


My customer needs a more organized inventory of all 3rd-party libraries (such as JAR files) that are used in production for their projects. I am involved with a number of their Java-based projects. Their inventory has not been consistently maintained in the past and the time has come to account for all the libraries that are currently being used (there are quite a few!) and to enforce a structured process for introducing new libraries into the build environment.


I have tried pitching the idea of using Maven and Artifactory in their build process to leverage those tools' ability to manage a repository of binary libraries and handle transitive library dependencies. The customer is resistent to the suggestion because they think it will create more work for them to maintain an Artifactory server and learn the basics of Maven.


Currently, their Java projects are all built using Ant scripts. Transitive dependencies are largely managed by trial-and-error. The inventory of libraries currently in use is maintained by hand and the binaries are stored in a Subversion repository. The customer recognizes that this needs to be improved, but the current suggestions for improvement involve more ad-hoc "manage it by hand" approaches.



Any other arguments/suggestions/etc that would assist me in this would also be appreciated.


正如评论中指出的那样,您的客户不必完全采用Maven即可从依赖管理中受益,您可以改编现有的ant脚本以使用 Maven Ant任务或常春藤.这样可能不会那么恐怖,并且已经减轻了一些痛苦.

As pointed out in a comment, your customer doesn't necessarily need to fully adopt Maven to benefit from dependency management, you could adapt the existing ant scripts to use the Maven Ant tasks or Ivy. This might be less scary and already remove some pain.


Regarding the way Maven manages dependencies, I would simply explain that:

  • 工件由坐标(groupId,artifactId,版本)标识.
  • 这允许使用标准化的目录结构(存储库)存储它们
  • 依赖性比JAR更重要:它是带有POM的JAR,可以实现传递依赖性解析.


And the benefits of such a dependency management solution are:

  • 没有依赖项的混乱,它们是唯一标识的(不再有那是什么版本?" syndrom)
  • VCS中没有更多的二进制数据(更快的签出,更少的空间)
  • 更轻松地在项目之间重用工件(不再有通过电子邮件发送的jar)
  • 具有传递依赖项解决方案的轻松管理


And because you don't want to rely on public repositories, because you need to store your own artifacts, you need an enterprise repository. My personal choice would be Nexus:

  • 因为它是基于文件的(不同于Artifactory,而且我不想将我的工件放入数据库中)
  • 因为安装/使用很简单
  • 因为易于管理


Here are some resources about Nexus (sorry, I just don't use Artifactory):

  • Should we use Nexus or Artifactory for a Maven Repo?
  • Ning’s Migration from Artifactory to Nexus Professional
  • From Apache Archiva to Sonatype Nexus


And just in case, here are some presentation material about Maven:

  • Several presentations by Arnaud Héritier.
  • Maven 2.x by Jason van Zyl.
  • Maven 2.0 - Improve your build patterns by Vincent Massol.
  • 3.5. Core Concepts in the Maven Definitive Guide


10-30 14:40