是否可以使用Gradle maven插件创建仅Maven POM(BOM)的版本,以将其部署到Nexus? [英] Can I create a Maven POM-only (BOM) build using the Gradle maven plugin to be deployed to Nexus?
问题描述
我有一个Gradle项目,该项目使用 Spring的依赖管理插件定义一个依赖版本列表.我还使用 Maven插件将项目部署到Maven存储库. /p>
我希望能够将其部署为Maven物料清单(BOM),以便可以在其他Gradle项目中使用它来定义我的依赖版本.只要我还部署了JAR文件,我就能使它正常工作.但是,JAR完全是空的并且是多余的.我的目标是仅生成和部署POM文件,就像如果这是一个带有"pom"包装的Maven项目一样.
如果我手动将JAR从要发布的工件列表中排除,那么什么都不会安装,甚至POM文件也不会安装.
这是一个测试版本,用于演示该问题:
group 'test'
version '1.0.0-SNAPSHOT'
buildscript {
repositories {
mavenCentral()
}
dependencies {
classpath 'org.springframework.boot:spring-boot-gradle-plugin:1.5.1.RELEASE' //Matches the Spring IO version
}
}
apply plugin: 'java'
apply plugin: 'io.spring.dependency-management'
apply plugin: 'maven'
dependencyManagement {
dependencies {
dependency 'cglib:cglib-nodep:3.2.4'
dependency 'junit:junit:4.12'
}
}
////Uncommenting this causes nothing at all to be deployed:
//jar.enabled = false
//configurations.archives.artifacts.with { archives ->
// archives.removeAll { it.type == 'jar' }
//}
以上内容正确地产生了以下POM文件并将其安装到我的本地Maven存储库中:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<modelVersion>4.0.0</modelVersion>
<groupId>test</groupId>
<artifactId>gradle-pom-packaging-test</artifactId>
<version>1.0.0-SNAPSHOT</version>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>cglib</groupId>
<artifactId>cglib-nodep</artifactId>
<version>3.2.4</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
</dependency>
</dependencies>
</dependencyManagement>
</project>
但是,它还会安装一个JAR文件,除了MANIFEST.MF文件之外,该文件都为空.
我可以使用maven-publish插件成功使它正常工作.但是,我还利用 Gradle Sonatype Nexus插件将工件发布到Nexus实例.由于这是基于maven插件的,因此maven-publish插件将无法满足我的需求.以下是我需要添加以使其与maven-publish插件一起使用的所有信息:
apply plugin: 'maven-publish'
publishing {
publications {
maven(MavenPublication) {
}
}
}
是否有一种方法可以使用maven Gradle插件生成和部署POM文件,就像这是一个带有"pom"包装的Maven项目一样?
Tha acdcjunior 的answer 可以有所改善.
可以在标准dependencies部分中声明build.gradle中的依赖项.此外,在BOM表的pom.xml中,应在dependencyManagement部分中声明版本:
plugins {
id 'java-library'
id 'maven-publish'
}
group = 'com.example'
version = '1.0.0'
repositories {
mavenCentral()
}
dependencies {
api 'org.apache.commons:commons-lang3:3.9'
api 'org.postgresql:postgresql:42.2.11'
}
publishing {
repositories {
maven {
url = "$nexusUrl"
credentials {
username = "$nexusUsername"
password = "$nexusPassword"
}
}
}
publications {
maven(MavenPublication) {
groupId = "${project.group}"
artifactId = "${project.name}"
version = "${project.version}"
pom.withXml {
asNode().children().last() + {
resolveStrategy = Closure.DELEGATE_FIRST
name 'My BOM'
description 'My Bill of Materials (BOM)'
dependencyManagement {
dependencies {
project.configurations.each { conf ->
conf.dependencies.each { dep ->
dependency {
groupId "${dep.group}"
artifactId "${dep.name}"
version "${dep.version}"
}
}
}
}
}
}
}
}
}
}
生成的pom.xml可以使用以下命令发布到Nexus
./gradlew clean build publish -i
或本地Maven存储库(~/.m2/repository)
./gradlew clean build pTML -i
该符号不仅更短,而且还允许处理相关性.例如,使用OWASP Dependency-Check插件执行漏洞扫描:
plugins {
//...
id 'org.owasp.dependencycheck' version '5.3.0'
}
dependencyCheck {
failBuildOnCVSS = 9 //Critical Severity
}
check.dependsOn dependencyCheckAnalyze
I have a Gradle project which uses Spring's dependency management plugin to define a list of dependency versions. I am also using the Maven plugin to deploy the project to a Maven repository.
