20091112 - mars jug - apache maven

Apache MavenMarsJUG

Arnaud Héritier

eXo platform

Software Factory Manager

Licensed under a Creative Commons license

Arnaud Héritier

● Committer since 2004 and member of the Project Management Committee

● Coauthor of « Apache Maven » published by Pearson (in French)

● Software Factory Manager at eXo platform In charge of tools and

methods


OVERVIEWApache Maven


BASICSApache Maven

4


Definition● Apache Maven is a software project management

and comprehension tool. ● Based on the concept of a project object model

(POM), Maven can manage a project's build, binaries, reporting and documentation from a central piece of information.

● Apache Maven is a command line tool with some IDE integrations.


Conventions● 1 project = 1 artifact (pom, jar, war, ear, …)

● Standardized directories layout project descriptor (POM) build lifecycle

6


POM● An XML file (pom.xml)

● Describing Project identification Project version Project description Build settings Dependencies …

<?xml version="1.0" encoding="UTF-8"?>

<project>

<modelVersion>4.0.0</modelVersion>

<groupId>org.apache.maven</groupId>

<artifactId>webapp-sample</artifactId>

<version>1.1-SNAPSHOT</version>

<packaging>war</packaging>

<name>Simple webapp</name>

<inceptionYear>2007</inceptionYear>

<dependencies>

<dependency>

<groupId>org.springframework</groupId>

<artifactId>spring-struts</artifactId>

<version>2.0.2</version>

</dependency>

...

</dependencies>

</project>


Without Maven With Maven

Dependencies


Dependencies● Declaratives

groupId + artifactId + version (+ classifier) Type (packaging) : jar, war, pom, ear, …

● Transitives Lib A needs Lib B Lib B needs Lib C Thus Lib A needs Lib C


Dependencies● Scope

Compile (by default) : Required to build and run the application

Runtime : not required to build the application but needed at runtime

● Ex : taglibs Provided : required to build the application but not

needed at runtime (provided by the container)● Ex : Servlet API, Driver SGBD, …

Test : required to build and launch tests but not needed by the application itself to build and run

● Ex : Junit, TestNG, DbUnit, … System : local library with absolute path

● Ex : software products


Artifact Repository● By default :

A central repository● http://repo1.maven.org/maven

2● Several dozen of Gb of OSS

libraries A local repository

● ${user.home}/.m2/repository● All artifacts

Used by maven and its plugins

Used by your projects (dependencies)

Produced by your projects

http://repo1.maven.org/maven2

http://repo1.maven.org/maven2


Artifact Repository● By default Maven

downloads artifacts required by the project or itself from central

● Downloaded artifacts are stored in the local repository


Versions● Project and dependency versions● Two different version variants

SNAPSHOT version● The version number ends with –SNAPSHOT● The project is in development ● Deliveries are changing over the time and are overridden

after each build● Artifacts are deployed with a timestamp on remote

repositories RELEASE version

● The version number doesn’t end with –SNAPSHOT● Binaries won’t change


Versions


Versions● About SNAPSHOT dependencies

Maven allows the configuration of an update policy. The update policy defines the recurrence of checks if there is a new SNAPSHOT version available on the remote repository :

● always● daily (by default)● interval:X (a given period in minutes)● never

Must not be used in a released project● They can change thus the release also


Versions

● Range From … to … Maven automatically searches for the corresponding

version (using the update policy for released artifacts) To use with caution

● Risk of non reproducibility of the build● Risk of side effects on projects depending on yours.


Reactorpom.xml :<modules>

<module>moduleA</module>

<module>moduleC</module>

<module>moduleB</module>

</modules>

● Ability of Maven to build several sub-modules resolving the order of their dependencies

● Modules have to be defined in the POM For a performance reasons


Inheritence● Share settings between

projects/modules● Project

Business1● Jar● War

Business2● Jar● War

● By default the parent project is supposed to be in the parent directory (../)

pom.xml for module Jar1<parent>

<groupId>X.Y.Z</groupId>

<artifactId>jars</artifactId>

<version>1.0-SNAPSHOT<version>

</parent>


Build Lifecycle And Plugins● Plugin based architecture

for a great extensibility● Standardized lifecycle to

build all types of archetypes


WHY DOES A PROJECT CHOOSE MAVEN?

Apache Maven


Maven, the project’s choice● Application’s architecture

The project has the freedom to divide the application in modules

Maven doesn’t limit the evolution of the application architecture

● Dependencies management Declarative : Maven automatically downloads them and

builds the classpath Transitive : We define only what the module needs

itself


Maven, the project’s choice● Centralizes and automates

all development facets (build, tests, releases)

● One thing it cannot do for you : to develop

Builds Tests Packages Deploys Documents Checks and reports about

the quality of developments


WHY DOES A COMPANY CHOOSE MAVEN?

