开发者

Why does maven release plugin allow for SNAPSHOT version in dependency management?

开发者 https://www.devze.com 2022-12-16 15:48 出处:网络
We have 1 company parent pom. This usesdependencyManagement to manage the versions for all the dependencies of all the artifacts used.

We have 1 company parent pom. This uses dependencyManagement to manage the versions for all the dependencies of all the artifacts used.

What is alarming, is that SNAPSHOT versions can be defined in dependencyManagement. Though when maven release is performed, the pom is allowed to be released with SNAPSHOT version in dependencyManagement. Why?

If I point a child project to a released version of the company parent pom, and this child project uses a dependency defined in dependencyManagement though it's a SNAPSHOT version, I'm unable to release the child project.

Why does Maven allow SNAPSHOT version for an artifact defined in dependencyManagement to be released? And how can I开发者_运维技巧 configure the maven release plugin to fail if there is a SNAPSHOT version defined?


What is alarming, is that SNAPSHOT versions can be defined in dependencyManagement. Though when maven release is performed, the pom is allowed to be released with SNAPSHOT version in dependencyManagement. Why?

I would expect the maven-release-plugin to update SNAPSHOT versions in dependencyManagement upon release. Actually, there are some Jira about this, for example MRELEASE-91 and MRELEASE-202 that may affect you.

So the question is: which version of the plugin are you using?

But to be honest, it's not really clear what versions are affected by MRELEASE-202, the comments are confusing (so I wonder if the issue is fixed or not). Anyway, if the version you are using is affected, then upgrade to a more recent version. And if the bug/regression (I think it's a bug) is still there, then raise a new issue.


I do not have the answer as to 'why' (personally I think it's a bug), but I have a way to prevent this happening: use the Maven Enforcer plugin.

A company called smartics (lowercase s) have created a rule (NoSnapshotDependenciesInDependencyManagementRule) to prevent this exact problem.

You basically need to add the following to your parent POM:

<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-enforcer-plugin</artifactId>
  <version>1.4.1</version>
  <executions>
    <execution>
      <id>enforce-project-rules</id>
      <phase>test</phase>
      <goals>
        <goal>enforce</goal>
      </goals>
      <configuration>
        <rules>
          <NoSnapshotDependenciesInDependencyManagementRule
            implementation="de.smartics.maven.enforcer.rule.NoSnapshotsInDependencyManagementRule">
            <onlyWhenRelease>true</onlyWhenRelease>
            <checkOnlyResolvedDependencies>false</checkOnlyResolvedDependencies>
          </NoSnapshotDependenciesInDependencyManagementRule>
        </rules>
      </configuration>
    </execution>
  </executions>
  <dependencies>
    <dependency>
      <groupId>de.smartics.rules</groupId>
      <artifactId>smartics-enforcer-rules</artifactId>
      <version>1.0.2</version>
    </dependency>
  </dependencies>
</plugin>
0

精彩评论

暂无评论...
验证码 换一张
取 消