简体繁体 English

维护内部Maven存储库的提示？

[英]Tips for maintaining an internal Maven Repository?

原文 2009-06-24 16:11:38 6 7 java/ maven-2/ repository/ maintenance

I'm interested in maintaining a Maven 2 repository for my organization. 我有兴趣为我的组织维护一个Maven 2存储库。 What are the some of the pointers and pitfalls that would help. 有哪些指针和陷阱会有所帮助。

What are guidelines for users to follow when setting up standards for downloading from or publishing their own artifacts to the repository when releasing their code? 在发布代码时，在设置从库中下载或将自己的工件发布到存储库的标准时，用户应遵循哪些准则？ What kinds of governance/rules do you have in place for this type of thing? 您为此类事物制定了哪些治理/规则？ What do you include about it in your developer's guide/documentation? 您在开发人员指南/文档中包含了哪些内容？

UPDATE : We've stood up Nexus and have been very happy with it - followed most of Sal's guidelines and haven't had any trouble. 更新：我们已经站起来并且非常满意它 - 遵循Sal的大部分指导方针并且没有遇到任何麻烦。 In addition, we've restricted deploy access and automated build/deployment of snapshot artifacts through a Hudson CI server. 此外，我们通过Hudson CI服务器限制了部署访问和快照构件的自动构建/部署。 Hudson can analyze all of the upstream/downstream project dependencies, so if a compilation problem, test failure, or some other violation causes the build to break, no deployment will occur. Hudson可以分析所有上游/下游项目依赖项，因此如果编译问题，测试失败或其他一些违规导致构建中断，则不会发生部署。 Be weary of doing snapshot deployments in Maven2/Maven3, as the metadata has changed between the two versions. 厌倦了在Maven2 / Maven3中进行快照部署，因为元数据在两个版本之间发生了变化。 The "Hudson only" snapshot deployment strategy will mitigate this. “仅限Hudson”快照部署策略将缓解这种情况。 We do not use the Release Plugin, but have written some plumbing around the Versions plugin when going to move a snapshot to release. 我们不使用Release Plugin，但是在将快照移动到发布时，已经在Versions插件中编写了一些代码。 We also use m2eclipse and it seems to work very well with Nexus, as from the settings file it can see Nexus and knows to index artifact information for lookup from there. 我们也使用m2eclipse，它似乎与Nexus很好地配合，因为从设置文件中它可以看到Nexus并且知道从那里索引工件信息以进行查找。 (Though I have had to tweak some of those settings to have it fully index our internal snapshots.) I'd also recommend you deploy a source jar with your artifacts as a standard practice if you're interested in doing this. （虽然我不得不调整其中一些设置以使其完全索引我们的内部快照。）如果您对此感兴趣，我还建议您使用您的工件部署源jar作为标准做法。 We configure that in a super POM. 我们在超级POM中配置它。

UPDATE2 : I've come across this Sonatype whitepaper which details different stages of adoption/maturity, each with different usage goals for a Maven Repository manager. 更新2 ：我遇到过这篇Sonatype白皮书，其中详细介绍了采用/成熟的不同阶段，每个阶段都有一个Maven资源库管理器的不同使用目标。

7 个解决方案

I would recommend setting up one nexus server with at least four repositories. 我建议设置一个至少有四个存储库的nexus服务器。 I would not recommend artifactory. 我不推荐神器。 The free version of nexus is perfectly fine for a dev team of less than 20 in less than three groups. 免费版的nexus对于不到三组的开发团队来说非常好。 If you have more users than that, do yourself a favor and pay for the Sonatype release. 如果你有更多的用户，请帮自己一个忙，并为Sonatype版本付费。 The LDAP integration pays for itself. LDAP集成为自己付出代价。

Internal Release 内部发布
Internal Snapshot 内部快照
Internal 3rd Party for code used in house that comes from outside sources, or for endorsed 3rd party versions. 内部第三方用于内部使用的代码来自外部来源，或者用于认可的第三方版本。 Put the JDBC drivers, javax.* stuff and stuff from clients and partners here. 把JDBC驱动程序，javax。*东西和来自客户端和合作伙伴的东西放在这里。
External Proxies common proxy for all the usual sources like m2, codehaus etc 外部代理通用代理所有常见的来源，如m2，codehaus等