Apache Maven


Maven, the corporate’s choice● Widely adopted and known

Many developers● Developments are standardized● Decrease of costs

Reuse of knowledge Reuse of configuration fragments Reuse of process and code fragments

● Product quality improvement Reports and monitoring


ECOSYSTEMApache Maven


Maven’s ecosytem● Maven alone is nothing● You can integrate it with many tools


REPOSITORY MANAGERSApache Maven


Repository Managers● Basic services

Search artifacts Browse repositories Proxy external repositories Host internal repositories Security

● Several products Sonatype Nexus (replaced

Proximity) Jfrog Artifactory Apache Archiva


Secure your builds● Deploy a repository manager to proxy externals

repositories to : Avoid external network outages Avoid external repository unavailabilities To reduce your company’s external network usage To increase the speed of artifact downloads

● Additional services offered by such servers : Artifacts procurement to filter what is coming from the

outside Staging repository to validate your release before

deploying it

Setup a global mirror<settings> <mirrors> <mirror>  <id>global-mirror</id> <mirrorOf>external:*</mirrorOf> <url>http://repository.exoplatform.org/content/groups/all</url> </mirror> </mirrors> <profiles> <profile> <id>mirror</id>   <repositories> <repository> <id>central</id> <url>http://central</url> <releases><enabled>true</enabled></releases> <snapshots><enabled>true</enabled></snapshots> </repository> </repositories> <pluginRepositories> <pluginRepository> <id>central</id> <url>http://central</url> <releases><enabled>true</enabled></releases> <snapshots><enabled>true</enabled></snapshots> </pluginRepository> </pluginRepositories> </profile> </profiles> <activeProfiles>  <activeProfile>mirror</activeProfile> </activeProfiles></settings>


QUALITY MANAGEMENTApache Maven


Automate tests● Use automated tests as often as you can● Many tools are available through Maven

JUnit, TestNG – unit tests, Selenium, Canoo – web GUI test, Fitnesse, Greenpepper – functional tests, SoapUI – web services tests JMeter – performances tests And many more frameworks are available to reply your

needs


Quality Metrics● Extract quality metrics from your project and monitor

them : Code style (CheckStyle) Bad practices or potential bugs (PMD, FindBugs, Clirr) Tests coverage (Cobertura, Emma, Clover) …

● You can use blocking rules For example, I break the build if the upward compatibility

of public APIs is broken● You can use reports

Reports are available in a web site generated by Maven Or in a quality dashboard like Sonar


Dependency Report


Sonar Dashboard


CONTINUOUS INTEGRATIONApache Maven


Continuous Integration● Setup a continuous integration server to :

Have a neutral and unmodified environment to run your tests

Quickly react when ● The build fails (compilation failure for example)● A test fails● A quality metric is bad

Continuously improve the quality of your project and your productivity

● Many products Hudson, Bamboo, TeamCity, Continuum, Cruisecontrol,

…


Hudson


GOOD & BAD PRACTICESApache Maven


KISSApache Maven


K.I.S.S.● Keep It Simple, Stupid● Start from scratch

Do not copy/paste what you find without understanding● Use only what you need

It’s not because maven offers many features that you need to use them

● Filtering● Modules● Profiles● …


PROJECT ORGANIZATIONGOOD & BAD PRACTICES

Apache Maven


Project bad practices● Ignore Maven conventions

Except if your are migrating from something else and the target has to be to follow them.

Except if they are not compatible with your IDE● Different versions in sub-modules

In that case they are standalone projects.● Too many inheritance levels

It makes the POMs maintenance more complex Where should I set this plugin parameter ? In which parent ?


Project bad practices● Have too many modules

Is there a good reason ?● Technical constraint ?● Team organization ?

It increases the build time● Many more artifacts to generate● Dependencies resolution more complex

It involves more complex developments● More modules to import in your IDE● More modules to update …


Project good practices● Use the default inheritance

: The reactor project is also

the parent of its modules. Configuration is easier :

● No need to redefine SCM settings, site distribution settings …


POM GOOD & BAD PRACTICESApache Maven


POM bad practices● Dependencies :

DON’T confuse dependencies and dependencyManagement

● Plugins : DON’T confuse plugins and pluginManagement DON’T use AntRun plugin everywhere DON’T let Maven choose plugins versions for you


POM bad practices● Profiles :

DON’T create environment dependant builds DON’T rely on dependencies coming from profiles

(there is no transitive activation of profiles)● Reporting and quality

DON’T activate on an existing project all reports with default configuration

DON’T control formatting rules without giving settings for IDEs.

● DON’T put everything you find in your POM.


