Problem Description
Consider the case maven is being used on hudson.
Now someone took checkout of a project,modified some files but accidently used same artifact id and version number(non snapshot).
He/She then build this project on hudson and did maven install.The modified artifact is now in hudson .m2 . Any other project which depent on it will be build with modified artifact. No one finds this out if compilation doesn’t fail. Even though correct artifact resides in central repository it is never used because modified one is picked up from .m2 when hudson starts building.
So i am looking for a way to prevent this accidental human error.
- Anyway to revoke permissions of maven install on non snapshot versions (released artifacts) on hudson ?
- Any way to compare checksums of .m2 in hudson and on in remote central repository so that checksum failures can generate warnings or fail build ?
I have already checked that there is no way to force update non-snapshots versions from central repository as they are meant to be immutable.
Purging central repository or using separate repository for each job on hudson will result in increased build times & disk space usage respectively.
Any help would be appreciated.
There was no direct way to solve this but we solved this inderctly by writing a cron-job which runs every five minutes and marks all the jars which are NON-SNAPSHOT as read only in the local repository of Hundson . In this way when some project in Hudson tries to overwrite it my mvn install or mvn deploy it fails in overwiriting the artifacts as they are readonly.
Any new artifacts to be realeased can easily be written. Once written within next five minutes script marks them as read only.
Here is code for unix script permission-handler.sh
Logging is also handled to see which all artifacts have been marked as released only.