问题
We have 1 company parent pom. This uses dependencyManagement to manage the versions for all the dependencies of all the artifacts used.
What is alarming, is that SNAPSHOT versions can be defined in dependencyManagement. Though when maven release is performed, the pom is allowed to be released with SNAPSHOT version in dependencyManagement. Why?
If I point a child project to a released version of the company parent pom, and this child project uses a dependency defined in dependencyManagement though it's a SNAPSHOT version, I'm unable to release the child project.
Why does Maven allow SNAPSHOT version for an artifact defined in dependencyManagement to be released? And how can I configure the maven release plugin to fail if there is a SNAPSHOT version defined?
回答1:
What is alarming, is that SNAPSHOT versions can be defined in dependencyManagement. Though when maven release is performed, the pom is allowed to be released with SNAPSHOT version in dependencyManagement. Why?
I would expect the maven-release-plugin to update SNAPSHOT versions in dependencyManagement upon release. Actually, there are some Jira about this, for example MRELEASE-91 and MRELEASE-202 that may affect you.
So the question is: which version of the plugin are you using?
But to be honest, it's not really clear what versions are affected by MRELEASE-202, the comments are confusing (so I wonder if the issue is fixed or not). Anyway, if the version you are using is affected, then upgrade to a more recent version. And if the bug/regression (I think it's a bug) is still there, then raise a new issue.
回答2:
I do not have the answer as to 'why' (personally I think it's a bug), but I have a way to prevent this happening: use the Maven Enforcer plugin.
A company called smartics (lowercase s) have created a rule (NoSnapshotDependenciesInDependencyManagementRule) to prevent this exact problem.
You basically need to add the following to your parent POM:
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>1.4.1</version>
<executions>
<execution>
<id>enforce-project-rules</id>
<phase>test</phase>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<NoSnapshotDependenciesInDependencyManagementRule
implementation="de.smartics.maven.enforcer.rule.NoSnapshotsInDependencyManagementRule">
<onlyWhenRelease>true</onlyWhenRelease>
<checkOnlyResolvedDependencies>false</checkOnlyResolvedDependencies>
</NoSnapshotDependenciesInDependencyManagementRule>
</rules>
</configuration>
</execution>
</executions>
<dependencies>
<dependency>
<groupId>de.smartics.rules</groupId>
<artifactId>smartics-enforcer-rules</artifactId>
<version>1.0.2</version>
</dependency>
</dependencies>
</plugin>
来源:https://stackoverflow.com/questions/2089246/why-does-maven-release-plugin-allow-for-snapshot-version-in-dependency-managemen