• Embed Doc
  • Copy Link
  • Readcast
  • Collections
Download
 
REPOSITORY MANAGEMENT: STAGES OF ADOPTION
ADOPTINGREPOSITORY MANAGEMENTBEST PRACTICES
For more Information about Sonatype Nexus:http://www.sonatype.com/products/nexusTo download your free trial of Nexus Professional:http://www.sonatype.com/products/downloads
The Maven Company
800 W. El Camino Real, Suite 400, Mountain View, CAtelephone: +1 (650) 248-2919 fax: +1 (650) 472-9197
www.sonatype.com
 
Repository Management: Stages of Adoption
Introduction
Organizations that use 3rd-party and/or open source software in their application development are in-creasingly using repository managers to gain control over the software artifacts they acquire. This is espe-cially true if these organizations use Maven to build and release their applications. Repository Managersstore and manage binary software artifacts, similar to the way source control management tools like Sub-version store and manage source code. Driven by the growth of using open source components as part of applications, repository managers are quickly gaining advanced capabilities to support the modern soft-ware development lifecycle. This paper focuses on Nexus Professional, the leading solution in this marketsegment, provided by Sonatype.Adopting a repository manager is not an all or nothing proposition, and there are various levels (orstages) of adoption that can be distinguished when approaching repository management. On one end of the adoption spectrum is the organization that installs a repository manager just to control and consoli-date access to a set of remote repositories. On the other end of the spectrum is the organization whichhas integrated the repository manager into an efficient software development lifecycle, using it to facili-tate decision points in the lifecycle, encouraging more efficient collaboration throughout the enterprise,and keeping detailed records to increase visibility into the software development process.This document outlines the stages of adoption, and provides organizations with a roadmap for adopting best practices in repository management for each phase. The phases are Proxying, Hosting, and Lifecy-cle Integration. Proxying and Hosting can be started without any disruption or significant processchange, and as the organization progresses to Lifecycle Integration the benefits increase.In addition to outlining the stages of adoption, this document also aims to provide some motivation formoving to an environment which is supported by a repository manager: What are the benefits of embrac-ing a repository manager and what is the road map? How does a development team adopt Nexus Pro-fessional?
Stage Zero: Before Using a Repository Manager
While this isn’t a stage of adoption, Stage Zero is a description of the way software builds work in theabsence of a repository manager. When a developer decides that a he needs a particular open sourcesoftware component, he will download it from the component’s website, read the documentation, andfind the additional software that his components rely on (referred to as “dependencies”). Once he hasmanually assembled a collection of dependencies from various open source project web sites and proprie-tary vendors, he will place all these components somewhere on the network so that he, his team mem- bers, the build script, the QA team, and the production support team can find it. At any time, other de-
Sonatype, Inc.Introduction to Repository Management1
 
velopers may bring in other components, sometimes with overlapping dependencies, placing them indifferent network locations. The instructions to bring all of these ad-hoc, developer managed compo-nents libraries together in a software build process can become very complicated and hard to maintain.Maven was introduced to improve the build process by introducing the concept of structured repositoriesfrom which the build scripts can retrieve the software components. In Maven language, these softwarecomponents or dependencies are referred to as “artifacts”, a term which can refer to any generic softwareartifact including components, libraries, frameworks, containers, etc. Maven can identify artifacts in re-positories, understand their dependencies, retrieve all that are needed for a successful build, and deployits output back to repositories when done.Driven by the adoption of Maven, public repositories of open source software artifacts have sprung upand become very widely used. The canonical “Maven Central” repository contains the vast majority of allopen source Java software and is used by more than 50,000 companies. Many mirrors of Maven Centralexist to make access faster and more convenient, and companies such as Red Hat and Sun Microsystemshost their own repositories for their own public products. But, as sophisticated as Maven is, a Maven re-pository is little more than a structured filesystem to contain binary software artifacts and associated me-tadata. Developers using Maven without a repository manager find most of their software artifacts anddependencies in Maven Central. If they happen to use another remote repository or if they need to add acustom artifact, the solution, in Stage Zero, is to manually manipulate the files in a local repository andshare this local repository with multiple developers. While this approach may yield a working build fora small team, managing a shared local repository doesn’t allow an organization to scale a developmenteffort; there is no inherent control over who can set up a local repository, who can add to them or changeor delete from them, nor are there tools to protect the integrity of these repositories.That is, until Repository Managers were introduced.
Stage One: Proxying Remote Repositories
This is the easiest stage to understand both in terms of benefits to an organization and action required tocomplete this stage. All you need to do to start proxying a remote repository is to deploy the Nexus re-pository manager and start the server with the default configuration. Configure your Maven clients toread from the Nexus public repository group, and Nexus will automatically retrieve artifacts from remoterepositories, such as Maven Central, caching them locally.While proxying saves both bandwidth and time, it also consolidates access to external resources to a localrepository manager. Without a repository manager, your organization might have hundreds of develop-ers independently downloading the same artifacts from public, remote repositories. With a repositorymanager, these artifacts can be downloaded once and stored locally. In addition to the savings in band-
Sonatype, Inc.Introduction to Repository Management2
of 00

Commenting has been disabled.