1

Maven is used in Java projects as a dependency manager. There's Artifactory acting as internal repository and caching proxy for Maven central repository. All maven projects are configured to use it as repository and plugin-repository in their pom.xml.

There's all virtual repository inside Artifactory containing all other repositories (releases, snapshots, archive).

Archive repository contains some (probably old and unused) archived artifacts which should be deleted, but some of them are used.

How to detect which dependencies are used by java projects, but already archived or missing from archive also?

The ultimate goals are:

  • update versions of such dependencies in pom.xml and delete old versions from archive
  • restore missing dependencies from archive which are used by java projects and accidentally were deleted from archive. The only reason builds are passing is dependencies' presence in build server's .m2 local cache.

My solution so far, run Jenkins nightly job which automates the following steps:

  • create non-archived virtual repository in Artifactory which doesn't contain archive repository, but contains all others.

  • create custom maven environment ( extract maven installation archive) and configure it with the following settings.xml. Custom environment is created to prevent finding the missing artifact in build servers .m2 folder:

     <localRepository>localTempFolder</localRepository>

 <mirrors>
    <mirror>
       <id>noarchive</id>
       <name>No archive mirror for csi-all</name>
       <url>non-archived/url>
       <mirrorOf>all</mirrorOf>
    </mirror>
 </mirrors>

  • run path_to_custom_maven dependency:list inside some java project.

Command returns maven missing dependencies (in non-archived repo, but present in archive or missing in archive and present in build server .m2 folder) in the errors.

However, this way is slow because .m2 cache is not used and i'm not sure it's the most correct way.

How to find missing artifacts in non-archived repo while utilizing .m2 cache?

rok
  • 9,403
  • 17
  • 70
  • 126
  • 1
    First you should configure the repository manager where you consume from in `settings.xml` and never in your `pom.xml`. That is in particular the way within corporate environments. This should be configured also on Jenkins as well that way. And one important basic concept of repositories (release) is: They are immutable which means never delete artifacts from there otherwise you could break older builds and in consequence never be able to reproduce older states. – khmarbaise May 17 '20 at 11:20
  • thanks. configuring the repository manager in `settings.xml` should be done also on local development environments and not only on build servers? – rok May 17 '20 at 12:20
  • 1
    In a corporate environment always to have a defined location where all devs get dependencies etc. No doubt about that. – khmarbaise May 17 '20 at 12:53
  • defined location exists, it's artifactory. its url is in `pom.xml`, you recommend to move the url from `pom.xml` to `settings.xml` on local environments and build servers? – rok May 17 '20 at 13:22
  • Yes always into `settings.xml`. Never in pom file. For local environment as well as on the build server (Jenkins has a nice plugin: Config File Provider Plugin for that purpose)... – khmarbaise May 17 '20 at 14:15

0 Answers0