20091112 - mars jug - apache maven
DESCRIPTION
MarsJUG - 12 Nov 2009 - Apache MavenTRANSCRIPT
Apache MavenMarsJUG
Arnaud Héritier
eXo platform
Software Factory Manager
Licensed under a Creative Commons license
Arnaud Héritier
● Committer since 2004 and member of the Project Management Committee
● Coauthor of « Apache Maven » published by Pearson (in French)
● Software Factory Manager at eXo platform In charge of tools and
methods
Licensed under a Creative Commons license
OVERVIEWApache Maven
Licensed under a Creative Commons license
BASICSApache Maven
4
Licensed under a Creative Commons license
Definition● Apache Maven is a software project management
and comprehension tool. ● Based on the concept of a project object model
(POM), Maven can manage a project's build, binaries, reporting and documentation from a central piece of information.
● Apache Maven is a command line tool with some IDE integrations.
Licensed under a Creative Commons license
Conventions● 1 project = 1 artifact (pom, jar, war, ear, …)
● Standardized directories layout project descriptor (POM) build lifecycle
6
Licensed under a Creative Commons license
POM● An XML file (pom.xml)
● Describing Project identification Project version Project description Build settings Dependencies …
<?xml version="1.0" encoding="UTF-8"?>
<project>
<modelVersion>4.0.0</modelVersion>
<groupId>org.apache.maven</groupId>
<artifactId>webapp-sample</artifactId>
<version>1.1-SNAPSHOT</version>
<packaging>war</packaging>
<name>Simple webapp</name>
<inceptionYear>2007</inceptionYear>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-struts</artifactId>
<version>2.0.2</version>
</dependency>
...
</dependencies>
</project>
Licensed under a Creative Commons license
Without Maven With Maven
Dependencies
Licensed under a Creative Commons license
Dependencies● Declaratives
groupId + artifactId + version (+ classifier) Type (packaging) : jar, war, pom, ear, …
● Transitives Lib A needs Lib B Lib B needs Lib C Thus Lib A needs Lib C
Licensed under a Creative Commons license
Dependencies● Scope
Compile (by default) : Required to build and run the application
Runtime : not required to build the application but needed at runtime
● Ex : taglibs Provided : required to build the application but not
needed at runtime (provided by the container)● Ex : Servlet API, Driver SGBD, …
Test : required to build and launch tests but not needed by the application itself to build and run
● Ex : Junit, TestNG, DbUnit, … System : local library with absolute path
● Ex : software products
Licensed under a Creative Commons license
Artifact Repository● By default :
A central repository● http://repo1.maven.org/maven
2● Several dozen of Gb of OSS
libraries A local repository
● ${user.home}/.m2/repository● All artifacts
Used by maven and its plugins
Used by your projects (dependencies)
Produced by your projects
Licensed under a Creative Commons license
Artifact Repository● By default Maven
downloads artifacts required by the project or itself from central
● Downloaded artifacts are stored in the local repository
Licensed under a Creative Commons license
Versions● Project and dependency versions● Two different version variants
SNAPSHOT version● The version number ends with –SNAPSHOT● The project is in development ● Deliveries are changing over the time and are overridden
after each build● Artifacts are deployed with a timestamp on remote
repositories RELEASE version
● The version number doesn’t end with –SNAPSHOT● Binaries won’t change
Licensed under a Creative Commons license
Versions
Licensed under a Creative Commons license
Versions● About SNAPSHOT dependencies
Maven allows the configuration of an update policy. The update policy defines the recurrence of checks if there is a new SNAPSHOT version available on the remote repository :
● always● daily (by default)● interval:X (a given period in minutes)● never
Must not be used in a released project● They can change thus the release also
Licensed under a Creative Commons license
Versions
● Range From … to … Maven automatically searches for the corresponding
version (using the update policy for released artifacts) To use with caution
● Risk of non reproducibility of the build● Risk of side effects on projects depending on yours.
Licensed under a Creative Commons license
Reactorpom.xml :<modules>
<module>moduleA</module>
<module>moduleC</module>
<module>moduleB</module>
</modules>
● Ability of Maven to build several sub-modules resolving the order of their dependencies
● Modules have to be defined in the POM For a performance reasons
Licensed under a Creative Commons license
Inheritence● Share settings between
projects/modules● Project
Business1● Jar● War
Business2● Jar● War
● By default the parent project is supposed to be in the parent directory (../)
pom.xml for module Jar1<parent>
<groupId>X.Y.Z</groupId>
<artifactId>jars</artifactId>
<version>1.0-SNAPSHOT<version>
</parent>
Licensed under a Creative Commons license
Build Lifecycle And Plugins● Plugin based architecture
for a great extensibility● Standardized lifecycle to
build all types of archetypes
Licensed under a Creative Commons license
WHY DOES A PROJECT CHOOSE MAVEN?
