Search code examples
mavengithubopen-source

Using patched library before publishing new version to M2 repository

This is first time when I want to involve into fixing third-party open-source library. Library is hosted on github, so I made a fork of this lib, I cloned my fork to my computer and created feature branch for this fix (To do single commit merge afterwards) This is not a problem.

The problem is time after I do the fix and before library author publishes fix to maven repository. I would like to use this library in my project as fast as I fix this particular bug. I am currently only one person working on a project (this is my pet project, really). But this is a matter of time until I will get into such trouble with my commercial work where I am not the only guy working on project.

I see four resolutions of this problem:

  • Publish it to local maven repo

    • I know how to do it
    • Problematic in CI environment

  • Configure local dependency in gradle

    • Ugly
    • Problematic in CI

  • Publish to public maven

    • Works in CI
    • Never done it
    • This isn't my library - I don't want do sign under not my work

  • Private Maven hosted on my VPS

    • Always wanted to have one
    • Works with CI
    • I will have to spent some time reading - since I've never done it

How would you do it? Is any of my approaches right, or I should take whole different approach?

Solution

  • Definitely option 4: "Private Maven hosted on my VPS".

    Setting up a private repository manager is actually not that difficult. There are a couple of open-source repository manager, like Artifactory, Nexus or Archiva. I personnally have always used Artifactory so I can't speak for the others, but there is a very good official guide for Artifactory that explains very well how to set it up and configure it.

    Note that using a private repository manager has also a lot of other advantages:

    • It serves as a cache for public Maven repositories, thereby avoiding to download every dependency from the Internet. This is especially useful in context where Internet access is restricted.
    • It can host private libraries produced by your projects or not, the same way public libraries are hosted. As an example of this that I had to deal with is the Oracle JDBC driver: it is not publicly available and it is a mess to install on every developer machine.
    • Using it is transparent for Maven projects: dependencies are declared exactly the same way, whether it is a public artifact or a in-house one.

    So, not only is using a repository manager a good idea for your current problem, it might also solve a lot of your future problems.

    Plus, as you said, the other options are very fragile, for the exact reasons you mentioned.