20091112 - Mars Jug - Apache Maven

Apache MavenMarsJUGArnaud HéritiereXo platformSoftware Factory Manager

Arnaud HéritierCommitter since 2004 and member of the Project Management CommitteeCoauthor of « Apache Maven » published by Pearson (in French)Software Factory Manager at eXo platform In charge of tools and methods

DefinitionApache Maven is a software project management and comprehension tool. Based on the concept of a project object model (POM), Maven can manage a project's build, binaries, reporting and documentation from a central piece of information.Apache Maven is a command line tool with some IDE integrations.

Conventions1 project = 1 artifact (pom, jar, war, ear, …)Standardizeddirectories layoutprojectdescriptor (POM)buildlifecycle6

POMAn XML file (pom.xml)DescribingProject identificationProject versionProject descriptionBuild settingsDependencies…<?xml version="1.0" encoding="UTF-8"?><project> <modelVersion>4.0.0</modelVersion> <groupId>org.apache.maven</groupId> <artifactId>webapp-sample</artifactId> <version>1.1-SNAPSHOT</version> <packaging>war</packaging> <name>Simple webapp</name> <inceptionYear>2007</inceptionYear> <dependencies> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-struts</artifactId> <version>2.0.2</version> </dependency> ... </dependencies></project>

WithoutMavenWithMavenDependencies

DependenciesDeclarativesgroupId+artifactId+version (+ classifier)Type (packaging): jar, war, pom, ear, …TransitivesLibAneedsLib BLibBneedsLib CThusLibAneedsLib C

DependenciesScopeCompile (by default) : Required to build and run the applicationRuntime : not required to build theapplication but needed at runtimeEx : taglibsProvided : required to build theapplication but not needed at runtime (provided by the container)Ex : Servlet API, Driver SGBD, …Test : required to build and launch tests but not needed by theapplication itself to build and runEx : Junit, TestNG, DbUnit, …System : local library with absolute pathEx : software products

ArtifactRepositoryBy default :A central repositoryhttp://repo1.maven.org/maven2Severaldozen of Gb of OSS librariesA local repository${user.home}/.m2/repositoryAll artifactsUsed by maven and its pluginsUsed by yourprojects (dependencies)Produced by yourprojects

Artifact RepositoryBy default Maven downloads artifacts required by the project or itself from centralDownloaded artifacts are stored in the local repository

VersionsProject and dependency versionsTwo different version variantsSNAPSHOT versionThe version number ends with –SNAPSHOTThe project is in development Deliveries are changing over the time and are overridden after each buildArtifacts are deployed with a timestamp on remote repositoriesRELEASE versionThe version number doesn’t end with –SNAPSHOTBinaries won’t change

VersionsAbout SNAPSHOT dependenciesMaven allows the configuration of an update policy. The update policy defines the recurrence of checks if there is a new SNAPSHOT version available on the remote repository :alwaysdaily (by default)interval:X (a given period in minutes)neverMust not be used in a released projectThey can change thus the release also 

VersionsRangeFrom … to … Maven automatically searches for the corresponding version (using the update policy for released artifacts)To use with cautionRisk of non reproducibility of the buildRisk of sideeffectson projects depending on yours.

Reactorpom.xml :<modules> <module>moduleA</module> <module>moduleC</module> <module>moduleB</module></modules>Ability of Maven to build several sub-modules resolving the order of their dependenciesModules have to be defined in the POMFor a performance reasons

InheritenceShare settings between projects/modulesProjectBusiness1JarWarBusiness2JarWarBy default the parent project is supposed to be in the parent directory (../)pom.xml for module Jar1<parent> <groupId>X.Y.Z</groupId> <artifactId>jars</artifactId> <version>1.0-SNAPSHOT<version></parent>

BuildLifecycle And PluginsPlugin based architecture for a great extensibilityStandardized lifecycle to build all types of archetypes

Whydoes a projectchooseMaven?Apache Maven

Maven, the project’s choiceApplication’s architectureThe project has the freedom to divide the application in modulesMaven doesn’t limit the evolution of the application architectureDependencies managementDeclarative : Maven automatically downloads them and builds the classpathTransitive : We define only what the module needs itself

Maven, the project’s choiceCentralizes and automates all development facets (build, tests, releases)One thing it cannot do for you : to develop BuildsTestsPackagesDeploysDocumentsChecks and reports about the quality of developments