Apache Maven
Licensed under a Creative Commons license
Maven, the project’s choice● Application’s architecture
The project has the freedom to divide the application in modules
Maven doesn’t limit the evolution of the application architecture
● Dependencies management Declarative : Maven automatically downloads them and
builds the classpath Transitive : We define only what the module needs
itself
Licensed under a Creative Commons license
Maven, the project’s choice● Centralizes and automates
all development facets (build, tests, releases)
● One thing it cannot do for you : to develop
Builds Tests Packages Deploys Documents Checks and reports about
the quality of developments
Licensed under a Creative Commons license
WHY DOES A COMPANY CHOOSE MAVEN?
Apache Maven
Licensed under a Creative Commons license
Maven, the corporate’s choice● Widely adopted and known
Many developers● Developments are standardized● Decrease of costs
Reuse of knowledge Reuse of configuration fragments Reuse of process and code fragments
● Product quality improvement Reports and monitoring
Licensed under a Creative Commons license
ECOSYSTEMApache Maven
Licensed under a Creative Commons license
Maven’s ecosytem● Maven alone is nothing● You can integrate it with many tools
Licensed under a Creative Commons license
REPOSITORY MANAGERSApache Maven
Licensed under a Creative Commons license
Repository Managers● Basic services
Search artifacts Browse repositories Proxy external repositories Host internal repositories Security
● Several products Sonatype Nexus (replaced
Proximity) Jfrog Artifactory Apache Archiva
Licensed under a Creative Commons license
Secure your builds● Deploy a repository manager to proxy externals
repositories to : Avoid external network outages Avoid external repository unavailabilities To reduce your company’s external network usage To increase the speed of artifact downloads
● Additional services offered by such servers : Artifacts procurement to filter what is coming from the
outside Staging repository to validate your release before
deploying it
Licensed under a Creative Commons license
Setup a global mirror<settings> <mirrors> <mirror> <!--This sends everything else to /public --> <id>global-mirror</id> <mirrorOf>external:*</mirrorOf> <url>http://repository.exoplatform.org/content/groups/all</url> </mirror> </mirrors> <profiles> <profile> <id>mirror</id> <!--Enable snapshots for the built in central repo to direct --> <!--all requests to the repository manager via the mirror --> <repositories> <repository> <id>central</id> <url>http://central</url> <releases><enabled>true</enabled></releases> <snapshots><enabled>true</enabled></snapshots> </repository> </repositories> <pluginRepositories> <pluginRepository> <id>central</id> <url>http://central</url> <releases><enabled>true</enabled></releases> <snapshots><enabled>true</enabled></snapshots> </pluginRepository> </pluginRepositories> </profile> </profiles> <activeProfiles> <!--make the profile active all the time --> <activeProfile>mirror</activeProfile> </activeProfiles></settings>
Licensed under a Creative Commons license
QUALITY MANAGEMENTApache Maven
Licensed under a Creative Commons license
Automate tests● Use automated tests as often as you can● Many tools are available through Maven
JUnit, TestNG – unit tests, Selenium, Canoo – web GUI test, Fitnesse, Greenpepper – functional tests, SoapUI – web services tests JMeter – performances tests And many more frameworks are available to reply your
needs
Licensed under a Creative Commons license
Quality Metrics● Extract quality metrics from your project and monitor
them : Code style (CheckStyle) Bad practices or potential bugs (PMD, FindBugs, Clirr) Tests coverage (Cobertura, Emma, Clover) …
● You can use blocking rules For example, I break the build if the upward compatibility
of public APIs is broken● You can use reports
Reports are available in a web site generated by Maven Or in a quality dashboard like Sonar
Licensed under a Creative Commons license
Dependency Report
Licensed under a Creative Commons license
Sonar Dashboard
Licensed under a Creative Commons license
CONTINUOUS INTEGRATIONApache Maven
Licensed under a Creative Commons license
Continuous Integration● Setup a continuous integration server to :
Have a neutral and unmodified environment to run your tests
Quickly react when ● The build fails (compilation failure for example)● A test fails● A quality metric is bad
Continuously improve the quality of your project and your productivity
● Many products Hudson, Bamboo, TeamCity, Continuum, Cruisecontrol,
…
Licensed under a Creative Commons license
Hudson
Licensed under a Creative Commons license
GOOD & BAD PRACTICESApache Maven
Licensed under a Creative Commons license
KISSApache Maven
Licensed under a Creative Commons license
K.I.S.S.● Keep It Simple, Stupid● Start from scratch
Do not copy/paste what you find without understanding● Use only what you need
It’s not because maven offers many features that you need to use them
● Filtering● Modules● Profiles● …
Licensed under a Creative Commons license
PROJECT ORGANIZATIONGOOD & BAD PRACTICES
Apache Maven
Licensed under a Creative Commons license
Project bad practices● Ignore Maven conventions
Except if your are migrating from something else and the target has to be to follow them.
