This is a good and important request, since Maven will not work correctly:
- Over time (due to URL changes)
- In a closed environment (no direct access to the Internet from a developer machine)
- Because it will shortcut the repository manager of your choice (Nexus, Archiva, or Artifactory) for resolving dependencies—this is most important.
We are facing this problem for almost every customer that uses Maven, and most of them are using the lazy and dirty solution of "mirrorOf". It is argued in the blog that mirroring all Maven requests to a single URL is a good idea: We know it is a bad idea as it completely takes away control of isolating the source for releases, snapshots, and plug-ins!
There is however, a dramatic sentence in the blog about POM files coming from Open Source projects (it actually applies to everyone):
"The entries you have defined will be burned forever into your released POMs."
It sounds like Maven is broken by design and forever, because of all the bad POM files that already exist out there.
Since we support our customers, and they are suffering from actions that are not under their control, we decided to fix it.
In the latest version of Artifactory (2.1.3), there is now a new feature: Automatic cleanup of remote repositories declared in POMs.
You can now configure any virtual repository to automatically clean up rogue remote repositories declared in POM files.
By default, Artifactory will do it for repositories and plug-in repositories directly declared under the project POM entity, or declared inside an active-by-default profile. You can enforce a deeper cleanup that removes all repository and plug-in repository declarations in all profiles.
Using Artifactory as your repository manager means that you will never get "burnt forever" by innocent mistakes done in POM files of nice, popular Open Source projects.
"The one that talks, the one that does!"
Posts
Very important feature, could save us alot of trouble with various 3rd party frameworks which contains their own repositories.
ReplyDeleteThe past tense of "burn" is "burned", with "burnt" being an alternative. So you really didn't need the (sic) in the quote. :) See: http://en.wiktionary.org/wiki/burn
ReplyDeleteThanks Carl, I stand corrected :)
ReplyDeleteMaven _is_ broken, then. Why? Because there are repositories defined in maven: central and snapshots.
ReplyDeleteHow do I manage this? I re-define central and snapshots to refer to my artifactory server (and define to different central and snapshot repositories based on profiles set during different types of builds.)
I can see why you think of this feature as a good thing, but sometimes "putting it in the pom" is the only way to work around a maven design flaw.