Whydoes a companychooseMaven?Apache Maven

Maven, the corporate’s choiceWidely adopted and knownMany developersDevelopments are standardizedDecrease of costsReuse of knowledgeReuse of configuration fragmentsReuse of process and code fragmentsProduct qualityimprovementReports and monitoring

Maven’s ecosytemMavenaloneisnothingYou can integrate it with many tools

repository managerSApache Maven

Repository ManagersBasic servicesSearch artifactsBrowse repositoriesProxy external repositoriesHost internal repositoriesSecuritySeveral productsSonatype Nexus (replaced Proximity)JfrogArtifactoryApache Archiva

Secure your buildsDeploy a repository manager to proxy externals repositories to :Avoid external network outagesAvoid external repository unavailabilitiesTo reduce your company’s external network usageTo increase the speed of artifact downloadsAdditional services offered by such servers :Artifacts procurement to filter what is coming from the outsideStaging repository to validate your release before deploying it

Setup a global mirror<settings> <mirrors> <mirror>  <id>global-mirror</id> <mirrorOf>external:*</mirrorOf> <url>http://repository.exoplatform.org/content/groups/all</url> </mirror> </mirrors> <profiles> <profile> <id>mirror</id>   <repositories> <repository> <id>central</id> <url>http://central</url> <releases><enabled>true</enabled></releases> <snapshots><enabled>true</enabled></snapshots> </repository> </repositories> <pluginRepositories> <pluginRepository> <id>central</id> <url>http://central</url> <releases><enabled>true</enabled></releases> <snapshots><enabled>true</enabled></snapshots> </pluginRepository> </pluginRepositories> </profile> </profiles> <activeProfiles>  <activeProfile>mirror</activeProfile> </activeProfiles></settings>

Quality managementApache Maven

Automate testsUse automated tests as often as you canMany tools are available through MavenJUnit, TestNG – unit tests, Selenium, Canoo – web GUI test,Fitnesse, Greenpepper – functional tests,SoapUI – web services testsJMeter– performances testsAnd many more frameworks are available to reply your needs

Quality MetricsExtract quality metrics from your project and monitor them :Code style (CheckStyle)Bad practices or potential bugs (PMD, FindBugs, Clirr)Tests coverage (Cobertura, Emma, Clover)…You can use blocking rulesFor example, I break the build if the upward compatibility of public APIs is brokenYou can use reportsReports are available in a web site generated by MavenOr in a quality dashboard like Sonar

Continuous integrationApache Maven

Continuous IntegrationSetup a continuous integration server to :Have a neutral and unmodified environment to run your testsQuickly react when The build fails (compilation failure for example)A test failsA quality metric is badContinuously improve the quality of your project and your productivityMany productsHudson, Bamboo, TeamCity, Continuum, Cruisecontrol, …

Good & bad practicesApache Maven

K.I.S.S.Keep It Simple, StupidStart from scratchDo not copy/paste what you find without understandingUse only what you needIt’s not because maven offers many features that you need to use themFilteringModulesProfiles…

PROJECT ORGANIZATIONGOOD & BAD PracticesApache Maven

Project bad practicesIgnore Maven conventionsExcept if your are migrating from something else and the target has to be to follow them.Except if they are not compatible with your IDEDifferent versions in sub-modulesIn that case they are standalone projects.Too many inheritance levelsIt makes the POMsmaintenance more complexWhere should I set this plugin parameter ? In which parent ?

Project bad practicesHave too many modulesIs there a good reason ?Technical constraint ?Team organization ?It increases the build timeMany more artifacts to generateDependencies resolution more complexIt involves more complex developmentsMore modules to import in your IDEMore modules to update …

Project good practicesUse the default inheritance :The reactor project is also the parent of its modules.Configuration is easier :No need to redefine SCM settings, site distribution settings …

POM GOOD & BAD PracticesApache Maven

POM bad practicesDependencies :DON’T confuse dependencies and dependencyManagementPlugins :DON’T confuse plugins and pluginManagementDON’T use AntRunplugin everywhereDON’T let Maven choose plugins versions for you

POM bad practicesProfiles :DON’T create environment dependant buildsDON’T rely on dependencies coming from profiles (there is no transitive activation of profiles)Reporting and qualityDON’T activate on an existing project all reports with default configurationDON’T control formatting rules without giving settings for IDEs.DON’T put everything you find in your POM.

POM good practicesSet versions of dependencies in project parent’s dependencyManagementSet dependencies (groupId, artifactId, scope) in each module they are usedUse the dependency plugin (from apache) and versions plugin (from mojo) to analyze, cleanup and update your dependencies.

