20091112 - Mars Jug - Apache Maven

Apache MavenMarsJUG Arnaud Héritier eXo platform Software Factory Manager

Arnaud Héritier Committer since 2004 and member of the Project Management Committee Coauthor of « Apache Maven » published by Pearson (in French) Software Factory Manager at eXo platform In charge of tools and methods

Definition Apache Maven is a software project management and comprehension tool. Based on the concept of a project object model (POM), Maven can manage a project's build, binaries, reporting and documentation from a central piece of information. Apache Maven is a command line tool with some IDE integrations.

Conventions 1 project = 1 artifact (pom, jar, war, ear, …) Standardized directories layout projectdescriptor (POM) buildlifecycle 6

POM An XML file (pom.xml) Describing Project identification Project version Project description Build settings Dependencies … <?xml version="1.0" encoding="UTF-8"?> <project> <modelVersion>4.0.0</modelVersion> <groupId>org.apache.maven</groupId> <artifactId>webapp-sample</artifactId> <version>1.1-SNAPSHOT</version> <packaging>war</packaging> <name>Simple webapp</name> <inceptionYear>2007</inceptionYear> <dependencies> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-struts</artifactId> <version>2.0.2</version> </dependency> ... </dependencies> </project>

WithoutMaven WithMaven Dependencies

Dependencies Declaratives groupId+artifactId+version (+ classifier) Type (packaging): jar, war, pom, ear, … Transitives LibAneedsLib B LibBneedsLib C ThusLibAneedsLib C

Dependencies Scope Compile (by default) : Required to build and run the application Runtime : not required to build theapplication but needed at runtime Ex : taglibs Provided : required to build theapplication but not needed at runtime (provided by the container) Ex : Servlet API, Driver SGBD, … Test : required to build and launch tests but not needed by theapplication itself to build and run Ex : Junit, TestNG, DbUnit, … System : local library with absolute path Ex : software products

ArtifactRepository By default : A central repository http://repo1.maven.org/maven2 Severaldozen of Gb of OSS libraries A local repository ${user.home}/.m2/repository All artifacts Used by maven and its plugins Used by yourprojects (dependencies) Produced by yourprojects

Artifact Repository By default Maven downloads artifacts required by the project or itself from central Downloaded artifacts are stored in the local repository

Versions Project and dependency versions Two different version variants SNAPSHOT version The version number ends with –SNAPSHOT The project is in development Deliveries are changing over the time and are overridden after each build Artifacts are deployed with a timestamp on remote repositories RELEASE version The version number doesn’t end with –SNAPSHOT Binaries won’t change

Versions About SNAPSHOT dependencies Maven allows the configuration of an update policy. The update policy defines the recurrence of checks if there is a new SNAPSHOT version available on the remote repository : always daily (by default) interval:X (a given period in minutes) never Must not be used in a released project They can change thus the release also 

Versions Range From … to … Maven automatically searches for the corresponding version (using the update policy for released artifacts) To use with caution Risk of non reproducibility of the build Risk of sideeffectson projects depending on yours.

Reactor pom.xml : <modules> <module>moduleA</module> <module>moduleC</module> <module>moduleB</module> </modules> Ability of Maven to build several sub-modules resolving the order of their dependencies Modules have to be defined in the POM For a performance reasons

Inheritence Share settings between projects/modules Project Business1 Jar War Business2 Jar War By default the parent project is supposed to be in the parent directory (../) pom.xml for module Jar1 <parent> <groupId>X.Y.Z</groupId> <artifactId>jars</artifactId> <version>1.0-SNAPSHOT<version> </parent>

BuildLifecycle And Plugins Plugin based architecture for a great extensibility Standardized lifecycle to build all types of archetypes

Whydoes a projectchooseMaven? Apache Maven

Maven, the project’s choice Application’s architecture The project has the freedom to divide the application in modules Maven doesn’t limit the evolution of the application architecture Dependencies management Declarative : Maven automatically downloads them and builds the classpath Transitive : We define only what the module needs itself

Maven, the project’s choice Centralizes and automates all development facets (build, tests, releases) One thing it cannot do for you : to develop  Builds Tests Packages Deploys Documents Checks and reports about the quality of developments

Whydoes a companychooseMaven? Apache Maven

Maven, the corporate’s choice Widely adopted and known Many developers Developments are standardized Decrease of costs Reuse of knowledge Reuse of configuration fragments Reuse of process and code fragments Product qualityimprovement Reports and monitoring

