2. Arnaud Héritier Committer since 2004 and member of the Project Management Committee Coauthor of « Apache Maven » published by Pearson (in French) Software Factory Manager at eXo platform In charge of tools and methods
5. Definition Apache Maven is a software project management and comprehension tool. Based on the concept of a project object model (POM), Maven can manage a project's build, binaries, reporting and documentation from a central piece of information. Apache Maven is a command line tool with some IDE integrations.
10. Dependencies Scope Compile (by default) : Required to build and run the application Runtime : not required to build theapplication but needed at runtime Ex : taglibs Provided : required to build theapplication but not needed at runtime (provided by the container) Ex : Servlet API, Driver SGBD, … Test : required to build and launch tests but not needed by theapplication itself to build and run Ex : Junit, TestNG, DbUnit, … System : local library with absolute path Ex : software products
11. ArtifactRepository By default : A central repository http://repo1.maven.org/maven2 Severaldozen of Gb of OSS libraries A local repository ${user.home}/.m2/repository All artifacts Used by maven and its plugins Used by yourprojects (dependencies) Produced by yourprojects
12. Artifact Repository By default Maven downloads artifacts required by the project or itself from central Downloaded artifacts are stored in the local repository
13. Versions Project and dependency versions Two different version variants SNAPSHOT version The version number ends with –SNAPSHOT The project is in development Deliveries are changing over the time and are overridden after each build Artifacts are deployed with a timestamp on remote repositories RELEASE version The version number doesn’t end with –SNAPSHOT Binaries won’t change
15. Versions About SNAPSHOT dependencies Maven allows the configuration of an update policy. The update policy defines the recurrence of checks if there is a new SNAPSHOT version available on the remote repository : always daily (by default) interval:X (a given period in minutes) never Must not be used in a released project They can change thus the release also
16. Versions Range From … to … Maven automatically searches for the corresponding version (using the update policy for released artifacts) To use with caution Risk of non reproducibility of the build Risk of sideeffectson projects depending on yours.
17. Reactor pom.xml : <modules> <module>moduleA</module> <module>moduleC</module> <module>moduleB</module> </modules> Ability of Maven to build several sub-modules resolving the order of their dependencies Modules have to be defined in the POM For a performance reasons
18. Inheritence Share settings between projects/modules Project Business1 Jar War Business2 Jar War By default the parent project is supposed to be in the parent directory (../) pom.xml for module Jar1 <parent> <groupId>X.Y.Z</groupId> <artifactId>jars</artifactId> <version>1.0-SNAPSHOT<version> </parent>
19. BuildLifecycle And Plugins Plugin based architecture for a great extensibility Standardized lifecycle to build all types of archetypes
21. Maven, the project’s choice Application’s architecture The project has the freedom to divide the application in modules Maven doesn’t limit the evolution of the application architecture Dependencies management Declarative : Maven automatically downloads them and builds the classpath Transitive : We define only what the module needs itself
22. Maven, the project’s choice Centralizes and automates all development facets (build, tests, releases) One thing it cannot do for you : to develop Builds Tests Packages Deploys Documents Checks and reports about the quality of developments
24. Maven, the corporate’s choice Widely adopted and known Many developers Developments are standardized Decrease of costs Reuse of knowledge Reuse of configuration fragments Reuse of process and code fragments Product qualityimprovement Reports and monitoring
29. Secure your builds Deploy a repository manager to proxy externals repositories to : Avoid external network outages Avoid external repository unavailabilities To reduce your company’s external network usage To increase the speed of artifact downloads Additional services offered by such servers : Artifacts procurement to filter what is coming from the outside Staging repository to validate your release before deploying it
30. Setup a global mirror <settings> <mirrors> <mirror> <!--Thissendseverythingelse to /public --> <id>global-mirror</id> <mirrorOf>external:*</mirrorOf> <url>http://repository.exoplatform.org/content/groups/all</url> </mirror> </mirrors> <profiles> <profile> <id>mirror</id> <!--Enablesnapshots for the built in central repo to direct --> <!--allrequests to the repository manager via the mirror --> <repositories> <repository> <id>central</id> <url>http://central</url> <releases><enabled>true</enabled></releases> <snapshots><enabled>true</enabled></snapshots> </repository> </repositories> <pluginRepositories> <pluginRepository> <id>central</id> <url>http://central</url> <releases><enabled>true</enabled></releases> <snapshots><enabled>true</enabled></snapshots> </pluginRepository> </pluginRepositories> </profile> </profiles> <activeProfiles> <!--make the profile active all the time --> <activeProfile>mirror</activeProfile> </activeProfiles> </settings>
32. Automate tests Use automated tests as often as you can Many tools are available through Maven JUnit, TestNG – unit tests, Selenium, Canoo – web GUI test, Fitnesse, Greenpepper – functional tests, SoapUI – web services tests JMeter– performances tests And many more frameworks are available to reply your needs
33. Quality Metrics Extract quality metrics from your project and monitor them : Code style (CheckStyle) Bad practices or potential bugs (PMD, FindBugs, Clirr) Tests coverage (Cobertura, Emma, Clover) … You can use blocking rules For example, I break the build if the upward compatibility of public APIs is broken You can use reports Reports are available in a web site generated by Maven Or in a quality dashboard like Sonar
37. Continuous Integration Setup a continuous integration server to : Have a neutral and unmodified environment to run your tests Quickly react when The build fails (compilation failure for example) A test fails A quality metric is bad Continuously improve the quality of your project and your productivity Many products Hudson, Bamboo, TeamCity, Continuum, Cruisecontrol, …
41. K.I.S.S. Keep It Simple, Stupid Start from scratch Do not copy/paste what you find without understanding Use only what you need It’s not because maven offers many features that you need to use them Filtering Modules Profiles …
43. Project bad practices Ignore Maven conventions Except if your are migrating from something else and the target has to be to follow them. Except if they are not compatible with your IDE Different versions in sub-modules In that case they are standalone projects. Too many inheritance levels It makes the POMsmaintenance more complex Where should I set this plugin parameter ? In which parent ?