Development good & bad practicesApache Maven

Development bad practicesDON’T spend your time in the terminal,DON’T exchange libraries through emails,DON’T always use "-Dmaven.test.skip=true” DON’T manually do releases

Development good practicesKeep up-to-date your version of MavenFor example in 2.1 the time of dependencies/modules resolution decreased a lot (Initialization of a project of 150 modules passed from 8 minutes to less than 1)Use the reactor plugin (Maven < 2.1) or native reactor command line options (Maven >= 2.1) to rebuild only a subpart of your project :All modules depending on module XXXAll modules used to build XXX Try to not use Maven features not supported by your IDE (resources filtering with the plugineclipse:eclipse)

Secure your credentialsApache Maven

Secure your credentialsGenerate a private keyarnaud@leopard:~$ mvn--encrypt-master-passwordtoto{dZPuZ74YTJ0HnWHGm4zgfDlruYQNda1xib9vAVf2vvY=}We save the private key in ~/.m2/settings-security.xml<settingssecurity><master>{dZPuZ74YTJ0HnWHGm4zgfDlruYQNda1xib9vAVf2vvY=}</master></settingssecurity>

Secure your credentialsYou can move this key to another drive~/.m2/settings.xml<settingssecurity><relocation>/Volumes/ArnaudUsbKey/secure/settings-security.xml</relocation></settingssecurity>You create an encrypted version of your server passwordarnaud@leopard:~$ mvn--encrypt-password titi{SbC9Fl2jA4oHZtz5Fcefp2q1tMXEtBkz9QiKljPiHss=}You register it in your settings<settings> ... <servers> ... <server> <id>mon.server</id> <username>arnaud</username> <password>{SbC9Fl2jA4oHZtz5Fcefp2q1tMXEtBkz9QiKljPiHss=}</password> </server> ... </servers> ...</settings>

Build a part of Your ProjectApache Maven

Reactor options (Maven > 2.1)

ReleasE Your projectApache Maven

Release of awebappin 2002Limited usage of eclipseNoWTP (Onlysomefeaturesin WSAD),Noabilitytoproduce WARs

Release of a webapp in 2002Many manual tasksModify settings filesPackage JARsCopy libraries (external and internal) in a « lib » directoryPackage WAR (often with a zip command)Tag the code (CVS)Send the package on the integration server using FTPDeploy the package with AS console

Release of a webapp in 2002One problem : The are always problemsError in config filesMissing dependenciesMissing fileLast minute fix which created a bugAnd many other possibilies ..How long did it take ?When everything is ok : 15 minutesWhen there’s a problem : ½ day or more

Maven Release PluginAutomates the release process from tagging sources to binaries deliveryRelease plugin main goals:Prepare : To update maven versions and information in POMs and tag the codePerform : To deploy binaries in a maven repositoryAfter that you can just automate the deployment on the AS using cargo for example.

Configuration and PrerequisitesProject version (must be a SNAPSHOT version)Dependencies and plugins versions mustn’t be SNAPSHOTs

SCM configurationSCM binaries have to be in the PATHSCM credentials have to already be stored or you have to pass them in command line with :–Dusername=XXX –Dpassword=XXX<scm> <connection>scm:svn:http://svn.exoplatform.org/projects/parent/trunk </connection> <developerConnection>scm:svn:http://svn.exoplatform.org/projects/parent/trunk </developerConnection> <url> http://fisheye.exoplatform.org/browse/projects/parent/trunk </url></scm>

Distribution Management<project> <distributionManagement> <repository> <id>repository.exoplatform.org</id> <url>${exo.releases.repo.url}</url> </repository> . . . </distributionManagement> . . . <properties><exo.releases.repo.url>http://repository.exoplatform.org/content/repositories/exo-releases </exo.releases.repo.url> . . . </properties></project>

Repository credentials<settings> <servers> <server> <!–- id must be the one used in distributionManagement --> <id>repository.exoplatform.org</id> <username>aheritier</username> <password>{ABCDEFGHIJKLMNOPQRSTUVWYZ}</password> </server> </servers></settings>

Default Release Profile in Super POM<profile> <id>release-profile</id> <activation> <property> <name>performRelease</name> <value>true</value> </property> </activation> <build> <plugins> <!–- Configuration to generate sources and javadoc jars --> ... </plugins> </build></profile>

