[
https://issues.apache.org/jira/browse/MNG-6763?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16987844#comment-16987844
]
dennis lucero edited comment on MNG-6763 at 12/4/19 6:08 PM:
-------------------------------------------------------------
Sorry, by missing dependencies I mean dependencies which are built by our
Jenkins and cannot be pulled from central. Jenkins puts those in our releases
repo.
Sometimes I try to build a project depending on a library (version) which is
not in our releases repo yet. Without updatePolicy, Maven on my workstation
remembers that the dependency is not available in our releases repo. However, I
just have to wait a few minutes for our Jenkins to finish building the
dependency. After that, it is available in our releases repo. But without
updatePolicy Maven waits 24 hours before trying to get it from there again.
My primary concern is to speed up the build process by telling maven which
repo/mirror are able to provide a dependency, removing hundreds of unneccessary
requests. Everything works, but (as long as we don’t push to central) our
releases repository will never provide the dependencies found in central.
Therefore requests to our releases repo should be skipped for dependencies like
Jackson, but currently there’s no way configure Maven this way.
For a better understanding, this is what my ~/.m2/settings.xml looks like:
{code:xml}
<settings>
<activeProfiles>
<activeProfile>default</activeProfile>
</activeProfiles>
<profiles>
<profile>
<id>default</id>
<repositories>
<repository>
<id>acme-releases</id>
<url>https://maven.example.org/repository/maven-releases/</url>
<releases>
<enabled>true</enabled>
<updatePolicy>always</updatePolicy>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
<repository>
<id>acme-snapshots</id>
<url>https://maven.example.org/repository/maven-snapshots/</url>
<releases>
<enabled>false</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
<updatePolicy>always</updatePolicy>
</snapshots>
</repository>
</repositories>
</profile>
</profiles>
<mirrors>
<mirror>
<id>acme-central-mirror</id>
<name>Acme Central Mirror</name>
<url>https://maven.example.org/repository/maven-central/</url>
<mirrorOf>central</mirrorOf>
</mirror>
</mirrors>
</settings>{code}
And a project’s POM contains
{code:xml}
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>versions-maven-plugin</artifactId>
<version>2.7</version>
<executions>
<execution>
<phase>verify</phase>
<goals>
<goal>display-parent-updates</goal>
<goal>display-plugin-updates</goal>
<goal>display-property-updates</goal>
<goal>display-dependency-updates</goal>
</goals>
</execution>
</executions>
</plugin>{code}
And when building the project, this appears:
{quote}— versions-maven-plugin:2.7:display-dependency-updates (default) @
demo-project —
artifact com.fasterxml.jackson.core:jackson-annotations: checking for updates
from acme-releases
artifact com.fasterxml.jackson.core:jackson-core: checking for updates from
acme-releases
artifact com.fasterxml.jackson.core:jackson-databind: checking for updates
from acme-releases
{quote}
(hundreds of other requests omitted)
This is not an issue of the versions plugin, that plugin only makes it worse.
was (Author: striderapache):
Sorry, by missing dependencies I mean dependencies which are built by our
Jenkins and cannot be pulled from central. Jenkins puts those in our releases
repo.
Sometimes I try to build a project depending on a library (version) which is
not in our releases repo yet. Without updatePolicy, Maven on my workstation
remembers that the dependency is not available in our releases repo. However, I
just have to wait a few minutes for our Jenkins to finish building the
dependency. After that, it is available in our releases repo. But without
updatePolicy Maven waits 24 hours before trying again.
My primary concern is to speed up the build process by telling maven which
repo/mirror are able to provide a dependency, removing hundreds of unneccessary
requests. Everything works, but (as long as we don’t push to central) our
releases repository will never provide the dependencies found in central.
Therefore requests to our releases repo should be skipped for dependencies like
Jackson, but currently there’s no way configure Maven this way.
For a better understanding, this is what my ~/.m2/settings.xml looks like:
{code:xml}
<settings>
<activeProfiles>
<activeProfile>default</activeProfile>
</activeProfiles>
<profiles>
<profile>
<id>default</id>
<repositories>
<repository>
<id>acme-releases</id>
<url>https://maven.example.org/repository/maven-releases/</url>
<releases>
<enabled>true</enabled>
<updatePolicy>always</updatePolicy>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
<repository>
<id>acme-snapshots</id>
<url>https://maven.example.org/repository/maven-snapshots/</url>
<releases>
<enabled>false</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
<updatePolicy>always</updatePolicy>
</snapshots>
</repository>
</repositories>
</profile>
</profiles>
<mirrors>
<mirror>
<id>acme-central-mirror</id>
<name>Acme Central Mirror</name>
<url>https://maven.example.org/repository/maven-central/</url>
<mirrorOf>central</mirrorOf>
</mirror>
</mirrors>
</settings>{code}
And a project’s POM contains
{code:xml}
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>versions-maven-plugin</artifactId>
<version>2.7</version>
<executions>
<execution>
<phase>verify</phase>
<goals>
<goal>display-parent-updates</goal>
<goal>display-plugin-updates</goal>
<goal>display-property-updates</goal>
<goal>display-dependency-updates</goal>
</goals>
</execution>
</executions>
</plugin>{code}
And when building the project, this appears:
{quote}— versions-maven-plugin:2.7:display-dependency-updates (default) @
demo-project —
artifact com.fasterxml.jackson.core:jackson-annotations: checking for updates
from acme-releases
artifact com.fasterxml.jackson.core:jackson-core: checking for updates from
acme-releases
artifact com.fasterxml.jackson.core:jackson-databind: checking for updates
from acme-releases
{quote}
(hundreds of other requests omitted)
This is not an issue of the versions plugin, that plugin only makes it worse.
> Restrict repositories to specific groupIds
> ------------------------------------------
>
> Key: MNG-6763
> URL: https://issues.apache.org/jira/browse/MNG-6763
> Project: Maven
> Issue Type: New Feature
> Reporter: dennis lucero
> Priority: Major
>
> It should be possible to restrict the repositories specified in settings.xml
> to specific groupIds. Looking at
> [https://maven.apache.org/ref/3.6.2/maven-settings/settings.html#class_repository],
> it seems this is currently not the case.
> Background: We use Nexus to host our own artifacts. The settings.xml contains
> our Nexus repository with <updatePolicy>always</updatePolicy> because
> sometimes a project is built while a dependency is not yet in our Nexus repo
> – without updatePolicy, it would take 24 hours or manual deletion of metadata
> to make Maven re-check for the missing dependency.
> Additionally, we use versions-maven-plugin:2.7:display-dependency-updates in
> our build process.
> This results in lots of queries (more than 300 in a simple Dropwizard
> project) to our repo which will never succeed. If we could specify that our
> repo only supplies groupIds beginning with org.example, Maven could skip
> update checks for groupIds starting with com.fasterxml.jackson and so on,
> speeding up the build process.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
