Skip to content
/ maven-survival-guide Public

Code and walkthrough for the talk "Apache Maven survival guide “Bring it on! -Mode” #no-external-tools #only-standard-plugins"

License

Apache-2.0 license
52 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

rfichtner/maven-survival-guide

BranchesTags

Repository files navigation

maven-survival-guide

Code and walkthrough for the talk "Apache Maven survival guide “Bring it on! -Mode” #no-external-tools"

Walkthrough

Level 0: verify the project

  1. Find out what you are running on

    mvn -version

  2. Make sure you can build the project

    mvn verify

  3. Have a look and see what your effective POM looks like

    mvn help:effective-pom

Level 1: add some tests and make them run

  1. check for plugin updates

    mvn versions:display-plugin-updates

  2. add maven-enforcer-plugin

  3. check for plugin updates - again

    mvn versions:display-plugin-updates

  4. update maven-surefire-plugin to a version that supports Junit 5

Bonus Level: Make build reproducible

  1. specify a version for all plugins in your build

  2. check if you caught them all with

    mvn versions:display-plugin-updates

    Note 1:

    Maven 3.8.1 will break your bulid if you have non-https URLs for repos

    Note 2:

    You can use Maven Wrapper to bring your own Maven Version to build your project

Level 2: add some dependencies and check if really need them

  1. add some dependencies - because your code needs them?

  2. check for used / unused dependencies

    mvn dependency:analyze

    or if you have an older version with a bug

    mvn org.apache.maven.plugins:maven-dependency-plugin:3.5.0:analyze

  3. check the dependency tree to understand what is happening

    mvn dependency:tree

  4. marie kondo your dependencies - also check if your dependencies "spark joy"

Level 3: secure your project

  1. check for CVEs with

    mvn org.owasp:dependency-check-maven:check

  2. understand what the result means for your project (target/dependency-check-report.html)

  3. update your affected dependencies

  4. recheck for CVEs with

    mvn org.owasp:dependency-check-maven:check

Level 4: save time, save money and the planet earth

  1. use a current Java and Maven version for your builds: https://maven.soebes.team/scenario-1.html

  2. add the maven-profiler extension from Jean-Christophe Gay or Karl Heinz Marbaise

  3. find out where you can save time, money and the planet earth

    1. What (plugins) are executed in which phase?

      mvn buildplan:list-phase

    2. Profile different commands and see the differences:

      mvn clean install
      mvn clean verify
      mvn verify
      mvn install

  4. find and kill stale resources

    mvn verify -X

Level 5: check for forbidden APIs

  1. add the Policeman's Forbidden API checker

  2. choose whats forbidden in your project

  3. verify your project

    mvn verify

  4. fix forbidden calls

  5. verify your project

    mvn verify

Level 6: paperwork

  1. declare a license for your project

  2. check if you are going to jail and why (legal stuff / wasting bandwidth)

    mvn project-info-reports:dependencies

    mvn license:third-party-report

  3. understand what the results mean for your project:

    • target/reports/dependencies.html
    • target/site/third-party-report.html

About

Code and walkthrough for the talk "Apache Maven survival guide “Bring it on! -Mode” #no-external-tools #only-standard-plugins"

Topics

maven maven-plugin

Resources

Readme

License

Apache-2.0 license
Activity

Stars

52 stars

Watchers

3 watching

Forks

4 forks
Report repository

Contributors 2

  •  
  •  

Languages