What is the Maven way for automatic project versions when doing continuous delivery?

Asked 27/8, 2013 at 2:43 Answered 22/12, 2016 at 12:55

Solved java maven continuous-integration maven-3 continuous-delivery

I have a web application where we deploy to production whenever a feature is ready, sometimes that can be a couple of times a day, sometimes it can be a couple of weeks between releases.

Currently, we don't increment our version numbers for our project, and everything has been sitting at version 0.0.1-SNAPSHOT for well over a year. I am wondering what is the Maven way for doing continuous delivery for a web apps. It seems overkill to bump up the version number on every commit, and never bumping the version number like we are doing now, also seems wrong.

What is the recommend best practice for this type of Maven usage?

The problem is actually a two-fold one:

Advancing project version number in individual pom.xml file (and there can be many).
Updating version number in all dependent components to use latest ones of each other.

Becka answered 27/8, 2013 at 2:43 Comment(0)

I recommend the following presentation that discusses the practical realities of doing continuous delivery with Maven:

The key takeaway is each build is a potential release, so don't use snapshots.

Playsuit answered 27/8, 2013 at 19:4 Comment(10)

I am marking this as the correct answer because the You Tube video was excellent at answering this question exactly. However, I did have to pause and rewind a few times to get of the some finer points. I have put a summary of process recommended in the video in my own answer. – Becka 6/10, 2013 at 13:53

The video is pretty good and will help you loads. @23m35s in the video, I'd make the point that Maven should do most of the short-running sanity verification, such as unit tests, coverage checks, integration tests, etc... however Continuous Delivery doesn't stop there. For larger SOA-type organisations, breaking up your pipeline into discreet phases is actually very good practice, for example functional tests with mocked endpoints, performance tests, big integration tests, UAT testing, compliance verification, static code analysis, security review, etc. – Dee 2/4, 2014 at 20:37

Great video. My only concern is what do people do about all of the 'release candidates' in the release repo, that are never officially released? We have a cleanup schedule set for our SNAPSHOTs, however release artifacts are kept around forever. I see this using alot of disk space, on the Maven repository side of things. – Akkad 8/9, 2017 at 14:55

@Akkad Release candidates are not releases until they're approved. I have a purge job that deletes them if they're older than 2 months. If they haven't been released by then they never will be :-) – Corinnecorinth 8/9, 2017 at 17:19

The presenter on the youtube video that you are linking to is actually explicitly saying that you should avoid using the "maven-release-plugin". See here: youtu.be/McTZtyb9M38?t=2179 – Philo 16/1, 2018 at 10:27

Great answer but there is still one requirement of the question that has NOT been answered yet! "Updating version number in all dependent components to use latest ones of each other." What about this? I am curious because this is also a headache for me too! In other words, what we should do in situations of multiple repositories with different multi-module maven projects with inter-dependencies among them? – Albuquerque 13/1, 2021 at 15:11

@Albuquerque What requirement are you talking about? Remember this question was posed and answered 7 years ago – Corinnecorinth 13/1, 2021 at 15:13

@MarkO'Connor Iam talking about this: "Updating version number in all dependent components to use latest ones of each other." – Albuquerque 14/1, 2021 at 8:42

@Albuquerque Gotcha! That is a bit of a nightmare, alright, and something I personally try to avoid. I reserve the use of "latest" revisions for in-house components, to maintain build stability. Periodically we then have a quick sprint where we upgrade to latest revision of our most important dependencies and test backward compatibility. Paranoia rules... We are considering the installation of Renovate on github to automatically create PRs when our dependencies change. This might be the best compromise. Hope this helped. – Corinnecorinth 15/1, 2021 at 9:43

How would you bump your versions in the case you dont have CI/CD in place yet? Thanks – Ashram 4/2, 2023 at 20:26

This is my summary based on the video linked by Mark O'Connor's answer.

The solution requires a DVCS like git and a CI server like Jenkins.
Don't use snapshot builds in the Continuous Delivery pipeline and don't use the maven release plugin.
Snapshot versions such as 1.0-SNAPSHOT are turned into real versions such as 1.0.buildNumber where the buildNumber is the Jenkins job number.

Algorithm steps:

Jenkins clones the git repo with the source code, and say the source code has version 1.0-SNAPSHOT
Jenkins creates a git branch called 1.0.JENKINS-JOB-NUMBER so the snapshot version is turned into a real version 1.0.124
Jenkins invokes the maven versions plugin to change the version number in the pom.xml files from 1.0-SNAPSHOT to 1.0.JENKINS-JOB-NUMBER
Jenkins invokes mvn install
If the mvn install is a success then Jenkins will commit the branch 1.0.JENKINS-JOB-NUMBER and a real non-snapshot version is created with a proper tag in git to reproduce later. If the mvn install fails then Jenkins will just delete the newly created branch and fail the build.

