Since you're a paying customer, I'd ask your vendor to set up a Maven repo protected by HTTPS (or something similar to only allow valid customers to access it) that you can utilize. Put the onus back on them to handle the Maven repo with upgrading components etc.
If this isn't realistic, I'd write a little Perl or Ruby script to accept a version number and a directory containing the jars, and make system calls to install each jar in turn into your corporate repo. When it has finished installing them, it could output a <dependencies> xml node that you can cut and paste into your project pom.xml files to pull in all the newly installed modules. (Someone actually sent a Ruby script to do the first half of this a few weeks ago, check the User list archive.) As for "dependency plugin does not add dependencies"... I'm wondering where that's coming from... If your third-party jars were "proper" Maven dependencies, they would each have a pom file describing their dependencies. So you could include in your pom a dependency on modA, which has deps on modB, modC; and modC has deps on modD and modE. Simply by adding the modA dep in your project's pom file, you would have modA-modE pulled in and used automatically as needed during compilation, testing, etc. Only because you are not creating proper poms for each module, declaring what specifically is dependent on what else etc, Maven cannot build a dependency tree to discover these transitive dependencies. So instead you have to declare every single module individually in your pom, I guess. This is not a fault of Maven, rather, it is a failure related to your current usage of the tool. (imho) We use some "commercial toolkit" jars as well, but check them into our Corporate repo, and just deal with it. Its not that big of a deal for us. The 1hr work of one person turns into hours saved not emailing jars around to all the various members of different development teams to make sure their project lib folders are up to date, dealing with large quantities of binary files checked into source control, etc. So for us it is an advantage. Wayne On 4/25/06, Martin Cooper <[EMAIL PROTECTED]> wrote: > On 4/24/06, Wayne Fay <[EMAIL PROTECTED]> wrote: > > > > It is *strongly* suggested that you do not utilize scope system. This > > is available for the rare use case which actually requires it. > > > > In general, you should add dependencies to your local repo (or a > > corporate repo, if you are using one) and use <dependency> in the > > normal manner. > > > So what do people do when they're using commercial libraries that aren't > just jars? We use a commercial toolkit that comprises just under 5,000 > files, 40 of which are jar files. Right now, just so that I can use the > Maven repo, I have to manually deploy each of those jar files to our > internal repo, adding version numbers, creating group and artifact ids, etc. > Then I have to package the other files up as a few zip files that I can > download using the Maven dependency plugin, and deploy those to the repo as > well. This is a painful manual process that needs to be repeated each time > we get a new version from the vendor. > > Things might be simpler if the dependency plugin actually related to > dependencies. ;-) What I mean is that, in theory, I could just drop the > whole 3rd party toolkit into the repo as a zip file, use the dependency > plugin to grap and explode it, and then reference the jar files in my POM. > But doing that would require the use of system scope, because the dependency > plugin doesn't actually add dependencies to your build. (Actually, I really > don't understand why it's called the 'dependency' plugin, unless I've missed > something quite fundamental about it. ;) > > Since I can't imagine that using a commercial toolkit could be considered a > "rare use case", I'm wondering if I'm missing something rather basic. What > are other people doing in similar circumstances? > > -- > Martin Cooper > > > Wayne > > > > On 4/24/06, Kristian Nordal <[EMAIL PROTECTED]> wrote: > > > On 4/24/06, Brandon Goodin <[EMAIL PROTECTED]> wrote: > > > > > > > > Is it a requirement that i use the remote repository for jars? Is > > > > there a way to reference jars that are distributed with the code when > > > > checked out from the code repository? > > > > > > > > > Take a look at the "system" scope: > > > > > http://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html > > > > > > e.g: > > > <dependency> > > > <groupId>foo</groupId> > > > <artifactId>foo</artifactId> > > > <version>1.0.0</version> > > > <scope>system</scope> > > > <systemPath>${basedir}/foo/foo/1.0.0/foo-1.0.0.jar</systemPath> > > > </dependency> > > > > > > -- > > > Cheers, > > > Kristian > > > > > > > > > >