Maven’s ecosytem Mavenaloneisnothing You can integrate it with many tools

repository managerS Apache Maven

Repository Managers Basic services Search artifacts Browse repositories Proxy external repositories Host internal repositories Security Several products Sonatype Nexus (replaced Proximity) JfrogArtifactory Apache Archiva

Secure your builds Deploy a repository manager to proxy externals repositories to : Avoid external network outages Avoid external repository unavailabilities To reduce your company’s external network usage To increase the speed of artifact downloads Additional services offered by such servers : Artifacts procurement to filter what is coming from the outside Staging repository to validate your release before deploying it

Setup a global mirror <settings> <mirrors> <mirror>  <id>global-mirror</id> <mirrorOf>external:*</mirrorOf> <url>http://repository.exoplatform.org/content/groups/all</url> </mirror> </mirrors> <profiles> <profile> <id>mirror</id>   <repositories> <repository> <id>central</id> <url>http://central</url> <releases><enabled>true</enabled></releases> <snapshots><enabled>true</enabled></snapshots> </repository> </repositories> <pluginRepositories> <pluginRepository> <id>central</id> <url>http://central</url> <releases><enabled>true</enabled></releases> <snapshots><enabled>true</enabled></snapshots> </pluginRepository> </pluginRepositories> </profile> </profiles> <activeProfiles>  <activeProfile>mirror</activeProfile> </activeProfiles> </settings>

Quality management Apache Maven

Automate tests Use automated tests as often as you can Many tools are available through Maven JUnit, TestNG – unit tests, Selenium, Canoo – web GUI test, Fitnesse, Greenpepper – functional tests, SoapUI – web services tests JMeter– performances tests And many more frameworks are available to reply your needs

Quality Metrics Extract quality metrics from your project and monitor them : Code style (CheckStyle) Bad practices or potential bugs (PMD, FindBugs, Clirr) Tests coverage (Cobertura, Emma, Clover) … You can use blocking rules For example, I break the build if the upward compatibility of public APIs is broken You can use reports Reports are available in a web site generated by Maven Or in a quality dashboard like Sonar

Continuous integration Apache Maven

Continuous Integration Setup a continuous integration server to : Have a neutral and unmodified environment to run your tests Quickly react when The build fails (compilation failure for example) A test fails A quality metric is bad Continuously improve the quality of your project and your productivity Many products Hudson, Bamboo, TeamCity, Continuum, Cruisecontrol, …

Good & bad practices Apache Maven

K.I.S.S. Keep It Simple, Stupid Start from scratch Do not copy/paste what you find without understanding Use only what you need It’s not because maven offers many features that you need to use them Filtering Modules Profiles …

PROJECT ORGANIZATIONGOOD & BAD Practices Apache Maven

Project bad practices Ignore Maven conventions Except if your are migrating from something else and the target has to be to follow them. Except if they are not compatible with your IDE Different versions in sub-modules In that case they are standalone projects. Too many inheritance levels It makes the POMsmaintenance more complex Where should I set this plugin parameter ? In which parent ?

Project bad practices Have too many modules Is there a good reason ? Technical constraint ? Team organization ? It increases the build time Many more artifacts to generate Dependencies resolution more complex It involves more complex developments More modules to import in your IDE More modules to update …

Project good practices Use the default inheritance : The reactor project is also the parent of its modules. Configuration is easier : No need to redefine SCM settings, site distribution settings …

POM GOOD & BAD Practices Apache Maven

POM bad practices Dependencies : DON’T confuse dependencies and dependencyManagement Plugins : DON’T confuse plugins and pluginManagement DON’T use AntRunplugin everywhere DON’T let Maven choose plugins versions for you

POM bad practices Profiles : DON’T create environment dependant builds DON’T rely on dependencies coming from profiles (there is no transitive activation of profiles) Reporting and quality DON’T activate on an existing project all reports with default configuration DON’T control formatting rules without giving settings for IDEs. DON’T put everything you find in your POM.

POM good practices Set versions of dependencies in project parent’s dependencyManagement Set dependencies (groupId, artifactId, scope) in each module they are used Use the dependency plugin (from apache) and versions plugin (from mojo) to analyze, cleanup and update your dependencies.

