and artifactID uniquely identifies a given
project, and the version identifier specifies the version of the project, while the
packaging identifier specifies the binary
software format.
Once an artifact is assigned a release
number on Central, the file contents
cannot be altered. The Central repository
also contains cryptographic hashes and
PGP signatures that can be used to verify
artifact authenticity and integrity.
While Maven can be configured to
retrieve software artifacts directly from
one of the many Central mirror sites
around the world (or any external repository), an increasingly popular option that
is faster, more secure, and more easily managed is to employ a repository
manager as a locally controlled proxy to
Central and other artifact repositories
(such as those provided by Oracle, Red
Hat, and Codehaus).
05REPOSITORY MANAGEMENT
COMMUNITY
JAVA IN ACTION
04SOFTWARE CONFIG MANAGEMENT
Software configuration management
(SCM) entails rigorously controlling
and tracking changes made to soft-
ware, and includes a subfunctionality
of revision control (version handling).
Development tools such as Hudson and
Jenkins (explored earlier) offer support
for a variety of such SCM tools, including
Clearcase, CVS, Git, and Subversion.
Git. Git offers a distributed revision con-
trol and SCM system, suitable to handle
both large and small development proj-
ects. GitHub provides a collaborative,
Web-based facility to manage both public
and private Git repositories. Written
using Ruby on Rails, GitHub is the most
popular Git hosting site, providing social
networking functionality and usage data
specifically directed toward collaborative
development.
A repository management system offers
a locally cached proxy between development teams and external repositories. It
speeds download times, ensures managed and configurable access to both
external artifacts and internally created modules, and provides tagged and
searchable metadata.
Sonatype Nexus. Nexus is a managed,
central point of access for external repositories, offering configurable permissions
and customizable/searchable user-defined metadata. Figure 1 depicts how
a repository manager fits into a typical
development process.
Nexus provides a centralized point for
managed access of open source software
components and their dependencies,
serving as a configurable proxy between
organizational and public repositories.
Nexus offers cached components for
quick download, ensures that all users
access the same modules, enables secure
and controllable deployment of internally
developed components, and provides
configurable, partner-specific access.
Meanwhile, user-defined metadata offers
rich and customizable search capabilities.
JFrog Artifactory. Winner of the 2011
Duke’s Choice Award for Innovative Tool
for Developers, JFrog Artifactory is a Java-based binary file repository management
tool, with a free open source version, a
paid Pro version, and a software-as-a-service (SaaS) cloud-based version
(Artifactory Online). Figure 2 shows how
Artifactory acts as a proxy between your
Maven client and the outside world.
JFrog Artifactory serves as a proxy
between build tools such as Maven, Ant,
ABOUT US
Developer Teams
Central Repository
EXPERT OPINION
“Nexus is a rock-solid vault
for your binaries, tailor-
made for a Maven-based
build process.”
—John Ferguson Smart,
CEO, Wakaleo Consulting
“Artifactory is a great
choice for DevOps. Its
integration with Jenkins
offers full traceability
across builds, links back to tickets, and
allows comfortable build promotions. Easy
configuration, openness, and extensibility
make Jenkins a central service hub and a
smart backbone of your continuous deliv-
ery and DevOps infrastructure.”
—Michael Hüttermann, Java Champion
Build/CI
Systems
