https://github.com/devonfw/maven-parent

Parent POM used for maven projects in devonfw
https://github.com/devonfw/maven-parent

Last synced: 4 months ago
JSON representation

Parent POM used for maven projects in devonfw

• Host: GitHub
• URL: https://github.com/devonfw/maven-parent
• Owner: devonfw
• License: apache-2.0
• Created: 2019-11-14T13:25:21.000Z (over 6 years ago)
• Default Branch: master
• Last Pushed: 2024-09-26T18:25:58.000Z (over 1 year ago)
• Last Synced: 2025-01-22T04:19:51.355Z (over 1 year ago)
• Size: 74.2 KB
• Stars: 0
• Watchers: 15
• Forks: 4
• Open Issues: 2
• Metadata Files:
  • Readme: README.adoc
  • License: LICENSE

Awesome Lists containing this project

README

          
= maven-parent

image:https://img.shields.io/github/license/devonfw/maven-parent.svg?label=License["Apache License, Version 2.0",link=https://github.com/devonfw/maven-parent/blob/develop/LICENSE]

image:https://img.shields.io/maven-central/v/com.devonfw/maven-parent.svg?label=Maven%20Central["Maven Central",link=https://search.maven.org/search?q=g:com.devonfw]

This repository contains the parent `pom.xml` for maven projects in http://devonfw.com[devonfw].

It configures a lot of cross-cutting aspects in this central place to avoid redundancies between `pom.xml` files:

* `pluginManagement` - defines versions and configuration defaults for maven plugins

* `plugins` - defines the standard plugins and their configurations for the default build lifecycle for devonfw

* `profiles` - defines optional features or dynamic aspects:

** `deploy` - activates generation of `*-javadoc.jar` files as well as PGP signatures to deploy releases. Activated via `mvn -P deploy`. This is the default profile used by https://github.com/devonfw/ide/blob/master/documentation/Home.asciidoc#devon-ide[devonfw-ide] on `devon release`. 

** `eclipse` - detect if maven runs within `m2e` inside Eclipse and use `eclipse-target` instead of `target` so that builds from Eclipse are decoupled from console builds. Otherwise `mvn clean` would break Eclipse, etc. This profile is triggered automatically in Eclipse.

** `security` - run `org.owasp:dependency-check-maven:check` during the build in order to find known security vulnerabilities (CVE). Activated via `mvn -P security`. Is not active by default as it breaks the build even if a download failes due to temporary availability issues. Also CVEs are sometimes false positives. We strongly encourage to run this check nightly but do not recommend to use it as build-breaker in your CI.

** `licenses` - run `org.codehaus.mojo:license-maven-plugin` goals `aggregate-download-licenses` and `aggregate-add-third-party` during the build to analyse and check licenses of third-party dependencies.

* `url` - configured for your github repository

* `licensing` - set to ASL 2.0 and point to individual `LICENSE` file in your repository root

* `issueManagement` - configured for github

* `scm` - configured for github

* `organization` - configured for devonfw and github

* `distributionManagement` - configure repositories and site:

** `release-repository` - set to `${maven.release.repository}` defaulting to OSSRH

** `snapshot-repository` - set to `${maven.snapshot.repository}` defaulting to OSSRH

** `maven-site` - stage site to project's toplevel `build.directory` (`target/maven-site`). From there you can do QA and transfer it to wherever you prefer.

* `reporting` - plugins and configurations for maven site generation.

* `encoding` - strictly use unicode (`UTF-8`)

== Usage

In your repository the top-level `pom.xml` should look like this:

```

  4.0.0

  

    com.devonfw

    maven-parent

    1

  

  com.devonfw.«suffix»

  «artifact-id»

  2020.12.1-SNAPSHOT

  ${project.artifactId}

  «description»

  ...

  

  

    «repository»

    

    

  

  

  ...

```

== Deployment

For deployment of releases you need the following prerequesites:

* Permitted account for https://oss.sonatype.org/

* https://gnupg.org/download/[GnuPG installed]

* A PGP keypair generated with pgp

* Your PGP public-key published to keyservers and registered to OSSRH for `com.devonfw`

* Have https://github.com/devonfw/ide/blob/master/documentation/Home.asciidoc#devonfw-ide[devonfw-ide] installed.

Then you can configure your setup as following:

. `cd projects/devonfw` (tweak path according to your setup)

. `devon mvn --encrypt-password`

. enter your password for https://oss.sonatype.org/

. Copy the encrypted password (`{...}`)

. `vi conf/.m2/settings.xml` (use the editor of your choice)

. Enter the following sections to your `settings.xml` and save it:

```xml

  

    

      repository

      «LOGIN»

      «ENCRYPTED-PASSWORD»

    

  

  

  

    

      devonfw

      

        true

      

      

        «PGP-KEY-ID»

      

    

  

```

Of course you are smart enough to replace the variables with the proper values.

From now on, when you want to create a release all you need to do is:

```

devon release

```

However, ensure to call this on a clean clone of the official repository after you have pulled the latest changes and all features for the release are included and properly tested. As a best practice keep your cloned forks in `main` workspace while you clone the official repos in `stable` workspace and build releases from there.

Sources:

* https://central.sonatype.org/pages/ossrh-guide.html[OSSRH-Guide]

* https://central.sonatype.org/pages/apache-maven.html[OSSRH-Maven]