44. Project bad practices Have too many modules Is there a good reason ? Technical constraint ? Team organization ? It increases the build time Many more artifacts to generate Dependencies resolution more complex It involves more complex developments More modules to import in your IDE More modules to update …
45. Project good practices Use the default inheritance : The reactor project is also the parent of its modules. Configuration is easier : No need to redefine SCM settings, site distribution settings …
47. POM bad practices Dependencies : DON’T confuse dependencies and dependencyManagement Plugins : DON’T confuse plugins and pluginManagement DON’T use AntRunplugin everywhere DON’T let Maven choose plugins versions for you
48. POM bad practices Profiles : DON’T create environment dependant builds DON’T rely on dependencies coming from profiles (there is no transitive activation of profiles) Reporting and quality DON’T activate on an existing project all reports with default configuration DON’T control formatting rules without giving settings for IDEs. DON’T put everything you find in your POM.
49. POM good practices Set versions of dependencies in project parent’s dependencyManagement Set dependencies (groupId, artifactId, scope) in each module they are used Use the dependency plugin (from apache) and versions plugin (from mojo) to analyze, cleanup and update your dependencies.
51. Development bad practices DON’T spend your time in the terminal, DON’T exchange libraries through emails, DON’T always use "-Dmaven.test.skip=true” DON’T manually do releases
52. Development good practices Keep up-to-date your version of Maven For example in 2.1 the time of dependencies/modules resolution decreased a lot (Initialization of a project of 150 modules passed from 8 minutes to less than 1) Use the reactor plugin (Maven < 2.1) or native reactor command line options (Maven >= 2.1) to rebuild only a subpart of your project : All modules depending on module XXX All modules used to build XXX Try to not use Maven features not supported by your IDE (resources filtering with the plugineclipse:eclipse)
55. Secure your credentials Generate a private keyarnaud@leopard:~$ mvn--encrypt-master-passwordtoto{dZPuZ74YTJ0HnWHGm4zgfDlruYQNda1xib9vAVf2vvY=} We save the private key in ~/.m2/settings-security.xml<settingssecurity><master>{dZPuZ74YTJ0HnWHGm4zgfDlruYQNda1xib9vAVf2vvY=}</master></settingssecurity>
56. Secure your credentials You can move this key to another drive~/.m2/settings.xml<settingssecurity><relocation>/Volumes/ArnaudUsbKey/secure/settings-security.xml</relocation></settingssecurity> You create an encrypted version of your server passwordarnaud@leopard:~$ mvn--encrypt-password titi{SbC9Fl2jA4oHZtz5Fcefp2q1tMXEtBkz9QiKljPiHss=} You register it in your settings<settings> ... <servers> ... <server> <id>mon.server</id> <username>arnaud</username> <password>{SbC9Fl2jA4oHZtz5Fcefp2q1tMXEtBkz9QiKljPiHss=}</password> </server> ... </servers> ...</settings>
60. Release of awebappin 2002 Limited usage of eclipse NoWTP (Onlysomefeaturesin WSAD), Noabilitytoproduce WARs
61. Release of a webapp in 2002 Many manual tasks Modify settings files Package JARs Copy libraries (external and internal) in a « lib » directory Package WAR (often with a zip command) Tag the code (CVS) Send the package on the integration server using FTP Deploy the package with AS console
62. Release of a webapp in 2002 One problem : The are always problems Error in config files Missing dependencies Missing file Last minute fix which created a bug And many other possibilies .. How long did it take ? When everything is ok : 15 minutes When there’s a problem : ½ day or more
63. Maven Release Plugin Automates the release process from tagging sources to binaries delivery Release plugin main goals: Prepare : To update maven versions and information in POMs and tag the code Perform : To deploy binaries in a maven repository After that you can just automate the deployment on the AS using cargo for example.
