Artifact Repository

We are using a Nexus Repository Server. Reachable at https://artifacts.acc.gsi.de/. Read Access is anonymous. To deploy artifacts you require an acc-account.

Repositories

central is a proxy to maven central.

csco is the in house repository. It is hosted by cscoin. It allows artifact upload for authenticated users. A companion repository csco-snapshots exits.

cern-release is a proxy to the cern accsoft repository.

cmmnbuild is a proxy to the cern commonbuild artifacts.

default is a group. It holds csco, csco-snapshots, cern and central. Routing is applied, see below

Routing

global routing rules for all groups (that is default and default-snapshots)

Inclusive rules. That is if groupId matches it will only search in the listed repositories

groupId repositories
de.gsi csco, csco-snapshots
cern cern
Exclusive rules. That is if groupId matches, never search the listed repository

groupId repositories
not cern cern
The inclusive rules are there to speed up searches by not accessing repositories that should not hold these artifacts.

The exclusive rules will prevent access to the cern repository for artifacts that are not created by cern. Cern publishes additional thirdparty artifacts that are also published on maven central.

Retention

csco-snaphots has a cleanup policy. As of writing

  • released artifacts will remove the snapshot after 14 days
  • snapshots older then 7 days are up for deletion
  • but at least 14 snapshots are kept

Proposal

artifacts is accumulating cruft. We need a few more cleanup policies. This affects snapshots and releases.

  • snapshot artifacts not accessed for 180 Tage will be removed, regardless of release state
  • for released artifacts only the last 14 releases are kept. For example if de.gsi.foo:my-artifact exists in the version 1.0.0, 1.0.1, 2.0.0, 2.0.1, 2.0.2 and we want to keep the last four artifacts, it would delete version 1.0.0

Usage

The maven installation provided by csco (starting with maven 3.0.5) has a preconfigured /opt/maven/conf/settings.xml. It configures the URL https://artifacts.acc.gsi.de/nexus/content/repositories/default/ as a mirror of maven central.

As default is a merged view of maven central and csco internal repository it is possible to resolve internal artifacts using this mirror.

In addition three profiles are configured.

Profile csco disables the repository maven central and activates the repository default (as artifact and plugin repository). This profile is active by default.

Profile csco-snapshot reconfigures the repository default to also accept snapshot artifacts.

Profile csco-plugin-snapshot activates the plugin repository csco-snaphost. This profile is not active. It is intended for users who want to use inhouse plugins before they are released.

Artifacts require a distributionManagement Section for csco and csco-snapshot. The artifact de.gsi.cs.co:parent:1.0.5 will be the first to supply this. Using older parents will result in trying to deploy to default which no longer accepts uploads as it is a repository group.

Artifacts should not contain a repository section. They should rely on a properly configured settings.xml for repositories and a parent for distribution Management.

On non cscoin systems the central (or users) settings.xml must be updated to include repositories or profiles.

If a cern artifact references a thirdparty artifact it will be pulled from central (via group default) NOT from cern (excluded via routing). Any thirdparty artifact that cern chooses to publish in their repository will not be available. We need to prevent cern from publishing for example a log4j in a newer version, or a patched version that then overlaps with central.

If you republish a cern artifact in csco it won't be available. Cern artifacts must be in the cern repository.

Please note if http://jira.codehaus.org/browse/MNG-4946 gets any updates. It effects the merging order of profiles.

snapshots

By default Snapshots from csco are available and included. You can disable them by disabling the profile (mvn -P \!csco-snapshot) but maven will still be able resolve them from your local ~/.m2/ repository. For releases use the maven release plugin and remove all version ranges.

See also https://jira.codehaus.org/browse/MNG-3092
Topic revision: r13 - 07 Dec 2020, ChristophHandel
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback