This repository contains the parent pom.xml for maven projects in devonfw.
It configures a lot of cross-cutting aspects in this central place to avoid redundancies between pom.xml files:
-
pluginManagement- defines versions and configuration defaults for maven plugins -
plugins- defines the standard plugins and their configurations for the default build lifecycle for devonfw -
profiles- defines optional features or dynamic aspects:-
deploy- activates generation of*-javadoc.jarfiles as well as PGP signatures to deploy releases. Activated viamvn -P deploy. This is the default profile used by devonfw-ide ondevon release. -
eclipse- detect if maven runs withinm2einside Eclipse and useeclipse-targetinstead oftargetso that builds from Eclipse are decoupled from console builds. Otherwisemvn cleanwould break Eclipse, etc. This profile is triggered automatically in Eclipse. -
security- runorg.owasp:dependency-check-maven:checkduring the build in order to find known security vulnerabilities (CVE). Activated viamvn -P security. Is not active by default as it breaks the build even if a download failes due to temporary availability issues. Also CVEs are sometimes false positives. We strongly encourage to run this check nightly but do not recommend to use it as build-breaker in your CI. -
licenses- runorg.codehaus.mojo:license-maven-plugingoalsaggregate-download-licensesandaggregate-add-third-partyduring the build to analyse and check licenses of third-party dependencies.
-
-
url- configured for your github repository -
licensing- set to ASL 2.0 and point to individualLICENSEfile in your repository root -
issueManagement- configured for github -
scm- configured for github -
organization- configured for devonfw and github -
distributionManagement- configure repositories and site:-
release-repository- set to${maven.release.repository}defaulting to OSSRH -
snapshot-repository- set to${maven.snapshot.repository}defaulting to OSSRH -
maven-site- stage site to project’s toplevelbuild.directory(target/maven-site). From there you can do QA and transfer it to wherever you prefer.
-
-
reporting- plugins and configurations for maven site generation. -
encoding- strictly use unicode (UTF-8)
In your repository the top-level pom.xml should look like this:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>com.devonfw</groupId>
<artifactId>maven-parent</artifactId>
<version>1</version>
</parent>
<groupId>com.devonfw.«suffix»</groupId>
<artifactId>«artifact-id»</artifactId>
<version>2020.12.1-SNAPSHOT</version>
<name>${project.artifactId}</name>
<description>«description»</description>
...
<properties>
<github.repository>«repository»</github.repository>
<!-- optional if defaults do not apply: -->
<!--
<github.organization>devonfw-forge</github.organization>
<java.version>11</java.version>
-->
</properties>
...
</project>For deployment of releases you need the following prerequesites:
-
Permitted account for https://oss.sonatype.org/
-
A PGP keypair generated with pgp
-
Your PGP public-key published to keyservers and registered to OSSRH for
com.devonfw -
Have devonfw-ide installed.
Then you can configure your setup as following:
-
cd projects/devonfw(tweak path according to your setup) -
devon mvn --encrypt-password -
enter your password for https://oss.sonatype.org/
-
Copy the encrypted password (
{…}) -
vi conf/.m2/settings.xml(use the editor of your choice) -
Enter the following sections to your
settings.xmland save it:
<servers>
<server>
<id>repository</id>
<username>«LOGIN»</username>
<password>«ENCRYPTED-PASSWORD»</password>
</server>
</servers>
<!-- Only required if you have multiple PGP keys -->
<profiles>
<profile>
<id>devonfw</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<properties>
<gpg.keyname>«PGP-KEY-ID»</gpg.keyname>
</properties>
</profile>
</profiles>Of course you are smart enough to replace the variables with the proper values.
From now on, when you want to create a release all you need to do is:
devon releaseHowever, ensure to call this on a clean clone of the official repository after you have pulled the latest changes and all features for the release are included and properly tested. As a best practice keep your cloned forks in main workspace while you clone the official repos in stable workspace and build releases from there.
Sources: