SNAPSHOT dependency

@ctrueden @tpietzsch
I am depending on

		<dependency>
			<groupId>sc.fiji</groupId>
			<artifactId>bigdataviewer-vistools</artifactId>
			<version>1.0.0-beta-14-SNAPSHOT</version>
		</dependency>

But the enforcer rules of scijava in maven won’t let me depend on a SNAPSHOT version. Is there a way around this?

mvn -Denforcer.skip=true clean compile ...
should do the trick.

2 Likes

( You can also skip enforcement in the pom like so ).

1 Like

Or equivalently adding <enforcer.skip>true</enforcer.skip> to the <properties> section of the pom

3 Likes

Thanks! Yes, I know that trick :wink:
But keeping the enforcer on can also be a good thing, because it also tells me some useful stuff. l was thus wondering whether I could somehow just skip this one particular SNAPSHOT issue while still getting all the other messages.

1 Like

I agree and I would generally discourage skipping the enforcer. Maybe it is best to just skip the enforcer on the command line as suggested above. That way, at least, it is skipped only locally and you will be less likely to forget that you are skipping it. Down-side: Travis builds will fail.

Maybe @ctrueden can also comment.

2 Likes

You can probably do this by adding a <plugin> <configuration> section in your pom.xml like this:

            <configuration>
              <rules>
                <requireReleaseDeps>
                  <message>No Snapshots Allowed!</message>
                  <excludes>
                    <exclude>sc.fiji:bigdataviewer-vistools</exclude>
                  </excludes>
                </requireReleaseDeps>
              </rules>
              <fail>true</fail>
            </configuration>

See here: https://maven.apache.org/enforcer/enforcer-rules/requireReleaseDeps.html


But I agree with @hanslovsky, better only skip it temporarily from the command line and don’t get tempted to depend on SNAPSHOT versions in production code :wink:


Edit:
You can also always ask the maintainers if they’re willing to cut a release for you :smile: Usually that works quite well and fast!

3 Likes

In your apache link, there is this example:

<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>3.0.0-M2</version>

…to do this, I guess that means I need to figure out the name of the enforcer plugin in question that Fiji is using, right? I tried to look for it in scijava parent-pom, but could not find it…

I strongly recommend depending on a release version instead.

From the pom-scijava-base README:

Reproducible builds. This rule means no SNAPSHOT dependencies, no SNAPSHOT parents, and no SNAPSHOT plugin versions. A snapshot version is not immutable, which means that code which depends on a snapshot may build today, but not build tomorrow, if the snapshot is later changed. The best way to avoid this conundrum is to never depend on SNAPSHOT versions. Snapshot are best used for testing only; they can be used transiently, but their use should never make it onto the main integration branch (i.e., master) of a project. See also Using snapshot couplings during development.

3 Likes

You can get your effective pom using:

mvn help:effective-pom -Doutput=effective-pom.xml

The artifact and version are defined in the <pluginManagement> section of pom-scijava's parent: pom-scijava-base:

3 Likes