How to stop CI builds in Jenkins from accidentally publishing to release repository?

Question

Sometimes, the developers accidentally check in a version in POM without \"SNAPSHOT\" in it. This builds the Maven project and publishes the artifacts to release repository. How

Answer 1

A good solution around this is to leverage the Maven Enforcer Plugin.

Update to 1.4.2

Starting with version 1.4.2 (not released yet, see the enhancement request MENFORCER-204), there is a new requireSnapshotVersion rule, which enforces that the project being built has a snapshot version.

<plugin>
  <artifactId>maven-enforcer-plugin</artifactId>
  <version>1.4.2</version>
  <executions>
    <execution>
      <id>enforce-snapshot</id>
      <goals>
        <goal>enforce</goal>
      </goals>
      <configuration>
        <rules>
          <requireSnapshotVersion/>
        </rules>
        <fail>${fail.if.release}</fail>
      </configuration>
    </execution>
  </executions>
</plugin>

Write a custom rule

Up to version 1.4.1, there is no built-in rule to fail if the current project is a SNAPSHOT version, but we can still use the evaluateBeanshell rule.

The idea is to make the build fail is the version is not a snapshot version by default. And when the current project is in a release, disable that rule.

For that, you can have the following in your POM:

<plugin>
  <artifactId>maven-enforcer-plugin</artifactId>
  <version>1.4.1</version>
  <executions>
    <execution>
      <id>enforce-beanshell</id>
      <goals>
        <goal>enforce</goal>
      </goals>
      <configuration>
        <rules>
          <evaluateBeanshell>
            <condition>"${project.version}".endsWith("-SNAPSHOT")</condition>
          </evaluateBeanshell>
        </rules>
        <fail>${fail.if.release}</fail>
      </configuration>
    </execution>
  </executions>
</plugin>

What this does is executing a BeanShell script that evaluates the project's version. If it ends with -SNAPSHOT then the rule passes, otherwise, the rule fails and the build ends. Determining whether a version is a snapshot. (The strict rule for snapshots versions are more complicated but this should cover all use cases). Therefore, such a rule will validate that the project being build has a SNAPSHOT version.

---

Both configurations above declares a Maven property as

<property>
  <fail.if.release>true</fail.if.release>
</property>

They will make your build fails when mvn deploy is run on a SNAPSHOT version, making sure no SNAPSHOT are accidently deployed to the release repository.

Then, the rule need to be disabled when a release is performed. For that, we can define a release profile to disable the defined rule:

<profile>
  <id>release</id>
  <properties>
    <fail.if.release>false</fail.if.release>
  </properties>
</profile>

and activate that profile on release with

mvn release:prepare release:perform -Darguments="-Prelease"