Custom release profile<project> ... <build> <pluginManagement> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-release-plugin</artifactId> <version>2.0-beta-9</version> <configuration> <useReleaseProfile>false</useReleaseProfile> <arguments>-Pmyreleaseprofile</arguments> </configuration> </plugin> </plugins> </pluginManagement> </build>... <profiles> <profile> <id>myreleaseprofile</id> <build> <!-– what you want to customize the behavior of the build when you do a release --> </build> </profile> </profiles> ...</project>

Troubleshooting ReleasesCommon errorsduring release:Buildwith release profile wastestedbefore and failsLocal modificationsCurrent version is not a SNAPSHOTSNAPSHOTs in dependencies and/or pluginsMissingsome configuration (scm, distribMgt, …)Tag alreadyexistsUnable to deployproject to the RepositoryConnectionproblems

Some links The main web site :http://maven.apache.orgProject’s team wiki :http://docs.codehaus.org/display/MAVENProject’suserswiki :http://docs.codehaus.org/display/MAVENUSER

BooksSonatype / O’Reilly :The Definitive Guidehttp://www.sonatype.com/booksFree downloadAvailable in several languagesSoon in French

BooksExist GlobalBetter builds with Mavenhttp://www.maestrodev.com/better-build-mavenFree download

BooksNicolas De loofArnaud HéritierPublished by PearsonCollection RéférenceBased on our own experiences with Maven. From beginners to experts.In French onlyAvailable on 20th November

SupportMailing listshttp://maven.apache.org/mail-lists.htmlIRCirc.codehaus.org - #mavenForumshttp://www.developpez.net/ forum mavenIn FrenchDedicated supportSonatype and some others companies

Back to the FutureApache Maven

Apache Maven 2.0.xbugs fixLast release : 2.0.10No 2.0.11 planned

Apache Maven 2.xEvolutions, new featuresSeveral important new features in 2.1 likeParallel downloadsEncrypted passwordsLast release : 2.2.12.2.2 in few months, 2.3 in 2010

Apache Maven 3.xDo not be afraid !!!!!Not final before at least one yearFull compatibility with maven 2.x projects

Apache Maven 3.xWhat’s new :How POMs are constructedHow the lifecycle is executedHow the plugin manager executesHow artifacts are resolvedHow it can be embeddedHow dependency injection is done

Apache Maven 3.xWhat it will change for maven users ?Any-source POMVersionless parent elementsMixins : a compositional form of Maven POM configurationBetter IDE integrationError & integrityreportingMuch improvederrorreportingwherewewillprovide links to each identifiable problemwe know of. There are currently 42 commonthingsthatcan go wrong.Don'tallowbuildswhere versions come fromnon-project sources like local settings and CLI parametersDon'tallowbuildswhere versions come from profiles that have to beactivatedmanually

Apache Maven 3.xWhat it will changefor maven developers ?Lifecycle extension pointsPlugin extension pointsIncremental build supportQueryable lifecycleExtensible reporting

Users community90 days statisticsNumber of subscribers in blueNumber of messages per day in red1780 subscribers on users mailing list

The team60 committers,More than 30 active since the beginning of the year,Several organizations like Sonatype, deliver resources and professional support,A community less isolated : more interactions with Eclipse, Jetty,

CompetitorsAnt + Ivy, Easy Ant, Gant, Graddle, Buildr…Script orientedYou can do what you want !Reuse many of Maven conventions (directories layout, …) and services (repositories) but without enforcing themThe risk for them :Not being able to evolve due to the too high level of customization proposed to the user.We tried on Maven 1 and it died because of that.It’s like providing a framework without public API.

ConclusionToday, Maven is widely adopted in corporate environments,It provides many services,It has an important and really active community of users and developersMany resources to learn to use it and a professional support are availableA product probably far from being perfect but on rails for the futureMany things to doWe need you !

Licence et copyrightsPhotos and logos belong to their respective authors/ownersContent underCreative Commons 3.0Attribution — You must attribute the work in the mannerspecified by the author or licensor (but not in anywaythatsuggeststhattheyendorseyou or your use of the work).Noncommercial — You may not use thiswork for commercial purposes.ShareAlike — If you alter, transform, or builduponthiswork, youmaydistribute the resultingworkonlyunder the same or similarlicense to this one.http://creativecommons.org/licenses/by-nc-sa/3.0/us/

20091112 - Mars Jug - Apache Maven

More Related Content

What's hot

Viewers also liked

Similar to 20091112 - Mars Jug - Apache Maven

More from Arnaud Héritier

Recently uploaded

20091112 - Mars Jug - Apache Maven