0

I'd like to know who should have the authority to upload artifacts to the organization's remote repository for maven artifacts. What should be considered as the best practice to follow:

  1. All developers should have the authority to use maven deploy to upload project jars.
  2. Only Senior developers.
  3. QA Analysts.
  4. Someone else.

FYI: I'm using a nexus hosted repository for maven projects.

Usaib Avais
  • 1
  • Only a CI system from master/main or via an automatic build release... – khmarbaise Apr 07 '22 at 11:10
  • Can you also tell when/how often artifacts should be deployed? (Daily, Weekly or monthly) – Usaib Avais Apr 08 '22 at 04:39
  • Answered on the other post of your post...only based on changes which mean change in version controll which triggers a build..and in consequence a deployment in repository... – khmarbaise Apr 08 '22 at 08:46

1 Answers1

1

Nobody should upload artifacts from their own computer.

Instead, the build system (Jenkins, GitHub Actions, GitLab CI, ...) should build artifacts from branches in your version control (git, svn, ...) and deploy the result to your Nexus.

Generally, I would build SNAPSHOT versions automatically. For release versions, different approaches are possible. If you are using git, you can e.g. build releases from special branches and restrict who can push/merge into these branches.

J Fabian Meier
  • 33,516
  • 10
  • 64
  • 142
  • Can you also tell when/how often artifacts should be deployed? (Daily, Weekly or monthly) – Usaib Avais Apr 08 '22 at 04:38
  • This depends very much on the setting. Some companies release versions to production every day, so they need to build and deploy every day. If you create libraries that other people in our company use, it is advisable to deploy them often, for end products it may be ok to deploy them if a release is coming up. – J Fabian Meier Apr 08 '22 at 07:57