Except if they are not compatible with your IDE● Different versions in sub-modules
In that case they are standalone projects.● Too many inheritance levels
It makes the POMs maintenance more complex Where should I set this plugin parameter ? In which parent ?
Licensed under a Creative Commons license
Project bad practices● Have too many modules
Is there a good reason ?● Technical constraint ?● Team organization ?
It increases the build time● Many more artifacts to generate● Dependencies resolution more complex
It involves more complex developments● More modules to import in your IDE● More modules to update …
Licensed under a Creative Commons license
Project good practices● Use the default inheritance
: The reactor project is also
the parent of its modules. Configuration is easier :
● No need to redefine SCM settings, site distribution settings …
Licensed under a Creative Commons license
POM GOOD & BAD PRACTICESApache Maven
Licensed under a Creative Commons license
POM bad practices● Dependencies :
DON’T confuse dependencies and dependencyManagement
● Plugins : DON’T confuse plugins and pluginManagement DON’T use AntRun plugin everywhere DON’T let Maven choose plugins versions for you
Licensed under a Creative Commons license
POM bad practices● Profiles :
DON’T create environment dependant builds DON’T rely on dependencies coming from profiles
(there is no transitive activation of profiles)● Reporting and quality
DON’T activate on an existing project all reports with default configuration
DON’T control formatting rules without giving settings for IDEs.
● DON’T put everything you find in your POM.
Licensed under a Creative Commons license
POM good practices● Set versions of dependencies in project parent’s
dependencyManagement● Set dependencies (groupId, artifactId, scope) in
each module they are used● Use the dependency plugin (from apache) and
versions plugin (from mojo) to analyze, cleanup and update your dependencies.
Licensed under a Creative Commons license
DEVELOPMENT GOOD & BAD PRACTICES
Apache Maven
Licensed under a Creative Commons license
Development bad practices● DON’T spend your time in the terminal,● DON’T exchange libraries through emails,● DON’T always use "-Dmaven.test.skip=true” ● DON’T manually do releases
Licensed under a Creative Commons license
Development good practices● Keep up-to-date your version of Maven
For example in 2.1 the time of dependencies/modules resolution decreased a lot (Initialization of a project of 150 modules passed from 8 minutes to less than 1)
● Use the reactor plugin (Maven < 2.1) or native reactor command line options (Maven >= 2.1) to rebuild only a subpart of your project : All modules depending on module XXX All modules used to build XXX
● Try to not use Maven features not supported by your IDE (resources filtering with the plugin eclipse:eclipse)
Licensed under a Creative Commons license
USECASESApache Maven
Licensed under a Creative Commons license
SECURE YOUR CREDENTIALSApache Maven
Licensed under a Creative Commons license
Secure your credentials● Generate a private key
arnaud@leopard:~$ mvn --encrypt-master-password toto{dZPuZ74YTJ0HnWHGm4zgfDlruYQNda1xib9vAVf2vvY=}
● We save the private key in ~/.m2/settings-security.xml<settingssecurity><master>{dZPuZ74YTJ0HnWHGm4zgfDlruYQNda1xib9vAVf2vvY=}</master></settingssecurity>
Licensed under a Creative Commons license
Secure your credentials● You can move this key to another drive ~/.m2/settings.xml
<settingssecurity><relocation>/Volumes/ArnaudUsbKey/secure/settings-security.xml</relocation></settingssecurity>
● You create an encrypted version of your server passwordarnaud@leopard:~$ mvn --encrypt-password titi{SbC9Fl2jA4oHZtz5Fcefp2q1tMXEtBkz9QiKljPiHss=}
● You register it in your settings<settings> ... <servers> ... <server> <id>mon.server</id> <username>arnaud</username> <password>{SbC9Fl2jA4oHZtz5Fcefp2q1tMXEtBkz9QiKljPiHss=}</password> </server> ... </servers> ...</settings>
Licensed under a Creative Commons license
BUILD A PART OF YOUR PROJECTApache Maven
Licensed under a Creative Commons license
Reactor options (Maven > 2.1)
Licensed under a Creative Commons license
RELEASE YOUR PROJECTApache Maven
Licensed under a Creative Commons license
Release of a webapp in 2002● Limited usage of eclipse
No WTP (Only some features in WSAD), No ability to produce WARs
Licensed under a Creative Commons license
Release of a webapp in 2002● Many manual tasks
Modify settings files Package JARs Copy libraries (external and internal) in a « lib »
directory Package WAR (often with a zip command) Tag the code (CVS) Send the package on the integration server using FTP Deploy the package with AS console
Licensed under a Creative Commons license
Release of a webapp in 2002● One problem : The are
always problems Error in config files Missing dependencies Missing file Last minute fix which created a bug And many other possibilies ..