POM good practices● Set versions of dependencies in project parent’s

dependencyManagement● Set dependencies (groupId, artifactId, scope) in

each module they are used● Use the dependency plugin (from apache) and

versions plugin (from mojo) to analyze, cleanup and update your dependencies.


DEVELOPMENT GOOD & BAD PRACTICES

Apache Maven


Development bad practices● DON’T spend your time in the terminal,● DON’T exchange libraries through emails,● DON’T always use "-Dmaven.test.skip=true” ● DON’T manually do releases


Development good practices● Keep up-to-date your version of Maven

For example in 2.1 the time of dependencies/modules resolution decreased a lot (Initialization of a project of 150 modules passed from 8 minutes to less than 1)

● Use the reactor plugin (Maven < 2.1) or native reactor command line options (Maven >= 2.1) to rebuild only a subpart of your project : All modules depending on module XXX All modules used to build XXX

● Try to not use Maven features not supported by your IDE (resources filtering with the plugin eclipse:eclipse)


USECASESApache Maven


SECURE YOUR CREDENTIALSApache Maven


Secure your credentials● Generate a private key

arnaud@leopard:~$ mvn --encrypt-master-password toto{dZPuZ74YTJ0HnWHGm4zgfDlruYQNda1xib9vAVf2vvY=}

● We save the private key in ~/.m2/settings-security.xml<settingssecurity><master>{dZPuZ74YTJ0HnWHGm4zgfDlruYQNda1xib9vAVf2vvY=}</master></settingssecurity>


Secure your credentials● You can move this key to another drive ~/.m2/settings.xml

<settingssecurity><relocation>/Volumes/ArnaudUsbKey/secure/settings-security.xml</relocation></settingssecurity>

● You create an encrypted version of your server passwordarnaud@leopard:~$ mvn --encrypt-password titi{SbC9Fl2jA4oHZtz5Fcefp2q1tMXEtBkz9QiKljPiHss=}

● You register it in your settings<settings> ... <servers> ... <server> <id>mon.server</id> <username>arnaud</username> <password>{SbC9Fl2jA4oHZtz5Fcefp2q1tMXEtBkz9QiKljPiHss=}</password> </server> ... </servers> ...</settings>


BUILD A PART OF YOUR PROJECTApache Maven


Reactor options (Maven > 2.1)


RELEASE YOUR PROJECTApache Maven


Release of a webapp in 2002● Limited usage of eclipse

No WTP (Only some features in WSAD), No ability to produce WARs


Release of a webapp in 2002● Many manual tasks

Modify settings files Package JARs Copy libraries (external and internal) in a « lib »

directory Package WAR (often with a zip command) Tag the code (CVS) Send the package on the integration server using FTP Deploy the package with AS console


Release of a webapp in 2002● One problem : The are

always problems Error in config files Missing dependencies Missing file Last minute fix which created a bug And many other possibilies ..

● How long did it take ? When everything is ok : 15

minutes When there’s a problem : ½

day or more


Maven Release Plugin● Automates the release process from tagging

sources to binaries delivery● Release plugin main goals:

Prepare : To update maven versions and information in POMs and tag the code

Perform : To deploy binaries in a maven repository● After that you can just automate the deployment on

the AS using cargo for example.


Maven Release Plugin


Configuration and Prerequisites● Project version (must be a SNAPSHOT version)● Dependencies and plugins versions mustn’t be

SNAPSHOTs


SCM configuration

<scm> <connection> scm:svn:http://svn.exoplatform.org/projects/parent/trunk </connection> <developerConnection> scm:svn:http://svn.exoplatform.org/projects/parent/trunk </developerConnection> <url> http://fisheye.exoplatform.org/browse/projects/parent/trunk </url></scm>

● SCM binaries have to be in the PATH● SCM credentials have to already be stored or you have to

pass them in command line with :–Dusername=XXX –Dpassword=XXX


Distribution Management<project>

<distributionManagement>

<repository>

<id>repository.exoplatform.org</id>

<url>${exo.releases.repo.url}</url>

</repository>

. . .

</distributionManagement>

. . .

<properties>

<exo.releases.repo.url>

http://repository.exoplatform.org/content/repositories/exo-releases

</exo.releases.repo.url>

. . .

</properties>

</project>


Repository credentials<settings>

<servers>

<server>

<!–- id must be the one used in distributionManagement -->

<id>repository.exoplatform.org</id>

<username>aheritier</username>

<password>{ABCDEFGHIJKLMNOPQRSTUVWYZ}</password>

</server>

</servers>

</settings>


Default Release Profile in Super POM<profile> <id>release-profile</id> <activation> <property> <name>performRelease</name> <value>true</value> </property> </activation> <build> <plugins> <!–- Configuration to generate sources and javadoc jars --> ... </plugins> </build></profile>


Custom release profile<project>

...

