how to make stable release in using Maven and SVN

Question

Hi,

we are having about 100 maven artifacts in our java based project. these artifacts categorize under 5 different products. obviously some of them are shared between products.

the problem is that, if you tag a product in svn for a release. the tag is not stable. because dependent shared modules are snapshot and they can be changed by others.

let say: Module A depends on Module B which is snapshot version. I Tag Module A in SVN for a release or milestone or ... later if someone change module B, it can affect the Tagged version. next time if i try to build tag version, i will have a broken build.

is there any way to solve this issue?

i don't want to use profile to stop snapshot updating.

Thanks All.

Answer 1

I don't tag a version if it has a dependency which version is snapshot.

Answer 2

The problem is that, if you tag a product in svn for a release, the tag is not stable because dependent shared modules are snapshot and they can be changed by others (...) Is there any way to solve this issue?

You identified the problem and the answer is obvious: you should use fixed versions only when doing a release. There are two plugins that can help to simplify the whole process:

• The Maven Release Plugin that fully support automating the "right" workflow (check out Prepare a Release).
• The Versions Maven Plugin has some useful goals to update a set of POMs if you can't or don't use the release plugin. In particular, check versions:update-parent and versions:update-child-modules.

But the bottom line is: fix your versions when releasing (and tagging) for later reproducibility.

Answer 3

Even though I agree with Boris and Pascal there are two ways around.

1. You create every build only once. Therefore you have the code for investigating a bug (you need to hope that the bug is not in one of your dependencies). The major advantage is though, that you have exactly one binary that you can move through all environments up to production. There is only one requirement. The app needs to be environment agnostic.

2. tag whole scm including all the snapshots. When you build the code than, you have to checkout your project and all the dependencies. And build them in the right order so you have exactly the same results. This gets tedious with many dependencies and if more than one SCM is involved.

Of course you can try to mix the two approaches. So that you tag your own project and optionally some dependencies. All the other dependencies you keep the needed artifact (including pom for installation into the local repository), so that you can rerun the build whenever you wish to.

This should only be a temporary workaround until you managed to only use released dependencies.

Answer 4

If you use the maven-release-plugin for releasing your components, it will perform a check for the dependencies and stops building when it encounters a snapshot dependency.