Issue
When specifying the repository element why we need snapshots and releases as well?
Example:
<repository>
<id>my-repo</id>
<url>https://some.url.com/my-repo</url>
<snapshots>
<enabled>false/true</enabled>
</snapshots>
<releases>
<enabled>false/true</enabled>
</releases>
</repository>
How it affects a specific version of the dependency? (1.2.3-SNAPSHOT, 1.2.3, 1.2.3-RELEASE)
When there are multiple repositories, which repository will be searched for the artifact? How the artifacts being resolved?
Solution
When specifying the repository element why we need false/true and as well?
We need to do so if we would like to have a repository only for released versions, for instance, and another one only for SNAPSHOT versions.
This is a common use case for enterprise Maven repositories (i.e. Nexus, Artifactory, Archivia), when certain versions (like SNAPSHOT) are only available in a repository (deployed but a CI job, as an example) while released versions would only be available in another repository. A CI job releasing something for PROD should only use the latter repository, not using/allowing any SNAPSHOT version and breaking the build otherwise (enforcing build reproducibility and good practices).
From official Maven Settings documentation
releases, snapshots: These are the policies for each type of artifact, Release or snapshot. With these two sets, a POM has the power to alter the policies for each type independent of the other within a single repository. For example, one may decide to enable only snapshot downloads, possibly for development purposes.
enabled:
trueorfalsefor whether this repository is enabled for the respective type (releasesorsnapshots).
When there are multiple repositories , which repository will be searched for the artifact? How the artifacts being resolved?
The order of declaration will affect the look up order used by Maven. Check this official Maven ticket providing the fix for the proper behavior from version 3.0 on.
- MNG-4400: Repository order from settings.xml is not respected during artifact resolution
How it affects a specific version of the dependency? (1.2.3-SNAPSHOT, 1.2.3, 1.2.3-RELEASE)
Merging the two answers above, depending on the order of declaration and which repository allow which type of artifact (snapshot or not).
Further references:
Answered By - A_Di-Matteo
Answer Checked By - Senaida (JavaFixing Volunteer)