Configure Nexus to do the following for internal repos 配置Nexus以执行以下内部存储库

Delete old Snapshots on regular intervals 定期删除旧快照
Delete Snapshots on release 在发布时删除快照
Build index files. 构建索引文件。 This speeds up local builds too 这也加速了本地构建

Have a common settings.xml file that uses these four and only these four sources. 有一个公共的settings.xml文件，它使用这四个，只有这四个来源。 If you need to customize beyond this try to keep a common part of the settings file and use profiles for the differences. 如果您需要在此之外进行自定义，请尝试保留设置文件的公共部分 ，并使用配置文件来区分差异。 Do not let your clients just roll their own settings or you will end up with code that builds on one machine but not on any other machine. 不要让您的客户只是滚动他们自己的设置，否则您最终会得到构建在一台机器上但不在任何其他机器上的代码。

Provide a common proxy for your clients. 为您的客户提供通用代理。 In Nexus, you can add a bunch of proxies to the common Maven sources (Apache, JBoss, Codehaus) and have a single proxy exposed to the internal clients. 在Nexus中，您可以向常见的Maven源（Apache，JBoss，Codehaus）添加一堆代理，并将一个代理暴露给内部客户端。 This makes adding and removing sources from your clients much easier. 这样可以更轻松地从客户端添加和删除源。

Don't mix Internal and 3rd party artifacts in the same repository. 不要在同一存储库中混合使用内部和第三方工件 。 Nexus allows you to add jars to an internal repository via a web gui. Nexus允许您通过web gui将jar添加到内部存储库。 I recommend this as the way of adding your JDBC drivers and other external code to 3rd party. 我建议将此JDBC驱动程序和其他外部代码添加到第三方。 The UI is quite nice to use when compared to most enterprise software . 与大多数企业软件相比，UI非常好用。

Define a common parent POM that defines the Internal snapshot and release repos via the distributionManagement tag. 定义一个公共父POM ，它通过distributionManagement标记定义内部快照和释放repos。 I know lots of people tell you not to do this. 我知道很多人告诉你不要这样做。 And while I freely admit that there are all kinds of problems with doing this, it works out OK if the clients will only be building releases and snapshots to be deployed to a single internal repository. 虽然我自由地承认这样做存在各种问题，但如果客户端只构建要部署到单个内部存储库的版本和快照，则可以正常工作。

If you have an existing mis-managed Maven repository , create a 5th repos called Legacy and put the whole repos there. 如果您有一个错误管理的Maven存储库 ，请创建一个名为Legacy的第五个存储库 ，并将整个存储库放在那里。 Set up a cron task to delete old files from legacy once they are a year old. 设置一个cron任务，一旦他们一岁，就从旧版中删除旧文件。 That gives everyone a year to move off of it and update their poms. 这让每个人都有一年的时间离开它并更新他们的poms。

Establish an easy to stick to naming convention for internal artifacts. 建立一个易于遵守内部工件的命名约定。 I prefer GroupID of Department.Function.Project and an ArtifactId for that componentName . 我更喜欢Department.Function.Project的 GroupID和该componentName的ArtifactId。 For internal repositories, com/org/net and the company name are likely to be irrelevant. 对于内部存储库，com / org / net和公司名称可能无关紧要。 And wrong if the company changes its name. 如果公司更名，那就错了。 It is far less likely that the sales, accounting or inventory department will be renamed. 销售，会计或库存部门重新命名的可能性要小得多。

Definitely use Nexus . 绝对使用Nexus 。 :P ：P

I've used both Nexus and Artifactory. 我已经使用了Nexus和Artifactory。 The interface for Nexus is a lot more robust, it's a lot more configurable, and of course, written by Sonatype , who repesents pretty much everything Maven well. Nexus的界面更加强大，它可以更加可配置，当然，由Sonatype编写，他几乎可以很好地重复Maven。