Development good & bad practices Apache Maven

Development bad practices DON’T spend your time in the terminal, DON’T exchange libraries through emails, DON’T always use "-Dmaven.test.skip=true” DON’T manually do releases

Development good practices Keep up-to-date your version of Maven For example in 2.1 the time of dependencies/modules resolution decreased a lot (Initialization of a project of 150 modules passed from 8 minutes to less than 1) Use the reactor plugin (Maven < 2.1) or native reactor command line options (Maven >= 2.1) to rebuild only a subpart of your project : All modules depending on module XXX All modules used to build XXX Try to not use Maven features not supported by your IDE (resources filtering with the plugineclipse:eclipse)

Secure your credentials Apache Maven

Secure your credentials Generate a private keyarnaud@leopard:~$ mvn--encrypt-master-passwordtoto{dZPuZ74YTJ0HnWHGm4zgfDlruYQNda1xib9vAVf2vvY=} We save the private key in ~/.m2/settings-security.xml<settingssecurity><master>{dZPuZ74YTJ0HnWHGm4zgfDlruYQNda1xib9vAVf2vvY=}</master></settingssecurity>

Secure your credentials You can move this key to another drive~/.m2/settings.xml<settingssecurity><relocation>/Volumes/ArnaudUsbKey/secure/settings-security.xml</relocation></settingssecurity> You create an encrypted version of your server passwordarnaud@leopard:~$ mvn--encrypt-password titi{SbC9Fl2jA4oHZtz5Fcefp2q1tMXEtBkz9QiKljPiHss=} You register it in your settings<settings> ... <servers> ... <server> <id>mon.server</id> <username>arnaud</username> <password>{SbC9Fl2jA4oHZtz5Fcefp2q1tMXEtBkz9QiKljPiHss=}</password> </server> ... </servers> ...</settings>

Build a part of Your Project Apache Maven

Reactor options (Maven > 2.1)

ReleasE Your project Apache Maven

Release of awebappin 2002 Limited usage of eclipse NoWTP (Onlysomefeaturesin WSAD), Noabilitytoproduce WARs

Release of a webapp in 2002 Many manual tasks Modify settings files Package JARs Copy libraries (external and internal) in a « lib » directory Package WAR (often with a zip command) Tag the code (CVS) Send the package on the integration server using FTP Deploy the package with AS console

Release of a webapp in 2002 One problem : The are always problems Error in config files Missing dependencies Missing file Last minute fix which created a bug And many other possibilies .. How long did it take ? When everything is ok : 15 minutes When there’s a problem : ½ day or more

Maven Release Plugin Automates the release process from tagging sources to binaries delivery Release plugin main goals: Prepare : To update maven versions and information in POMs and tag the code Perform : To deploy binaries in a maven repository After that you can just automate the deployment on the AS using cargo for example.

Configuration and Prerequisites Project version (must be a SNAPSHOT version) Dependencies and plugins versions mustn’t be SNAPSHOTs

SCM configuration SCM binaries have to be in the PATH SCM credentials have to already be stored or you have to pass them in command line with :–Dusername=XXX –Dpassword=XXX <scm> <connection> scm:svn:http://svn.exoplatform.org/projects/parent/trunk </connection> <developerConnection> scm:svn:http://svn.exoplatform.org/projects/parent/trunk </developerConnection> <url> http://fisheye.exoplatform.org/browse/projects/parent/trunk </url> </scm>

Distribution Management <project> <distributionManagement> <repository> <id>repository.exoplatform.org</id> <url>${exo.releases.repo.url}</url> </repository> . . . </distributionManagement> . . . <properties> <exo.releases.repo.url> http://repository.exoplatform.org/content/repositories/exo-releases </exo.releases.repo.url> . . . </properties> </project>

Repository credentials <settings> <servers> <server> <!–- id must be the one used in distributionManagement --> <id>repository.exoplatform.org</id> <username>aheritier</username> <password>{ABCDEFGHIJKLMNOPQRSTUVWYZ}</password> </server> </servers> </settings>

Default Release Profile in Super POM <profile> <id>release-profile</id> <activation> <property> <name>performRelease</name> <value>true</value> </property> </activation> <build> <plugins> <!–- Configuration to generate sources and javadoc jars --> ... </plugins> </build> </profile>