65. Configuration and Prerequisites Project version (must be a SNAPSHOT version) Dependencies and plugins versions mustn’t be SNAPSHOTs
66. SCM configuration SCM binaries have to be in the PATH SCM credentials have to already be stored or you have to pass them in command line with :–Dusername=XXX –Dpassword=XXX <scm> <connection> scm:svn:http://svn.exoplatform.org/projects/parent/trunk </connection> <developerConnection> scm:svn:http://svn.exoplatform.org/projects/parent/trunk </developerConnection> <url> http://fisheye.exoplatform.org/browse/projects/parent/trunk </url> </scm>
68. Repository credentials <settings> <servers> <server> <!–- id must be the one used in distributionManagement --> <id>repository.exoplatform.org</id> <username>aheritier</username> <password>{ABCDEFGHIJKLMNOPQRSTUVWYZ}</password> </server> </servers> </settings>
69. Default Release Profile in Super POM <profile> <id>release-profile</id> <activation> <property> <name>performRelease</name> <value>true</value> </property> </activation> <build> <plugins> <!–- Configuration to generate sources and javadoc jars --> ... </plugins> </build> </profile>
70. Custom release profile <project> ... <build> <pluginManagement> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-release-plugin</artifactId> <version>2.0-beta-9</version> <configuration> <useReleaseProfile>false</useReleaseProfile> <arguments>-Pmyreleaseprofile</arguments> </configuration> </plugin> </plugins> </pluginManagement> </build> ... <profiles> <profile> <id>myreleaseprofile</id> <build> <!-– what you want to customize the behavior of the build when you do a release --> </build> </profile> </profiles> ... </project>
71. Troubleshooting Releases Common errorsduring release: Buildwith release profile wastestedbefore and fails Local modifications Current version is not a SNAPSHOT SNAPSHOTs in dependencies and/or plugins Missingsome configuration (scm, distribMgt, …) Tag alreadyexists Unable to deployproject to the Repository Connectionproblems
74. Some links The main web site : http://maven.apache.org Project’s team wiki : http://docs.codehaus.org/display/MAVEN Project’suserswiki : http://docs.codehaus.org/display/MAVENUSER
75. Books Sonatype / O’Reilly : The Definitive Guide http://www.sonatype.com/books Free download Available in several languages Soon in French
76. Books Exist Global Better builds with Maven http://www.maestrodev.com/better-build-maven Free download
77. Books Nicolas De loofArnaud Héritier Published by Pearson Collection Référence Based on our own experiences with Maven. From beginners to experts. In French only Available on 20th November
79. Support Mailing lists http://maven.apache.org/mail-lists.html IRC irc.codehaus.org - #maven Forums http://www.developpez.net/ forum maven In French Dedicated support Sonatype and some others companies
83. Apache Maven 2.x Evolutions, new features Several important new features in 2.1 like Parallel downloads Encrypted passwords Last release : 2.2.1 2.2.2 in few months, 2.3 in 2010
84. Apache Maven 3.x Do not be afraid !!!!! Not final before at least one year Full compatibility with maven 2.x projects
85. Apache Maven 3.x What’s new : How POMs are constructed How the lifecycle is executed How the plugin manager executes How artifacts are resolved How it can be embedded How dependency injection is done
86. Apache Maven 3.x What it will change for maven users ? Any-source POM Versionless parent elements Mixins : a compositional form of Maven POM configuration Better IDE integration Error & integrityreporting Much improvederrorreportingwherewewillprovide links to each identifiable problemwe know of. There are currently 42 commonthingsthatcan go wrong. Don'tallowbuildswhere versions come fromnon-project sources like local settings and CLI parameters Don'tallowbuildswhere versions come from profiles that have to beactivatedmanually
87. Apache Maven 3.x What it will changefor maven developers ? Lifecycle extension points Plugin extension points Incremental build support Queryable lifecycle Extensible reporting
92. The team 60 committers, More than 30 active since the beginning of the year, Several organizations like Sonatype, deliver resources and professional support, A community less isolated : more interactions with Eclipse, Jetty,
95. Competitors Ant + Ivy, Easy Ant, Gant, Graddle, Buildr… Script oriented You can do what you want ! Reuse many of Maven conventions (directories layout, …) and services (repositories) but without enforcing them The risk for them : Not being able to evolve due to the too high level of customization proposed to the user. We tried on Maven 1 and it died because of that. It’s like providing a framework without public API.
97. Conclusion Today, Maven is widely adopted in corporate environments, It provides many services, It has an important and really active community of users and developers Many resources to learn to use it and a professional support are available A product probably far from being perfect but on rails for the future Many things to do We need you !
99. Licence et copyrights Photos and logos belong to their respective authors/owners Content underCreative Commons 3.0 Attribution — You must attribute the work in the mannerspecified by the author or licensor (but not in anywaythatsuggeststhattheyendorseyou or your use of the work). Noncommercial — You may not use thiswork for commercial purposes. ShareAlike — If you alter, transform, or builduponthiswork, youmaydistribute the resultingworkonlyunder the same or similarlicense to this one. http://creativecommons.org/licenses/by-nc-sa/3.0/us/