6

Suppose I have two Java projects in Maven / Eclipse:

  • An open source application hosted in GitHub
  • A small private library containing utility functions which is not open source (but which I do have the rights to modify, build, and redistribute in compiled form e.g. as a .jar file)

I'd like to make it possible for others to build, modify and run the application (and contribute back to the open source project if they like!), but this means that they will also need the library as a dependency.

I'd like to keep things simple, so that builds are easy both for myself and users of the application.

What's the most practical way to make this work?

mikera
  • 105,238
  • 25
  • 256
  • 415

3 Answers3

3

When working with Maven it is recommended to use a Maven Repository Manager such as Nexus and configure your settings file as described here:

https://help.sonatype.com/display/NXRM3/Maven+Repositories#MavenRepositories-ConfiguringApacheMaven

In your situation this has the additional benefit that you could use the Maven Repository Manager to host any private artifacts.

Puce
  • 37,247
  • 13
  • 80
  • 152
  • hmmm but in this case I want public open source users to be able to use the artifact (ideally without hacking their settings). Any way of doing that? – mikera Jun 27 '12 at 11:25
  • you can't never be sure that someone will not misuse your jar (decompile it) – ant Jun 27 '12 at 11:28
  • e.g. for Nexus, you have to make the public group accessible by everyone (I think this is the default if you're using a public IP-address/ domain) and make sure your hosting repository with your private library is in that public group. Other users then can proxy your repository in their own Maven Repository Manager. – Puce Jun 27 '12 at 12:20
3

Provide your own Maven repository on GitHub to distribute the closed source library which you are allowed to redistribute and reference it from your project (pom.xml).

http://cemerick.com/2010/08/24/hosting-maven-repos-on-github gives a nice introduction on how to set up a repository on GitHub. You should be aware of the caveats of such a micro repository also mentioned in that post.

mikera
  • 105,238
  • 25
  • 256
  • 415
stefanglase
  • 10,296
  • 4
  • 32
  • 42
  • Is there any way to have visibility over who or how many people are downloading the artifacts from github? It looks like github only collects stats when you clone the repo. – cosbor11 Jan 12 '16 at 11:06
3

A really simple solution would be to place your private library into your project (e.g. <project>/lib/library-1.0.jar) and include it as system dependency. You can include it in your pom like.

<dependencies>
    <dependency>
      <groupId>my.private</groupId>
      <artifactId>library</artifactId>
      <version>1.0</version>
      <scope>system</scope>
      <systemPath>${project.basedir}/lib/library-1.0.jar</systemPath>
    </dependency>
  </dependencies>

Caution: A system dependency is not transitiv!

From the documentation

This scope is similar to provided except that you have to provide the JAR which contains it explicitly. The artifact is always available and is not looked up in a repository.

FrVaBe
  • 47,963
  • 16
  • 124
  • 157
  • Thanks, very useful. Is there a good way to automatically update the library jar file if I rebuild the library project? – mikera Jun 27 '12 at 11:56
  • This is a simple solution, but cleary not the better, because of transitivity issues. But it fullfill the request ... – Jean-Rémy Revy Jun 27 '12 at 12:34
  • @mikera I do not know how to simplify the library update. If your library will be released in a new version you have to do something - even with the repository approach. You have to update the version number of your dependency in your pom.xml (suppose you do not use version ranges which make a build unreproducible). – FrVaBe Jun 27 '12 at 13:18
  • @Jean-Rémy If someone _likes to keep things simple_ and is looking for a _most practical way_ I doubt that setting up (and maintaining) a public repository to provide one single dependency is the best and obvious solution. But of course using `system` scope should be the rare exception and you should know about the pitfalls. – FrVaBe Jun 27 '12 at 13:24