Custom release profile <project> ... <build> <pluginManagement> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-release-plugin</artifactId> <version>2.0-beta-9</version> <configuration> <useReleaseProfile>false</useReleaseProfile> <arguments>-Pmyreleaseprofile</arguments> </configuration> </plugin> </plugins> </pluginManagement> </build> ... <profiles> <profile> <id>myreleaseprofile</id> <build> <!-– what you want to customize the behavior of the build when you do a release --> </build> </profile> </profiles> ... </project>

Troubleshooting Releases Common errorsduring release: Buildwith release profile wastestedbefore and fails Local modifications Current version is not a SNAPSHOT SNAPSHOTs in dependencies and/or plugins Missingsome configuration (scm, distribMgt, …) Tag alreadyexists Unable to deployproject to the Repository Connectionproblems

To go Further … Apache Maven

Some links The main web site : http://maven.apache.org Project’s team wiki : http://docs.codehaus.org/display/MAVEN Project’suserswiki : http://docs.codehaus.org/display/MAVENUSER

Books Sonatype / O’Reilly : The Definitive Guide http://www.sonatype.com/books Free download Available in several languages Soon in French

Books Exist Global Better builds with Maven http://www.maestrodev.com/better-build-maven Free download

Books Nicolas De loofArnaud Héritier Published by Pearson Collection Référence Based on our own experiences with Maven. From beginners to experts. In French only Available on 20th November

Support Mailing lists http://maven.apache.org/mail-lists.html IRC irc.codehaus.org - #maven Forums http://www.developpez.net/ forum maven In French Dedicated support Sonatype and some others companies

Back to the Future Apache Maven

Apache Maven 2.0.x bugs fix Last release : 2.0.10 No 2.0.11 planned

Apache Maven 2.x Evolutions, new features Several important new features in 2.1 like Parallel downloads Encrypted passwords Last release : 2.2.1 2.2.2 in few months, 2.3 in 2010

Apache Maven 3.x Do not be afraid !!!!! Not final before at least one year Full compatibility with maven 2.x projects

Apache Maven 3.x What’s new : How POMs are constructed How the lifecycle is executed How the plugin manager executes How artifacts are resolved How it can be embedded How dependency injection is done

Apache Maven 3.x What it will change for maven users ? Any-source POM Versionless parent elements Mixins : a compositional form of Maven POM configuration Better IDE integration Error & integrityreporting Much improvederrorreportingwherewewillprovide links to each identifiable problemwe know of. There are currently 42 commonthingsthatcan go wrong. Don'tallowbuildswhere versions come fromnon-project sources like local settings and CLI parameters Don'tallowbuildswhere versions come from profiles that have to beactivatedmanually

Apache Maven 3.x What it will changefor maven developers ? Lifecycle extension points Plugin extension points Incremental build support Queryable lifecycle Extensible reporting

Users community 90 days statistics Number of subscribers in blue Number of messages per day in red 1780 subscribers on users mailing list

The team 60 committers, More than 30 active since the beginning of the year, Several organizations like Sonatype, deliver resources and professional support, A community less isolated : more interactions with Eclipse, Jetty,

Competitors Ant + Ivy, Easy Ant, Gant, Graddle, Buildr… Script oriented You can do what you want ! Reuse many of Maven conventions (directories layout, …) and services (repositories) but without enforcing them The risk for them : Not being able to evolve due to the too high level of customization proposed to the user. We tried on Maven 1 and it died because of that. It’s like providing a framework without public API.

Conclusion Today, Maven is widely adopted in corporate environments, It provides many services, It has an important and really active community of users and developers Many resources to learn to use it and a professional support are available A product probably far from being perfect but on rails for the future Many things to do We need you !

Licence et copyrights Photos and logos belong to their respective authors/owners Content underCreative Commons 3.0 Attribution — You must attribute the work in the mannerspecified by the author or licensor (but not in anywaythatsuggeststhattheyendorseyou or your use of the work). Noncommercial — You may not use thiswork for commercial purposes. ShareAlike — If you alter, transform, or builduponthiswork, youmaydistribute the resultingworkonlyunder the same or similarlicense to this one. http://creativecommons.org/licenses/by-nc-sa/3.0/us/

20091112 - Mars Jug - Apache Maven

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to 20091112 - Mars Jug - Apache Maven

Similar to 20091112 - Mars Jug - Apache Maven (20)

More from Arnaud Héritier

More from Arnaud Héritier (20)

Recently uploaded

Recently uploaded (20)

20091112 - Mars Jug - Apache Maven