Maven Common Configuration #

A maven configuration which is used as commons config parent for POM files for my maven open source projects. Defines a lot of defaults in pluginManagement and some in dependencyManagement and activates some plugins.

Features #

Here is a high level feature set of this project:

• Flexible JDK compiler config with using profiles
• Checkstyle
• Google Errorprone (Java 7)
• Maven enforcer (for Maven version)
• Versions plugin
• OWASP dependency checker
• Jacoco + Coveralls
• Jarsigner
• Checksum
• Default versions for plugins in the Super POM
• Default versions for junit, jackson, bytes and more

Setup #

Use as parent pom:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>at.favre.lib</groupId>
        <artifactId>common-parent</artifactId>
        <version>[current-version]</version>
    </parent>
    ...
</project>

Don’t forget to overwrite <scm>...</scm> config, otherwise it will be inherited from this project.

Maven Wrapper (recommended) #

It is recommended to use maven wrapper in a new project. Initialize with:

mvn wrapper:wrapper  

then you can use mvnw instead of mvn. The advantage is that everybody (+ci) uses a pre-defined maven version. Even IntelliJ has Maven wrapper support.

Configuration #

There are many ways to easily customize the parent configuration without the need to change the POM itself. Have a look at the commonConfig.* properties in the POM and override them as you please in your <properties />.

Important config:

<!-- set this to true if fail because of missing credentials -->
<commonConfig.jarSign.skip>false</commonConfig.jarSign.skip>

Additionally, you can use maven itself to override certain settings. For instance if you want to deactivate checkstyle, just add

<plugins>
    <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-checkstyle-plugin</artifactId>
        <configuration>
            <skip>true</skip>
        </configuration>
    </plugin>
</plugins>    

JDK Config #

To set the JDK you want to use, this config uses profiles. The easiest way to activate one of the is to generate the file .mvn/maven.config and add e.g.:

-DcommonConfig.compiler.profile=jdk8_w_errorprone

Currently possible values:

• jdk7
• jdk7_w_errorprone
• jdk8
• jdk8_w_errorprone
• jdk11
• jdk11_w_errorprone
• jdk17
• jdk17_w_errorprone

You can check if the correct profile is set with

mvnw help:active-profiles
mvnw help:all-profiles

Jacoco Minimum Coverage Rules #

If the Jacoco plugin is used, some minimum coverage ratio checks are active. Change them with these properties:

• commonConfig.jacoco.check.linecov (60% default)
• commonConfig.jacoco.check.methodcov (70% default)
• commonConfig.jacoco.check.classcov (80% default)

You may disable the check by setting commonConfig.jacoco.check.disable to true.

Reference to Project Root #

If you need to use e.g. a file that lives within your project (e.g. the keystore file for jar-signing) make sure you use the correct base path. There are two useful variables to help you:

• ${project.basedir} is the path of your current module
• ${session.executionRootDirectory} is the root path of your projects (and all your modules) - can be used in submodules

Deploy #

To deploy use activate the profile deploy and then you can use the nexus-staging plugin which deploys to sonatype staging, closes the staging repo, then releases it to Maven Central:

./mvnw -B verify nexus-staging:deploy -P deploy && \
./mvnw -B nexus-staging:release -P deploy

The verify is necessary so that the correct lifecycle phase is called and gpg sign is activated. This will also activate gpg sign which needs proper setup in settings.xml. As side effect, this will also set property commonConfig.deployMode.active if you want to activate other profiles in accordance for example.

See also https://github.com/sonatype/nexus-maven-plugins/tree/main/staging/maven-plugin

Built-In Plugins Explained #

Analyze #

Check the created pom with

./mvnw help:effective-pom

You may check for updates of any plugins or dependencies with

./mvnw versions:display-dependency-updates

Versions-Plugin #

Check for possible dependency updates

./mvnw versions:display-dependency-updates
./mvnw versions:display-plugin-updates
./mvnw versions:display-property-updates

Set version through command line (or ci script)

./mvnw versions:set -DnewVersion=1.2.3-SNAPSHOT

Related Projects #

• externalized checkstyle-config

License #

Copyright 2019 Patrick Favre-Bulle

Licensed under the Apache License, Version 2.0 (the “License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.