Published: Feb 16, 2019 by Isaac Johnson
Apache Mavenis the logical successor to Ant is remains one of the most popular tools of orchestrating build environments and steps for Java based build. Maven is entirely java based making it platform independent, requiring only a local instance of java to run.
Maven projects all start with a top level POM. This Project Object Model file defines the basics for a project including settings, parent relationships, plugins and build steps. While certainly popular for Java, I’ve used Maven to build a myriad of other languages as well including C, Fortran and GoLang.
Maven is managed by the Apache Foundation and is thusly free and available for all to download. Extensibility comes from plugins which developers publish to artifact repositories like the Central Apache repository. While most plugins are free and open-source, there are plenty that are commercial and those usually require a license file or key to operate (such as Clover and Fortify360).
Once source code is compiled, it turns into an “artifact”. Artifacts are the ultimate output of builds and often take the form of jars, zips and tgz files. Artifact stores like Sonatype Nexus, JFrog Artifactory and Azure Artifacts to name a few, will store a “maven” style repo (or feed) with metadata (data about data) often in a file called “metadata.xml”. The fact that they are XML shows the systems age a bit. Lastly, many of these tools have the ability to generate MD5 checksums stored with the file (often ending in .md5) as a way the client can ensure the artifact it downloaded is whole and unmodified.
Lastly, Artifact Repositories actually farm out to proxies creating a distributed network of locations of both plugins and built “things”. When creating repositories, one can chose to create a hosted repo (one we are managing here) or a proxy repo (one we are fetching from another location). The behaviour of a proxy is to always use a local copy first and only fetch if our local has expired or doesn’t exist. This often means the first fetch may be slow but subsequent ones are far faster.
This method also follows with the client. Maven will store local copies of things it downloads (plugins and dependency jars) as well as things it’s builds locally in the local filesystem in the m2 repository (on mac and linux, this is usually ~/.m2). This makes rebuilds locally much faster.
Another key point to understand about artifacts is there are two main types of Maven artifacts (and corresponding repositories) - Snapshot and Release. Snapshots