Using Maven checksums and snapshots
The following sections describe how to use Maven checksums and Maven snapshots in CodeCatalyst.
Using Maven checksums
When a Maven package is published to a CodeCatalyst package repository, the checksum
associated with each asset or file in the package is used to
validate the upload. Examples of assets are jar,
pom, and war files. For each asset,
the Maven package contains multiple checksum files that use the asset name with an
additional extension, such as md5 or sha1. For example,
the checksum files for a file named my-maven-package.jar might
be my-maven-package.jar.md5 and
my-maven-package.jar.sha1.
Every Maven package also contains a maven-metadata.xml file.
This file must be uploaded for a publish to succeed. If a checksum mismatch is
detected during the upload of any package file, the publish stops. This might
prevent the maven-metadata.xml from being uploaded. When that
happens, the status of the Maven package is set to Unfinished. You
cannot download assets that are part of a package with this status.
Keep the following in mind in the event of a checksum mismatch when you publish a Maven package:
-
If the checksum mismatch occurs before
maven-metadata.xmlis uploaded, the status of the package is not set toUnfinished. The package is not visible and its assets cannot be consumed. When this happens, try one of the following, and then try to download the asset again.-
Run the command that publishes the Maven package again. This might work if a network issue corrupted the checksum file during download. If the network issue is resolved for the retry, the checksum matches and the download is successful.
-
If republishing the Maven package doesn't work, delete the package and then republish it.
-
-
If the checksum mismatch occurs after
maven-metadata.xmlis uploaded, the status of the package is set toPublished. You can consume any asset from the package, including those with checksum mismatches. When you download an asset, the checksum generated by CodeCatalyst is downloaded with it. If the downloaded file is associated with a checksum mismatch, its downloaded checksum file might not match the checksum that was uploaded when the package was published.
Using Maven snapshots
A Maven snapshot is a special version of a Maven package
that refers to the latest production branch code. It is a development version that
precedes the final release version. You can identify a snapshot version of a Maven
package by the suffix SNAPSHOT that is appended to the package version.
For example, the snapshot of version 1.1 is 1.1-SNAPSHOT.
For more information, see What is a SNAPSHOT version?
CodeCatalyst supports publishing and consuming Maven snapshots. You can publish a Maven
snapshot to a CodeCatalyst repository or, if you are directly connected, to an upstream
repository. However, a snapshot version in both a package repository and one of its
upstream repositories is not supported. For example, if you upload a Maven package
with version 1.2-SNAPSHOT to your package repository, CodeCatalyst does not
support uploading a Maven package with the same snapshot version to one of its
upstream repositories. This scenario might return unpredictable results.
When a Maven snapshot is published, its previous version is preserved in a new
version called a build. Each time a Maven snapshot is
published, a new build version is created. All previous versions of a snapshot are
maintained in its build versions. When a Maven snapshot is published, its status is
set to Published and the status of the build that contains the previous
version is set to Unlisted.
If you request a snapshot, the version with status Published is
returned. This is always the most recent version of the Maven snapshot. You can also
request a particular build of a snapshot.
To delete all build versions of a Maven snapshot, use the CodeCatalyst console.
