Drop expressions in repository URLs and manage version of Maven Install Plugin #85
Conversation
|
Thanks, @mthmulders! |
Interesting point. If they do, I think their path forward would be to add the corresponding |
IMO - the actual definitions of repositories that are EF infrastructure dependent are the only reason to inherit from this parent... Why would one change
Bump the version to 2? |
I'm not sure if anybody is actually changing the repository URL this way. I was just always wondering why the URL was a maven property and not simply inlined into the corresponding |
|
|
Now - with maven 4 helpfully rejecting expressions in url - if sonatype changes host name or EF migrates to different service - update in 6 places will be needed. Good. |
|
If no-one objects, I'll bump the version number to 2.0.0 and prepare a release after merging this. |
|
We haven't yet addressed the issue of signing artifacts. I guess we should consider solving that before bumping to 2.0.0 and releasing. |
There is also NEXUS-36533/MNG-7627. It might take few more days before final maven 4 is published. Until then child projects can still use maven 3, and do some staging and releasing to confirm that removed property does not hurt them. Signing and deploying issues can be solved separately and can result with new release(s). However - the subject of this PR could be changed a bit as this is not complete maven 4 preparation we see. |
How about "Drop expressions in repository URLs to prepare for Maven 4"? |
|
How about "Drop expressions in repository URL and manage m-install-p"? This Maven 4 part is not important IMO. |
mthmulders
changed the title
It's unlikely being about projects themselves but rather about organizations rebuilding projects from scratch and republishing them on their own infra to their own internal repository for whatever reason behind that (I can imagine security, various regulations etc). Being able to override the default repo through the simple command line property makes this easy to do. I doubt security policies of such organizations allows exposing names/ips of internal servers on the internet/public places. |
Nothing like that was mentioned when property was introduced. Such organizations will need to adapt for this. Switch to using different profile with custom repositories defined. And - to allow to use property in repository definition again - to raise MNG for maven to do so. It's not up to this project. |
Probably nobody explicitly asked or it was obvious that the pattern used in various oss-parents used by Sonatype is being followed. JBBUILD-567 (behind this commit) may have some info too, but who knows, the issue is not public.
Assuming the author of this PR is a maven committer, he can do it should he see the need for it. |
I suppose it's no longer the case, as with currently managed plugin and with maven 4.0.0-beta-3 they seem to cooperate: |
Correct. That statement is roughly two years old. At the time of writing, there was no plan to make the Maven GPG Plugin work with Maven 4, but a lot has changed since. |
Following the conversation in #84, here's a pull request that does the trivial changes:
There's one more thing that must be done. If you would attempt to make a release, it would fail with
The Sign Maven Plugin looks like a candidate replacement. Its website says it works on Maven 3.6 and is ready for Maven 4 with Consumer POM.
Since the Sign Maven Plugin does not look like a drop-in replacement to me, and since it is not part of the ASF Maven project, I chose not to include it (yet) in this PR. If the Eclipse EE4J project decides to adopt that plugin, it could be part of this PR.