● How long did it take ? When everything is ok : 15
minutes When there’s a problem : ½
day or more
Licensed under a Creative Commons license
Maven Release Plugin● Automates the release process from tagging
sources to binaries delivery● Release plugin main goals:
Prepare : To update maven versions and information in POMs and tag the code
Perform : To deploy binaries in a maven repository● After that you can just automate the deployment on
the AS using cargo for example.
Licensed under a Creative Commons license
Maven Release Plugin
Licensed under a Creative Commons license
Configuration and Prerequisites● Project version (must be a SNAPSHOT version)● Dependencies and plugins versions mustn’t be
SNAPSHOTs
Licensed under a Creative Commons license
SCM configuration
<scm> <connection> scm:svn:http://svn.exoplatform.org/projects/parent/trunk </connection> <developerConnection> scm:svn:http://svn.exoplatform.org/projects/parent/trunk </developerConnection> <url> http://fisheye.exoplatform.org/browse/projects/parent/trunk </url></scm>
● SCM binaries have to be in the PATH● SCM credentials have to already be stored or you have to
pass them in command line with :–Dusername=XXX –Dpassword=XXX
Licensed under a Creative Commons license
Distribution Management<project>
<distributionManagement>
<repository>
<id>repository.exoplatform.org</id>
<url>${exo.releases.repo.url}</url>
</repository>
. . .
</distributionManagement>
. . .
<properties>
<exo.releases.repo.url>
http://repository.exoplatform.org/content/repositories/exo-releases
</exo.releases.repo.url>
. . .
</properties>
</project>
Licensed under a Creative Commons license
Repository credentials<settings>
<servers>
<server>
<!–- id must be the one used in distributionManagement -->
<id>repository.exoplatform.org</id>
<username>aheritier</username>
<password>{ABCDEFGHIJKLMNOPQRSTUVWYZ}</password>
</server>
</servers>
</settings>
Licensed under a Creative Commons license
Default Release Profile in Super POM<profile> <id>release-profile</id> <activation> <property> <name>performRelease</name> <value>true</value> </property> </activation> <build> <plugins> <!–- Configuration to generate sources and javadoc jars --> ... </plugins> </build></profile>
Licensed under a Creative Commons license
Custom release profile<project>
...
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-release-plugin</artifactId>
<version>2.0-beta-9</version>
<configuration>
<useReleaseProfile>false</useReleaseProfile>
<arguments>-Pmyreleaseprofile</arguments>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
...
<profiles>
<profile>
<id>myreleaseprofile</id>
<build>
<!-– what you want to customize the behavior of the build when you do a release -->
</build>
</profile>
</profiles>
...
</project>
Licensed under a Creative Commons license
Troubleshooting Releases● Common errors during release:
Build with release profile was tested before and fails Local modifications Current version is not a SNAPSHOT SNAPSHOTs in dependencies and/or plugins Missing some configuration (scm, distribMgt, …) Tag already exists Unable to deploy project to the Repository Connection problems
Licensed under a Creative Commons license
TO GO FURTHER …Apache Maven
Licensed under a Creative Commons license
DOCUMENTATIONSApache Maven
Licensed under a Creative Commons license
Some links● The main web site :
http://maven.apache.org● Project’s team wiki :
http://docs.codehaus.org/display/MAVEN● Project’s users wiki :
http://docs.codehaus.org/display/MAVENUSER
Licensed under a Creative Commons license
Books● Sonatype / O’Reilly :
The Definitive Guide http://www.sonatype.com/
books Free download Available in several
languages● Soon in French
Licensed under a Creative Commons license
Books● Exist Global
Better builds with Maven http://
www.maestrodev.com/better-build-maven
Free download
Licensed under a Creative Commons license
Books● Nicolas De loof
Arnaud Héritier Published by Pearson Collection Référence Based on our own
experiences with Maven. From beginners to experts.
