问题描述
我试图说服我的工作场所上级迁移到Apache的常青藤。我已经成功地得到一些沙盒项目中使用常春藤的电力修造工作,现在我有一个绿灯放在一起迁移的提案。
我们都同意一件事:我们不想相信,位于公共目录的JAR!我知道,我知道,有点偏执,是的。但是,我们希望有我们拉来自可信来源的JAR一个设置(从开源项目本身,还是最有可能的,一饮而尽,一众回购下载它),我们之前使用了一段时间的Certify 的它(给予我们的祝福作为一种安全的假象使用)。
然后,我们希望为我们的许多项目中使用的所有JAR文件的公共储存库。
我最初的想法是把版本控制这个仓库起来(我们有一个SVN服务器)。但我不知道什么最佳实践要求。它可能更有意义,把我们的JAR文件服务器和FTP上他们在常春藤脚本。
无论哪种方式,SVN(HTTPS)或FTP,我们所有的服务器都进行身份验证。因此,少数的问题:
- 其中,我们应该公布所有的认证的JAR(一切从`log4j`到我们生产的自产自销的JAR文件)?什么是最好的实践要求?
- 在ivyrep解析式不带用户名或passwd中atrributes。如果我们的JAR服务器(FTP,SVN等)进行身份验证,我怎么配置常春藤脚本登录?
为什么不使用像Sonatype的的 。我已经看到了用于Maven的,我相信它会为常春藤工作。
您可以将它设置为从远程资源库下载到(比如说)测试信息库。然后,您可以评估这些.jar文件,如果他们是很好的,请将其上传到普通消费的'批准'信息库。有一些认证围绕这一点,但你必须来评估更深入。当然,你可以通过用户名/口令对限制上传到资料库。
I'm trying to convince the higher-ups at my work place to migrate to Apache Ivy. I've managed to get a few sandbox projects working using Ivy to power the build, and now I have a greenlight to put together a migration proposal.
We all agree on one thing: we don't want to trust JARs that are located in public directories! I know, I know, a bit paranoid, yes. But we'd like to have a setup where we pull a JAR from a trusted source (either downloading it from the open source project itself, or most likely, gulp, a public repo), and use it for some time before we "certify" it (give it our blessing as a safe artifact to use).
Then we want to have a common repository for all JARs used by our many projects.
My original thinking was to place this repository up in version control (we have an SVN server). But I wasn't sure what best practices dictate. It might make more sense to put our JARs on a file server and FTP to them in the Ivy script.
Either way, SVN (HTTPS) or FTP, all of our servers are authenticated. So, a small number of questions:
- Where should we be publishing all of our "certified" JARs (everything from `log4j` to any homegrown JARs we produce)? What do best practices dictate?
- The "ivyrep" resolver-type does not take username or passwd atrributes. If our "JAR server" (FTP, SVN, etc.) is authenticated, how do I configure the Ivy scripts to login?
Why not use something like Sonatype's Nexus. I've seen it used for Maven, and I believe it'll work for Ivy.
You can set it up to download from remote repositories into (say) a 'test' repository. You can then evaluate those .jars, and if they're good, upload them into an 'approved' repository for general consumption. There's some authentication surrounding this, but you'd have to evaluate that in greater depth. Certainly you can restrict the uploading into repositories via a username/password pair.
这篇关于Apache的常春藤:我在哪里可以把所有这些JAR?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!