Repository Management with Nexus
If you use Maven, you are using a repository to retrieve artifacts and Maven plugins. In fact, Maven used a Maven repository to retrieve core plugins that implement the bulk of the features used in your builds. Once you start to rely on repositories, you realize how easy it is to add a dependency on an open source software library available in the Maven Central repository, and you might start to wonder how you can provide a similar level of convenience for your own developers. When you install a repository manager, you are bringing the power of a repository like Central into your organization, you can use it to proxy Central, and host your own repositories for internal and external use. In this section, we discuss the core functionality that defines what a repository manager does.
Put simply, a repository manager provides two core features:
- The ability to proxy a remote repository and cache artifacts saving both bandwidth and time required to retrieve a software artifact from a remote repository, and
- The ability the host a repository providing an organization with a deployment target for software artifacts.
In addition to these two core features, a repository manager also allows you to manage binary software artifacts through the software development lifecycle, search and catalogue software artifacts, audit development and release transactions, and integrate with external security systems, such as LDAP. The following sections define the feature sets of Nexus Open Source and Nexus Professional.
The base-line features of a repository manager are a description of the core capabilities of Nexus Open Source. Nexus Open Source provides for the:
- Management of Software Artifacts
- A repository manager is able to manage packaged binary software artifacts. In Java development, this would include JARs containing bytecode, source, or javadoc. In other environments, such as Flex, this would include any SWCs or SWFs generated by a Flex build.
- Management of Software Metadata
- A repository manager should have some knowledge of the metadata that describes artifacts. In a Maven repository this would include project coordinates (groupId, artifactId, version, classifier) and information about a given artifact’s releases.
- Proxying of External Repositories
- Proxying an external repository yields more stable build,s as the artifacts used in a build can be served to clients from the repository manager’s cache even if the external repository becomes unavailable. Proxying also saves bandwidth and time as checking for the presence of an artifact on a local network is often orders of magnitude faster than querying a heavily loaded public repository
- Deployment to Hosted Repositories
- Organizations that deploy internal snapshots and releases to hosted repositories have an easier time distributing software artifacts across different teams and departments. When a department or development group deploys artifacts to a hosted repository, other departments and development groups can develop systems in parallel, relying upon dependencies served from both release and snapshot repositories.
- Searching an Index of Artifacts
- When you collect software artifacts and metadata in a repository manager, you gain the ability to create indexes and allow users and systems to search for artifacts. With the Nexus index, an IDE such as Eclipse has almost instantaneous access to the contents of all proxy repositories (including the Central repository) as well as access to your own internal and third-party artifacts. While the Central repository transformed the way that software is distributed, the Nexus index format brings the power of search to massive libraries of software artifacts.
- Infrastructure for Artifact Management
- A repository manager should also provide the appropriate infrastructure for managing software artifacts and a solid API for extension. In Nexus, Sonatype has provided a plugin API, which allows developers to customize both the behavior, appearance, and functionality of the tool.
Once you adopt the core features of a repository manager, you start to view a repository manager as a tool that enables more efficient collaboration between development groups. Nexus Professional builds upon the foundations of a repository manager and adds capabilities such as Procurement and Staging.
- Managing Project Dependencies
- Many organizations require some level of oversight over the open source libraries and external artifacts that are integrated into an organization’s development cycle. An organization could have specific legal or regulatory constraints that require every dependency to be subjected to a rigorous legal or security audit before it is integrated into a development environment. Another organization might have an architecture group which needs to make sure that a large set of developers only has access to a well-defined list of dependencies or specific versions of dependencies. Using the Procurement features of Nexus Professional, managers and architecture groups have the ability to allow and deny specific artifacts from external repositories.
- Managing a Software Release
- Nexus Professional adds some essential workflow to the process of staging software to a release repository. Using Nexus Professional, developers can deploy to a staging directory that can trigger a message to a Release Manager or to someone responsible for QA. Quality assurance (or a development manager) can then test and certify a release, having the option to promote a release to the release repository or to discard a release if it didn’t meet release standards. Nexus Professional’s staging features allow managers to specify which personnel are allowed to certify that a release can be promoted to a release repository giving an organization more control over what software artifacts are released and who can release them.
- Integration with LDAP
- Nexus integrates with an LDAP directory, allowing an organization to connect Nexus to an existing directory of users and groups. Nexus authenticates users against an LDAP server and provides several mechanisms for mapping existing LDAP groups to Nexus roles.
- Advanced Security
- Using Nexus Professional provides the User Token feature set. It removes the need for storing username and password credentials in the Maven settings file, replacing it with Nexus-managed tokens that can automatically be updated to the user’s specific settings file with the Maven settings integration. The tokens to not allow any reverse engineering of the user name and password and, therefore, do not expose these on the file system in the settings file in any form.
- Settings Templates
- Nexus Professional allows you to define Maven settings templates for developers. Developers can then automatically receive updates to Maven settings (~/.m2/settings.xml) using the Maven Nexus plugin. The ability to define Maven settings templates and to distribute customized Maven settings files to developers makes it easy for an organization to change global profiles or repository configuration without relying on developers to manually install a new settings file in a development environment.
- Support for Multiple Repository Formats
- Nexus Professional supports the P2 and the OSGi Bundle repository format used by the new Eclipse provisioning platform and OSGi developers. You can use the P2 plugin to consolidate, provision, and control the plugins that are being used in an Eclipse IDE. Using Nexus procurement, repository groups, and proxy repositories to consolidate multiple plugin repositories, an organization can use Nexus Professional to standardize the configuration of Eclipse IDE development environments.
- Archive Browsing
- Nexus Professional allows users to browse the contents of archives directly in the user interface as described in Section 5.6, “Using the Artifact Archive Browser”.