In French only Available on 20th November
Licensed under a Creative Commons license
SUPPORTApache Maven
Licensed under a Creative Commons license
Support● Mailing lists
http://maven.apache.org/mail-lists.html● IRC
irc.codehaus.org - #maven● Forums
http://www.developpez.net/ forum maven In French
● Dedicated support Sonatype and some others companies
Licensed under a Creative Commons license
BACK TO THE FUTUREApache Maven
Licensed under a Creative Commons license
PRODUCTApache Maven
Licensed under a Creative Commons license
Apache Maven 2.0.x● bugs fix● Last release : 2.0.10● No 2.0.11 planned
Licensed under a Creative Commons license
Apache Maven 2.x● Evolutions, new features● Several important new features in 2.1 like
Parallel downloads Encrypted passwords
● Last release : 2.2.1● 2.2.2 in few months, 2.3 in 2010
Licensed under a Creative Commons license
Apache Maven 3.x● Do not be afraid !!!!!● Not final before at least
one year● Full compatibility with
maven 2.x projects
Licensed under a Creative Commons license
Apache Maven 3.x● What’s new :
How POMs are constructed How the lifecycle is executed How the plugin manager executes How artifacts are resolved How it can be embedded How dependency injection is done
Licensed under a Creative Commons license
Apache Maven 3.x● What it will change for maven users ?
Any-source POM Versionless parent elements Mixins : a compositional form of Maven POM
configuration Better IDE integration Error & integrity reporting
● Much improved error reporting where we will provide links to each identifiable problem we know of. There are currently 42 common things that can go wrong.
● Don't allow builds where versions come from non-project sources like local settings and CLI parameters
● Don't allow builds where versions come from profiles that have to be activated manually
Licensed under a Creative Commons license
Apache Maven 3.x● What it will change for maven developers ?
Lifecycle extension points Plugin extension points Incremental build support Queryable lifecycle Extensible reporting
Licensed under a Creative Commons license
COMMUNITYApache Maven
Licensed under a Creative Commons license
Users community
● 90 days statistics● Number of subscribers in blue● Number of messages per day in red
● 1780 subscribers on users mailing list
Licensed under a Creative Commons license
The web site
Licensed under a Creative Commons license
Dowloads
● Per month downloads
Licensed under a Creative Commons license
The team● 60 committers,● More than 30 active since the beginning of the
year,● Several organizations like Sonatype, deliver
resources and professional support,● A community less isolated : more interactions with
Eclipse, Jetty,
Licensed under a Creative Commons license
Commit Statistics
Licensed under a Creative Commons license
COMPETITORSApache Maven
Licensed under a Creative Commons license
Competitors● Ant + Ivy, Easy Ant, Gant, Graddle, Buildr…● Script oriented
You can do what you want !● Reuse many of Maven conventions (directories
layout, …) and services (repositories) but without enforcing them
● The risk for them : Not being able to evolve due to the too high level of
customization proposed to the user. We tried on Maven 1 and it died because of that. It’s like providing a framework without public API.
Licensed under a Creative Commons license
CONCLUSIONApache Maven
Licensed under a Creative Commons license
Conclusion● Today, Maven is widely adopted in corporate
environments,● It provides many services,● It has an important and really active community of
users and developers● Many resources to learn to use it and a
professional support are available● A product probably far from being perfect but on
rails for the future● Many things to do
We need you !
Licensed under a Creative Commons license
QUESTIONS ?Apache Maven
Licensed under a Creative Commons license
Licence et copyrights● Photos and logos belong to their respective
authors/owners● Content under Creative Commons 3.0
Attribution — You must attribute the work in the manner specified by the author or licensor (but not in any way that suggests that they endorse you or your use of the work).
Noncommercial — You may not use this work for commercial purposes.
Share Alike — If you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
● http://creativecommons.org/licenses/by-nc-sa/3.0/us/