How to isolate multiple shared Maven repository configurations?

Question

I have troubles designing the architecture of a couple of Maven repositories.

We maintain an infrastructure for our own company and a couple of clients. We have company internal components, redistributable components and customer-specific components. We also have company-internal SCM/CI/Nexus repo, as well as per-client SCM/CI/Nexus repo.

Now the hard part: We would like the redistributable components to be deployed in both our company repository and the client-specific repositories, when we release or deploy (because the customer components depend on the redistributable ones). It is required however, that the customers don't see each other's repository configurations (or our internal repo configuration) in the redistributable code. This means that the redistributable pom.xml may not contain the definitions of those repositories, otherwise each customer can see everything in the source code. Furthermore, download requests for internal artifacts or client components should not be sent across the board, otherwise each customer can see the requests in the Nexus logs of their repository.

How can this be achieved?

I know that there is a workaround, where distributionManagement is not specified at all in the pom.xml and I can use -DaltDeploymentRepository from the command line, but I don't want to type in the URLs every time I deploy. Is there a better way?

Short Summary:

Company internal repo

• internal components
• redistributable components

Client 1 repo

• redistributable components
• client 1 app

Client 2 repo

• redistributable components
• client 2 app

The redistributable components should be deployed in all repos on release. Clients should not see repo configuration for other clients or internal ones.

Answer 1

I do not know whether I understood everything correctly, but here some suggestions:

• Usually, you don't deploy to several repositories, but add proxies for one repository in another one. So your customer repositories include a proxy repository that points to your other (internal) repositories. You need not publish any configuration of the internal repositories, only a URL.
• Furthermore, you need not publish the whole POM to your Maven repository, but you can use the Maven flatten plugin to eliminate unnecessary parts of your POM before publishing.

Answer 2

We've settled for an acceptable solution.

Each of the components contains only 1 repository definition (download and upload), but the URL is read from a property, which is not defined in the pom.xml.

On each developer machine and on each Jenkins server all URLs are defined in settings.xml. The mapping between repo-id and URL happens there. Internal artifacts use the id for internal repository ("internal-repo"), the client artifacts have their own ids ("client1-repo", ...) and the redistributable artifacts use the id "redist-repo".

Inside the settings.xml for each client, "redist-repo" is mapped to their own repository URL and they are happy.

When deploying from a developer machine, we have to override the property for "redist-repo" URL from the command line and we can deploy to whichever client's repo we want.

In summary:

• internal pom.xml: scm/url: ${company.internal.scm} ; distributionManagement/url and repository/url: ${company.internal.repo}
• redistributable pom.xml: scm/url: ${company.redist.scm} ; distributionManagement/url and repository/url: ${company.redist.repo}
• customer X ... pom.xml: scm/url: ${customerX.scm} ; distributionManagement/url and repository/url: ${customerX.repo}

In settings.xml:

• on internal build server/dev machine: company.redist.scm = internal_scm, company.redist.repo = internal_repo
• on customer X build server: company.redist.scm = customerX_scm, company.redist.repo = customerX_repo

On deployment, we can override -DaltDeploymentRepository=customerX_repo for the redistributable components.

If anyone is interested in code samples, please comment and I'll share pom and settings.