<build>

<pluginManagement>

<plugins>

<plugin>

<groupId>org.apache.maven.plugins</groupId>

<artifactId>maven-release-plugin</artifactId>

<version>2.0-beta-9</version>

<configuration>

<useReleaseProfile>false</useReleaseProfile>

<arguments>-Pmyreleaseprofile</arguments>

</configuration>

</plugin>

</plugins>

</pluginManagement>

</build>

...

<profiles>

<profile>

<id>myreleaseprofile</id>

<build>

<!-– what you want to customize the behavior of the build when you do a release -->

</build>

</profile>

</profiles>

...

</project>


Troubleshooting Releases● Common errors during release:

Build with release profile was tested before and fails Local modifications Current version is not a SNAPSHOT SNAPSHOTs in dependencies and/or plugins Missing some configuration (scm, distribMgt, …) Tag already exists Unable to deploy project to the Repository Connection problems


TO GO FURTHER …Apache Maven


DOCUMENTATIONSApache Maven


Some links● The main web site :

http://maven.apache.org● Project’s team wiki :

http://docs.codehaus.org/display/MAVEN● Project’s users wiki :

http://docs.codehaus.org/display/MAVENUSER


Books● Sonatype / O’Reilly :

The Definitive Guide http://www.sonatype.com/

books Free download Available in several

languages● Soon in French


Books● Exist Global

Better builds with Maven http://

www.maestrodev.com/better-build-maven

Free download


Books● Nicolas De loof

Arnaud Héritier Published by Pearson Collection Référence Based on our own

experiences with Maven. From beginners to experts.

In French only Available on 20th November


SUPPORTApache Maven


Support● Mailing lists

http://maven.apache.org/mail-lists.html● IRC

irc.codehaus.org - #maven● Forums

http://www.developpez.net/ forum maven In French

● Dedicated support Sonatype and some others companies


BACK TO THE FUTUREApache Maven


PRODUCTApache Maven


Apache Maven 2.0.x● bugs fix● Last release : 2.0.10● No 2.0.11 planned


Apache Maven 2.x● Evolutions, new features● Several important new features in 2.1 like

Parallel downloads Encrypted passwords

● Last release : 2.2.1● 2.2.2 in few months, 2.3 in 2010


Apache Maven 3.x● Do not be afraid !!!!!● Not final before at least

one year● Full compatibility with

maven 2.x projects


Apache Maven 3.x● What’s new :

How POMs are constructed How the lifecycle is executed How the plugin manager executes How artifacts are resolved How it can be embedded How dependency injection is done


Apache Maven 3.x● What it will change for maven users ?

Any-source POM Versionless parent elements Mixins : a compositional form of Maven POM

configuration Better IDE integration Error & integrity reporting

● Much improved error reporting where we will provide links to each identifiable problem we know of. There are currently 42 common things that can go wrong.

● Don't allow builds where versions come from non-project sources like local settings and CLI parameters

● Don't allow builds where versions come from profiles that have to be activated manually


Apache Maven 3.x● What it will change for maven developers ?

Lifecycle extension points Plugin extension points Incremental build support Queryable lifecycle Extensible reporting


COMMUNITYApache Maven


Users community

● 90 days statistics● Number of subscribers in blue● Number of messages per day in red

● 1780 subscribers on users mailing list


The web site


Dowloads

● Per month downloads


The team● 60 committers,● More than 30 active since the beginning of the

year,● Several organizations like Sonatype, deliver

resources and professional support,● A community less isolated : more interactions with

Eclipse, Jetty,


Commit Statistics


COMPETITORSApache Maven


Competitors● Ant + Ivy, Easy Ant, Gant, Graddle, Buildr…● Script oriented

You can do what you want !● Reuse many of Maven conventions (directories

layout, …) and services (repositories) but without enforcing them

● The risk for them : Not being able to evolve due to the too high level of

customization proposed to the user. We tried on Maven 1 and it died because of that. It’s like providing a framework without public API.


CONCLUSIONApache Maven


Conclusion● Today, Maven is widely adopted in corporate

environments,● It provides many services,● It has an important and really active community of

users and developers● Many resources to learn to use it and a

professional support are available● A product probably far from being perfect but on

rails for the future● Many things to do

We need you !


QUESTIONS ?Apache Maven


Licence et copyrights● Photos and logos belong to their respective

authors/owners● Content under Creative Commons 3.0

Attribution — You must attribute the work in the manner specified by the author or licensor (but not in any way that suggests that they endorse you or your use of the work).

Noncommercial — You may not use this work for commercial purposes.

Share Alike — If you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

● http://creativecommons.org/licenses/by-nc-sa/3.0/us/

20091112 - mars jug - apache maven

Technology