Maven has two sections in the pom relating to plugin configuration: project.build.plugins and project.build.pluginManagment.plugins. Unfortunately, these two sections are often confused and misused.
PluginManagement is similar to dependencyManagment in that it provides configuration and defaults for plugins if they are used in the build. This is where we recommend you lock down your plugin versions, but it also allows default configuration.
The regular plugins section also allows the version and default configuration to be defined, and this is where the confusion lies. It is technically valid to define the plugin version and default configuration here, but I find it easier to grok the pom when following this guideline:
-
If the plugin block is not defining an execution (and thus binding maven to do something in the life cycle), put that block in pluginManagment.
This means that configuration for plugins brought in by the default lifecycle such as resources, compiler, jar, etc., will almost always go in the pluginManagement section. Doing so tends to keep your regular plugins section rather small, and only showing the config for plugins doing additional things during the life cycle.
Following the above defined guideline will also help you locate the config for plugins that are primarily run from the command line in pluginManagment... again keeping the plugins section clean and concise.
.jpg?width=150&height=150&name=fox-2016-1-sq%20(1).jpg)
Brian Fox, CTO and co-founder of Sonatype, is a Governing Board Member for the Open Source Security Foundation (OpenSSF), a Governing Board Member for the Fintech Open Source Foundation (FINOS), a member of the Monetary Authority of Singapore Cyber and Technology Resilience Experts (CTREX) Panel, a member of the Apache Software Foundation and former Chair of the Apache Maven project. Working with OpenSSF, Brian helped create The Open Source Consumption Manifesto, urging organizations to elevate awareness of open source usage. He also chaired efforts to provide official responses to requests for information from the The Office of the National Cybersecurity Directorate (ONCD) and the Cybersecurity and Infrastructure Security Agency (CISA). Within the Atlantic Council's Open Source Policy Network, Brian actively helps shape cybersecurity strategy, offering valuable insights on critical documents, such as ONCD's recent National Cyber Security Strategy. Brian has over 20 years of experience driving the vision behind, as well as developing and leading the development of software for organizations ranging from startups to large enterprises. Brian is a frequent speaker at national and regional events including Java User Groups and other security and development-related conferences.
Explore All Posts by Brian FoxTags
Try Nexus Repository Free Today
Sonatype Nexus Repository is the world’s most trusted artifact repository manager. Experience the difference and download Community Edition for free.