I highly recommend the video linked from Mark's answer.

Becka answered 6/10, 2013 at 14:5 Comment(3)

How do you handle a multi module maven project? Do you just release the whole project and all children with the same version? If I have project A depending on B and I make a commit in project B, the above steps are triggered for B, which then triggers the above steps for project A, but then how does A know the version of B? – Metabolite 10/4, 2014 at 20:2

It it's a multi-module project, then experience tells me that having a single version makes sense - it's consistent with the versions plugin. If some modules don't change as often, they may as well be separate components pulled in from an artifact repo - eg, log4j, sl4fj ... – Dee 11/4, 2014 at 11:54

Well in my case it's not even a multi module. I have Project A that depends on Project B. Project B has its own Jenkins job and could have a commit that generates a released artifact. Project A then needs to reference that released artifact in the pom. Are you suggesting to just manually update Project A when Project B's build succeeds and the artifact is available? Project B is a core project and Project A is a web app so they are coupled but have a big overhead in update Project A's dependency on Project B especially when you develop in an IDE that views changes with SNAPSHOT dependencies. – Metabolite 28/5, 2014 at 17:13

Starting from Maven 3.2.1 continuous delivery friendly versions are supported out of the box : https://issues.apache.org/jira/browse/MNG-5576 You can use 3 predefined variables in version:

${changelist}
${revision}
${sha1}

So what you basically do is :

Set your version to e.g. 1.0.0-${revision}. (You can use mvn versions:set to do it quickly and correctly in multi-module project.)
Put a property <revision>SNAPSHOT</revision> for local development.
In your CI environment run mvn clean install -Drevision=${BUILD_NUMBER} or something like this or even mvn clean verify -Drevision=${BUILD_NUMBER}.

You can use for example https://wiki.jenkins-ci.org/display/JENKINS/Version+Number+Plugin to generate interesting build numbers.

Once you find out that the build is stable (e.g. pass acceptance tests) you can push the version to Nexus or other repository. Any unstable builds just go to trash.

Udder answered 22/12, 2016 at 12:55 Comment(1)

This is much easier to deal with. No version changes + commit to make this work... I just set mine to <version>1.0${revision}</version> with a property <revision>-SNAPSHOT</revision>, then during a CI build i use mvn clean deploy -Drevision=".$TRAVIS_BUILD_ID". It results in patch versions that are unusual but always increasing so they satisfy semver... – Chook 8/6, 2018 at 18:4

There are some great discussions and proposals how to deal with the maven version number and continuous delivery (CD) (I will add them after my part of the answer).

So first my opinion on SNAPSHOT versions. In maven a SNAPSHOT shows that this is currently under development to the specific version before the SNAPSHOT suffix. Because of this, tools like Nexus or the maven-release-plugin has a special treatment for SNAPSHOTS. For Nexus they are stored in a separate repository and its allowed to update multiple artefacts with the same SNAPSHOT release version. So a SNAPSHOT can change without you knowing about it (because you never increment any number in your pom). Because of this I do not recommend to use SNAPSHOT dependencies in a project especially in a CD world since the build is not reliable any more.

SNAPSHOT as project version would be a problem when your project is used by other ones, because of the above reasons.

An other problem of SNAPSHOT for me is that is not really traceable or reproducibly any more. When I see a version 0.0.1-SNAPSHOT in production I need to do some searching to find out when it was build from which revision it was build. When I find a releases of this software on a filesystem I need to have a look at the pom.properties or MANIFEST file to see if this is old garbage or maybe the latest and greatest version.

To avoid the manual change of the version number (especially when you build multiple builds a day) let the Build Server change the number for you. So for development I would go with a

<major>.<minor>-SNAPSHOT

version but when building a new release the Build Server could replace the SNAPSHOT with something more unique and traceable.

For example one of this:

<major>.<minor>-b<buildNumber>
<major>.<minor>-r<scmNumber>

So the major and minor number can be used for marketing issues or to just show that a new great milestone is reached and can be changed manually when ever you want it. And the buildNumber (number from your Continuous Integration server) or the scmNumber (Revision of SUbversion or GIT) make each release unique and traceable. When using the buildNumber or Subversion revision the project versions are even sortable (not with GIT numbers). With the buildNumber or the scmNumber is also kinda easy to see what changes are in this release.

