.m2/ folder:

<settings>
    <profiles>
        <profile>
            <id>my-repositories</id>
            <repositories>
                <repository>
                    <id>thirdparty-repository</id>
                    <name>Thirdparty repository</name>
                    <url>https://mynexus/repository/thirdparty/</url>
                </repository>
            </repositories>
            <pluginRepositories>
                <pluginRepository>
                    <id>thirdparty-plugin-repository</id>
                    <name>Thirdparty plugin repository</name>
                    <url>https://mynexus/repository/thirdparty/</url>
                </pluginRepository>
            </pluginRepositories>
        </profile>
    </profiles>
    <activeProfiles>
        <activeProfile>my-repositories</activeProfile>
    </activeProfiles>
</settings>

For both repositories the same nexus group repository is used:

https://mynexus/repository/thirdparty/

If I remove the first one: thirdparty-repository I get the below error:

Failed to read artifact descriptor for junit:junit:jar:4.8.2: Could not transfer artifact junit:junit:pom:4.8.2 from/to central (https://repo.maven.apache.org/maven2): sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Now If I re-enable it and instead remove the other one: thirdparty-plugin-repository I now get this error:

 Failed to read artifact descriptor for org.apache.maven.plugins:maven-clean-plugin:jar:2.5: Could not transfer artifact org.apache.maven.plugins:maven-clean-plugin:pom:2.5 from/to central (https://repo.maven.apache.org/maven2): sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Only when I have them both enabled at the same time it works.

Why do I need both repositories and pluginRepositories that points to the same nexus repository?

Answer 1

Suppose that you had defined a plugin with some dependencies. These dependencies will be searched in all of your <pluginRepository> definitions. Something like this:

<plugin>
   <groupId>org.liquibase</groupId>
   <artifactId>liquibase-maven-plugin</artifactId>
   <version>${liquibase.version}</version>
   <dependencies>
       <dependency>
          <groupId>io.herd.common</groupId>
          <artifactId>common-herd</artifactId>
          <version>${common.version}</version>
       </dependency>
   </dependencies>
</plugin>

Even if you have a <repository> defined which contains the common-herd artifact, Maven will not downloaded it unless you also have a <pluginRepository> containing it. And of course, the common-herd artifact can not be present inside the Maven Central Repository.

I had this problem a few months ago and Maven only downloaded the specific plugin dependency after I added a <pluginRepository>