On 12 May 2013, at 2:47 AM, Joe Osowski <[email protected]> wrote:
> Yes, you are correct. However, the problem with release/snapshots is that > maven assumes a revision in the VCS is a release. But in reality, a release > is the binary built by maven. A release is never just the binary built by maven, those are just bits, which can be rebuilt by maven at any time. Think of a release as something that can signed off, be it by a set of testers, or perhaps by someone doing due diligence with respect to intellectual property or license compliance, or perhaps as the entity that you delivered to the client. You can't sign off opaque bits, but you can sign off source code. > Using snapshots with multiple snapshot dependencies introduces changes at > release time that a release engineer has get to right, and mistakes will get > made. Exactly, and because of this all bets are off. A release in the maven world has a firm definition, it is a repeatable build, and a repeatable build cannot depend on or include any snapshot code. > The binary that is tested needs to be the release, not a binary that gets > generated after the release. For us anyway, I'm sure with fewer or no > snapshot dependencies it's different. If you're creating releases with maven ideally you should be doing this with the maven-release-plugin. This plugin performs a comprehensive set of sanity checks, and if the project passes a tag is created with a unique version number. As a second step the plugin then builds that pristine tag (and only that tag) after a clean checkout, giving you the guarantee that your binary matches the source code precisely. Most importantly the release plugin doesn't rely on humans following (or not following) a set of instructions, it is all completely automated and hands free. Regards, Graham -- --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