An other example is the versioning of stackoverflow which use

<year>.<month>.<day>.<buildNumber>

And here the missing links:

Viscosity answered 27/8, 2013 at 6:12 Comment(3)

The first link Versioning in a Pipeline is broken – Jugendstil 20/11, 2014 at 1:45

Seems to be removed. I did not find a replacement link or the content in a web cache :(. – Viscosity 26/11, 2014 at 12:27

This answer is more about version name format and its meaning. There is already good enough formalized spec called "semantic versioning" - just add SNAPSHOT to mean "not yet released" version. And the format of the version is not really a problem in Maven and there are some restrictions. The problem is to make this process effortless and preferably automatic (at least until release with semantic=manual version like X.Y.Z is done). Updating sections of multiple interdependent pom.xml files is the problem. – Cinquain 26/7, 2015 at 8:28

DON'T DO THIS!

<Major>.<minor>-<build>

will bite you in the backside because Maven treats anything after a hyphen as LEXICAL. This means version 1 will be lexically higher than 10.

This is bad as if you're asking for the latest version of something in maven, then the above point wins.

The solution is to use a decimal point instead of a hyphen preceding the build number.

DO THIS!

<Major>.<minor>.<build>

It's okay to have SNAPSHOT versions locally, but as part of a build, it's better to use

mvn versions:set -DnewVersion=${major}.${minor}.${build.number}

There are ways to derive the major/minor version from the pom, eg using help:evaluate and pipe to a environment variable before invoking versions:set. This is dirty, but I really scratched my head (and others in my team) to make it simpler, and (at the time) Maven wasn't mature enough to handle this. I believe Maven 2.3.1 might have something that go some way in helping this, so this info may no longer be relevant.

It's okay for a bunch of developers to release on the same major.minor version - but it's always good to be mindful that minor changes are non-breaking and major version changes have some breaking API change, or deprecation of functionality/behaviour.

From a Continuous Delivery perspective every build is potentially releasable, therefore every check-in should create a build.

Dee answered 29/3, 2014 at 21:5 Comment(3)

Implied by mojo.codehaus.org/versions-maven-plugin/version-rules.html and according to my own tests, this is not correct. The default Maven versioning scheme is <major>.<minor>.<incremental>-<buildNumber|qualifier> (with most of it optional). As long as the part after the dash is numeric, it will not be compared lexically. I tested this with mvn versions:use-latest-versionsand e.g. 1.4-11 is correctly detected as newer than 1.4-2. – Vail 10/4, 2014 at 9:8

What version of Maven did you test this with? Also, did you try also installing a version of 1.4.21, then playing to find out how Maven version range resolution works? It would be interesting to hear about your findings, as I certainly has this issue with 2.2.1, and I verified this by looking in Maven's source code. Also, I don't think these rules actually apply to anything but the versions plugin, and I'm talking about dependency resolution. – Dee 11/4, 2014 at 11:47

Follow docs.oracle.com/middleware/1212/core/MAVEN/… @philipp is correct. It is safety to use incremental numbers in ${major}.${minor}.${build.number} and ${major}.${minor}.${build.number}-${patchNumber} , but not ${major}.${minor}.${build.number}.${patchNumber} – Megavolt 28/6, 2017 at 19:58

As a starting point you may have a look at Maven: The Complete Reference. Project Versions.

Then there is a good post on versioning strategy.

Picaresque answered 27/8, 2013 at 3:18 Comment(0)

At my work for web apps we currently use this versioning pattern:

<jenkins build num>-<git-short-hash>

Example: 247-262e37b9.

This is nice because it it gives you a version that is always unique and traceable back to the jenkins build and git revision that produced it.

In Maven 3.2.1+ they finally killed the warnings for using a ${property} as a version so that makes it really easy to build these. Simply change all your poms to use <version>${revision}</version> and build with -Drevision=whatever. The only issue with that is that in your released poms the version will stay at ${revision} in the actual pom file which can cause all sorts of weird issues. To solve this I wrote a simple maven plugin (https://github.com/jeffskj/cd-versions-maven-plugin) which does the variable replacement in the file.

Milne answered 28/2, 2015 at 0:3 Comment(3)

The plugin seems like a solution to update versions of pom.xml files themselves. However, the next problem is to update versions within dependencies section of all dependent components participating in release so that they actually use latest of each other. I have this problem when automatic update is unreliable in multi-module/reactor build (which update external and not only internal components). So, the short-term solution to stay in SHAPSHOTs. Any comment on how you solved this problem? – Cinquain 26/7, 2015 at 7:55

You basically shouldn't use snapshot versions. Update the versions of dependencies before building. – Milne 21/4, 2016 at 1:51

Keep all thr modules in same version. In root module dependencyManagement section set modules to ${project.version}. Then simple mvn versions:set -DnewVersion=whatever will do the trick and change versions in reactor order including parents etc. – Udder 28/1, 2017 at 10:3

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags