This repository contains the parent pom.xml for maven projects in devonfw. It configures a lot of cross-cutting aspects in this central place to avoid redundancies between pom.xml files:

• pluginManagement - defines versions and configuration defaults for maven plugins

• plugins - defines the standard plugins and their configurations for the default build lifecycle for devonfw

• profiles - defines optional features or dynamic aspects:

  • deploy - activates generation of *-javadoc.jar files as well as PGP signatures to deploy releases. Activated via mvn -P deploy. This is the default profile used by devonfw-ide on devon release.

  • eclipse - detect if maven runs within m2e inside Eclipse and use eclipse-target instead of target so that builds from Eclipse are decoupled from console builds. Otherwise mvn clean would break Eclipse, etc. This profile is triggered automatically in Eclipse.

  • security - run org.owasp:dependency-check-maven:check during the build in order to find known security vulnerabilities (CVE). Activated via mvn -P security. Is not active by default as it breaks the build even if a download failes due to temporary availability issues. Also CVEs are sometimes false positives. We strongly encourage to run this check nightly but do not recommend to use it as build-breaker in your CI.

  • licenses - run org.codehaus.mojo:license-maven-plugin goals aggregate-download-licenses and aggregate-add-third-party during the build to analyse and check licenses of third-party dependencies.

• url - configured for your github repository

• licensing - set to ASL 2.0 and point to individual LICENSE file in your repository root

• issueManagement - configured for github

• scm - configured for github

• organization - configured for devonfw and github

• distributionManagement - configure repositories and site:

  • release-repository - set to ${maven.release.repository} defaulting to OSSRH

  • snapshot-repository - set to ${maven.snapshot.repository} defaulting to OSSRH

  • maven-site - stage site to project’s toplevel build.directory (target/maven-site). From there you can do QA and transfer it to wherever you prefer.

• reporting - plugins and configurations for maven site generation.

• encoding - strictly use unicode (UTF-8)

In your repository the top-level pom.xml should look like this:

For deployment of releases you need the following prerequesites:

• Permitted account for https://oss.sonatype.org/

• GnuPG installed

• A PGP keypair generated with pgp

• Your PGP public-key published to keyservers and registered to OSSRH for com.devonfw

• Have devonfw-ide installed.

Then you can configure your setup as following:

1. cd projects/devonfw (tweak path according to your setup)

2. devon mvn --encrypt-password

3. enter your password for https://oss.sonatype.org/

4. Copy the encrypted password ({…​})

5. vi conf/.m2/settings.xml (use the editor of your choice)

6. Enter the following sections to your settings.xml and save it:

Of course you are smart enough to replace the variables with the proper values.

From now on, when you want to create a release all you need to do is:

However, ensure to call this on a clean clone of the official repository after you have pulled the latest changes and all features for the release are included and properly tested. As a best practice keep your cloned forks in main workspace while you clone the official repos in stable workspace and build releases from there.

Sources:

• OSSRH-Guide

• OSSRH-Maven