That being said, Artifactory is decent and workable. 话虽这么说，Artifactory是体面和可行的。

使用Artifactory 。

I am using Artifactory myself, and love the user interface and ease of deployment/maintenance. 我自己使用Artifactory，并喜欢用户界面和易于部署/维护。 That said, I have never used Nexus, and cannot really help you with a proper feature comparison. 也就是说，我从未使用过Nexus，并且无法真正帮助您进行适当的功能比较。

Here are some things off the top of my head that I really like about Artifactory (keep in mind Nexus may have these features too): 这里有一些我最喜欢Artifactory的东西（请记住Nexus也可能有这些功能）：

Nice Web 2.0 interface. 不错的Web 2.0界面。
The ability to import your local Maven repository to help get you started. 能够导入本地Maven存储库以帮助您入门。
Ease of integration with existing LDAP servers for security (I'm a big fan of a single repository for storing credentials). 易于与现有LDAP服务器集成以实现安全性（我是存储凭据的单个存储库的忠实粉丝）。

Given that there's really only two major Maven Repository implementation out there, if you really want to make sure you've made the right choice, I'd recommend trying both out, and deciding for yourself which you like better. 鉴于实际上只有两个主要的Maven Repository实现，如果你真的想确保你做出了正确的选择，我建议你尝试两个，并自己决定你更喜欢哪个。

Perhaps this is obvious, but, for reproducibility, developers should never overwrite artifacts, they should be new versions. 也许这是显而易见的，但是，为了重现性，开发人员不应该覆盖工件，它们应该是新版本。

This also applies to upstream repositories. 这也适用于上游存储库。 If you download Apache-commons version 1.2.3, you should really never download it again. 如果你下载Apache-commons版本1.2.3，你真的不应该再次下载它。 Fixes come from latter versions, not applied to existing versions. 修复来自后一版本，不适用于现有版本。

Something else to consider: 还需要考虑的事情：

http://archiva.apache.org/ http://archiva.apache.org/

As the the ORIGINAL QUESTION (technical issues to consider when constructing a M2 repository), I would recommend creating read-only user for browsing the repository and administrative user per administrator (that said: one read-only user for all those users that are not administrators). 作为原始问题 （构建M2存储库时需要考虑的技术问题），我建议创建只读用户来浏览每个管理员的存储库和管理用户（即：所有那些不是用户的只读用户）管理员）。 Moreover, I would recommend generating backup images periodically (once a day perhaps ?). 此外，我建议定期生成备份图像（也许每天一次？）。 Very important both if your repository is big or you install your own artifacts from time to time. 如果您的存储库很大或者您不时安装自己的工件，这一点非常重要。

Last, but not least, when adding new remote repositories, you must add inclusion/exclusion filters so an artifact lookup in the repository would be done more quickly. 最后，但并非最不重要的是，在添加新的远程存储库时，必须添加包含/排除过滤器，以便更快地完成存储库中的工件查找。

There are lots of other issues to consider, but these are the leading issues I've encountered while managing a Maven internal repository. 还有许多其他问题需要考虑，但这些是我在管理Maven内部存储库时遇到的主要问题。

For the record, I'm using both Nexus and Artifactory; 为了记录，我正在使用Nexus和Artifactory; I can clearly state that while Nexus is very simple and operative (though I sometimes have problems with the installation process on Ubuntu), its free version cannot compete with Artifactory's community (free) edition. 我可以清楚地说明，虽然Nexus非常简单和有效（虽然我有时在Ubuntu上安装过程有问题），但它的免费版本无法与Artifactory的社区（免费）版本竞争。 Excluding Artifactory's awesome web 2 UI, its main features, such as security management, periodic backups, and accessibility issues are way beyond those of Nexus. 除了Artifactory的令人敬畏的Web 2 UI之外，其主要功能（如安全管理，定期备份和可访问性问题）远远超出了Nexus。