The Java-based Shibboleth products use Maven in order to build, package, deploy and report on projects. This document will explain how to configure and use Maven within our projects. Note, this is not a general guide to Maven. For such information you need to refer to the Maven website.
Note, Maven does provide a way to obfuscate the passwords in this file by encrypting them with a passphrase. However that passphrase can only be read from a file. Therefore, instead of using such a mechanism we just recommend protecting your settings.xml file with whatever mechanism you'd protect the passphrase file.
Building projects is fairly simple. For a monolithic project, change to the project directory. For a multi-module project change to the *-parent directory in the project directory. Then execute:
mvn -Prelease package
As projects are undergoing development there are times when unit tests don't pass. You can skip the execution of the tests by running the command:
mvn -Prelease -DskipTests package
Supressing the maven repository checks
As a bulwark against by default all projects run a signature check on all non-source, non-test, non snapshot jars in your maven repository during the install phase. Developers will usually have files that the build system does not know how to signature check (the eclipse IDE brings down a large number of uncheckable artifacts). You can avoid getting a fail in two wasy
Build into a separate repository
Set the maven.repo.local property to the name of the alternate repository
As dependencies change, new versions of existing artifacts or new dependencies outright must be uploaded to the Nexus third-party repository for use by the product builds. This is done using the deploy:deploy-file goal after downloading and verifying the artifact out of band.
Assuming your settings.xml file is in place as above, the following example shows how an authorized developer can upload a new artifact. In the event that the artifact has no dependencies in its own right, the following command line options are needed:
The first three are fixed values based on use of the "thirdparty" repository and a settings file as above. If you use a different server ID to manage your credentials, use that ID in the repositoryId option.
The last four parameters are based on the artifact being uploaded. The groupId and artifactId will depend on how the artifact would be referenced in subsequent POM files.