Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Where is the best place to specify maven repositories, pom.xml or settings.xml?

Tags:

maven-2

Where is the best place to specify required repositories for maven projects, pom.xml or settings.xml? What are the pros and cons of each location? What is best practice?

It seems to me that defining the repositories in the POM is better for a number of reasons:

  • Reproducibility: The dependent artifacts are coming from a known location that is explicitly declared in the POM. There is also less opportunity for a user's misconfigured repositories to cause problems.
  • Portability: This POM will build on anyone's machine with maven installed. There are no additional requirements on additional user configured repository settings.
  • Ease of use: It's easier for new developers to retrieve and build the project because there is less configuration to setup.

Perhaps a con is that if the location of the repository changes in the future, proxies need to be installed or patch releases of old software need to be released specifying the new repository locations (or .m2/settings.xml can always provide additional repositories as a last resort). However, this seems like a necessary ramification of good reproducibility and portability in release management rather than a con.

Any other thoughts?

like image 431
jnorris Avatar asked Feb 08 '10 22:02

jnorris


People also ask

Where should POM xml repository be placed?

Putting non-standard repositories in the pom. xml file (which gets checked into source control) means every developer can build. But YES, your authentication for a repository server should be in your private settings. xml file.

What is the difference between settings xml and POM xml?

settings. xml contains system and/or user configuration, while the pom. xml contains project information. All build configuration ends up in the pom.

Which of the below is correct location of Maven repository?

It is located in MAVEN_HOME/conf/settings. xml, for example: E:\apache-maven-3.1.

Why we need settings xml in Maven?

A Maven settings. xml file defines values that configure Maven execution in various ways. Most commonly, it is used to define a local repository location, alternate remote repository servers, and authentication information for private repositories.


2 Answers

Where is the best place to specify required repositories for maven projects, pom.xml or settings.xml? What are the pros and cons of each location? What is best practice?

I'd personally define the repositories required by a particular project in the project pom.xml because it keeps the build portable. The settings.xml file should be used for user specific or secret things only in my opinion. No really, asking the user to add repository locations, even if this is properly documented, somehow defeats one of maven's feature (transparent dependency handling) and I don't like this idea.

The only "good" use case I can think of for using settings.xml to deal with repositories is when you have a corporate repository and want Maven to use this repository instead of public ones. For example, to avoid connections to any public repository, you would declare the corporate repository as a mirror of all of them:

<settings>   ...   <mirrors>     <mirror>       <id>proxy-of-entire-earth</id>       <mirrorOf>*</mirrorOf>       <name>Maven Repository Manager running on repo.mycompany.com</name>       <url>http://repo.mycompany.com/proxy</url>     </mirror>   </mirrors>   ... </settings> 
like image 79
Pascal Thivent Avatar answered Oct 16 '22 20:10

Pascal Thivent


I'll give you three reasons why you should consider storing repository URLs in settings.xml instead of pom.xml:

  1. spekdrum mentioned something that has actually happened to us:

If you have a corporate repo and you are building a project for a customer and you have to deliver the source code at the end you better configure the repos in settings.xml. You don't want your Artifactory (or similar) to be reached every time the project is built outside your office.

  1. The guys at Sonatype recommend placing URLs in settings.xml.

  2. If the dependency repository goes down (think java.net) you only have to correct the URL in one place. If you used pom.xml all previous releases are broken. You potentially have to commit a fixed pom.xml per release version.

Is configuring URLs in settings.xml more work than pom.xml? Absolutely.

Does it buy you more flexibility? Absolutely.

Here is what settings.xml should look like:

<settings>     <profiles>         <profile>             <id>mycompany-servers</id>             <repositories>                 <repository>                     <id>mycompany-release</id>                     <url>https://mycompany.com/release/</url>                     <snapshots>                         <enabled>false</enabled>                     </snapshots>                 </repository>                 <repository>                     <id>mycompany-snapshot</id>                     <url>https://mycompany.com/snapshot/</url>                     <releases>                         <enabled>false</enabled>                     </releases>                 </repository>             </repositories>         </profile>     </profiles>     <activeProfiles>         <activeProfile>mycompany-servers</activeProfile>     </activeProfiles>     <servers>         <server>             <id>mycompany-release</id>             <username>your-username</username>             <password>your-api-key</password>         </server>         <server>              <id>mycompany-snapshot</id>              <username>your-username</username>              <password>your-api-key</password>         </server>     </servers> </settings> 
like image 29
Gili Avatar answered Oct 16 '22 22:10

Gili