I would like to be able to deploy this as a Maven bill of materials (BOM) so that I can use it in other Gradle projects to define my dependency versions. I have been able to get this to work so long as I also deploy a JAR file. However, the JAR is completely empty and superfluous. My goal is to generate and deploy just the POM file, like I would be able to do if this were a Maven project with a "pom" packaging.
If I manually exclude the JAR from the list of artifacts to be published, then nothing gets installed, not even the POM file.
This is a test build to demonstrate the issue:
group 'test'
version '1.0.0-SNAPSHOT'
buildscript {
repositories {
mavenCentral()
}
dependencies {
classpath 'org.springframework.boot:spring-boot-gradle-plugin:1.5.1.RELEASE' //Matches the Spring IO version
}
}
apply plugin: 'java'
apply plugin: 'io.spring.dependency-management'
apply plugin: 'maven'
dependencyManagement {
dependencies {
dependency 'cglib:cglib-nodep:3.2.4'
dependency 'junit:junit:4.12'
}
}
////Uncommenting this causes nothing at all to be deployed:
//jar.enabled = false
//configurations.archives.artifacts.with { archives ->
// archives.removeAll { it.type == 'jar' }
//}
The above correctly produces and installs the following POM file into my local Maven repo:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<modelVersion>4.0.0</modelVersion>
<groupId>test</groupId>
<artifactId>gradle-pom-packaging-test</artifactId>
<version>1.0.0-SNAPSHOT</version>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>cglib</groupId>
<artifactId>cglib-nodep</artifactId>
<version>3.2.4</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
</dependency>
</dependencies>
</dependencyManagement>
</project>
However, it also installs a JAR file that is empty save for the MANIFEST.MF file.
I was able to successfully get this working using the maven-publish plugin. However, I'm also making use of the Gradle Sonatype Nexus plugin to publish the artifact to a Nexus instance. As this builds upon the maven plugin, the maven-publish plugin will not work for my needs. The following is all I needed to add to get it working with the maven-publish plugin:
apply plugin: 'maven-publish'
publishing {
publications {
maven(MavenPublication) {
}
}
}
Is there a way to generate and deploy just the POM file using the maven Gradle plugin, like I would be able to do if this were a Maven project with a "pom" packaging?
Tha acdcjunior's answer can be improved a little.
Dependencies in the build.gradle can by declared in the standard dependencies section. Also, in pom.xml of a BOM versions should be declared in dependencyManagement section:
plugins {
id 'java-library'
id 'maven-publish'
}
group = 'com.example'
version = '1.0.0'
repositories {
mavenCentral()
}
dependencies {
api 'org.apache.commons:commons-lang3:3.9'
api 'org.postgresql:postgresql:42.2.11'
}
publishing {
repositories {
maven {
url = "$nexusUrl"
credentials {
username = "$nexusUsername"
password = "$nexusPassword"
}
}
}
publications {
maven(MavenPublication) {
groupId = "${project.group}"
artifactId = "${project.name}"
version = "${project.version}"
pom.withXml {
asNode().children().last() + {
resolveStrategy = Closure.DELEGATE_FIRST
name 'My BOM'
description 'My Bill of Materials (BOM)'
dependencyManagement {
dependencies {
project.configurations.each { conf ->
conf.dependencies.each { dep ->
dependency {
groupId "${dep.group}"
artifactId "${dep.name}"
version "${dep.version}"
}
}
}
}
}
}
}
}
}
}
The resulting pom.xml can be published to Nexus with the command
./gradlew clean build publish -i
or to a local Maven repo (~/.m2/repository)
./gradlew clean build pTML -i
This notation is not only shorter but also allows processing dependencies. For example, perform vulnerabilities scanning using OWASP Dependency-Check plugin:
plugins {
//...
id 'org.owasp.dependencycheck' version '5.3.0'
}
dependencyCheck {
failBuildOnCVSS = 9 //Critical Severity
}
check.dependsOn dependencyCheckAnalyze
这篇关于是否可以使用Gradle maven插件创建仅Maven POM(BOM)的版本,以将其部署到Nexus?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
