I'm not *wanting* to allow overwriting release versions, that is kind of the point. But, out of the box, an artifactory maven (release) repository appears to allow this. And there's no configuration option that I can find that says "don't allow overwriting versions".
It's not obvious to me, not having that much experience with maven, whether this is "right" or "wrong". I *think* that the maven view of the world is that there is one, unique, artefact with any given (non-snapshot) version number, and therefore that any two artifacts that you might see with the same (non-snapshot) coordinates are to be considered equivalent. The corollary of that is that versions are (should be) immutable. But if that is the case, then artifactory breaks that rule by allowing you to overwrite released versions. As I say, my understanding of maven is shallow. Relying on uniqueness of git tags seems like the most profitable route, assuming I can understand how I ensure that that check is done before the upload actually happens. -----Original Message----- From: Christian Schneider [mailto:cschneider...@gmail.com] On Behalf Of Christian Schneider Sent: 27 June 2017 08:21 To: Tom Quarendon <tom.quaren...@worldprogramming.com>; users@felix.apache.org Subject: Re: API baselining with maven-bundle-plugin Be very careful with overwriting a release version. It is easy to configure a maven repository like artifactory to allow that but you will have problems in other places. The crucial problem is with the local maven repo. Maven updates snapshots in a configurable way but it never updates release versions. So if maven downloaded a 1.0.0 version of an artifact once it will never overwrite it again or even check if there is a new version. So if you want to use continuous deployment then you either need to use snapshots .. which makes the releases not really reproducible or you need to use an automatic release process that simply increases a version and does the full release process. Christian On 27.06.2017 09:05, Tom Quarendon wrote: >> 2. If you have released version 1.0.0. (i.e. non-SNAPSHOT) of a bundle with >> Maven then you will be able to build another 1.0.0 locally, but you will not >> be able to release it again — this is a built-in feature of Maven. At this >> point you will be forced to bump your bundle version, so it is slightly less >> powerful than bnd baselining which will not even permit you to build locally >> bundle 1.0.0 if it has a delta against the released bundle. > This isn't my experience. I appear to be able to happily re-release bundles > of the same version number into artifactory using maven. > I have a bundle: > > Created: 22-06-17 14:14:59 +01:00 > Last Modified: 27-06-17 07:59:48 +01:00 > > This is kind of the point really. > Maybe I can configure artifactory to prevent that, but not obviously. > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@felix.apache.org > For additional commands, e-mail: users-h...@felix.apache.org -- Christian Schneider http://www.liquid-reality.de Open Source Architect http://www.talend.com --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@felix.apache.org For additional commands, e-mail: users-h...@felix.apache.org
