Maven

• Maven is free and extensible and it’s distributed as a small core

module. All features are implemented as plug-ins and are loaded on
demand. These plug-ins are also stored in repositories. You (or other
developers) can easily write plug-ins in Java or other scripting
languages.
• Maven is a powerful project management tool that is based on POM
(project object model). It is used for projects build, dependency and
documentation.
Maven as a Devops Tool

• Apache Maven is an build tool mainly for Java applications to help

the developer at the whole process of a software project.
What Maven does ?
• Compilation of Source Code
• Running Tests (unit tests and functional tests)
• Packaging the results into JAR’s,WAR’s,RPM’s,etc..
• Upload the packages to remote repo’s (Nexus,Artifactory)
 Maven as a Devops Tool

1. We can easily build a project using maven.

2. We can add jars and other dependencies of the project easily using the
help of maven.
3. Maven provides project information (log document, dependency list, unit
test reports etc.)
4. Maven is very helpful for a project while updating central repository of
JARs and other dependencies.
5. With the help of Maven we can build any number of projects into output
types like the JAR, WAR etc without doing any scripting.
6. Using maven we can easily integrate our project with source control
system (such as Subversion or Git).
Maven provides a simple way to set up projects that follow common
best practices, including a default directory structure that makes it
easier to understand how a project is structured. A consistent and
unified directory structure simplifies software development and
provides a standard based on industry best practices. Many Maven
features, configurations, and settings are provided implicitly. You can
change Maven’s default behavior at many points and can configure
almost everything, but generally it’s better to stay with the commonly
accepted conventions.
Lifecycles, phases, and goals

• Maven requires that you describe what your project is doing. To this end,
Maven offers lifecycles and individual phases that you can configure to tell
Maven what to do in these phases.

Validate,Compile,Test,Package,Integration test,Verify,Deploy

compile — compiles the source code

test — executes unit test cases
package — bundles the compiled code (Ex: war / jar)
install — stores the built package in local Maven repository
deploy — store in remote repository for sharing
Maven and testing

• Maven is ideally suited for running all your tests as part of your
normal build setup. You don’t need a customized environment for
different types of tests. Unit tests run by default, and integration
tests are specified as a phase in the Maven build (between the
packaging and the install phases). In this way, you can rely upon the
previously built package, which can output a WAR file. To run your
integration tests, you need to add and configure the dedicated plug-
ins.
Maven component repositories

• Maven repositories are essential for organizing build artifacts of

varying types and their dependencies on each other. Two types of
repositories are remote and local.
 Core Concepts of Maven:
1. POM Files: Project Object Model(POM) Files are XML file that contains information
related to the project and configuration information such as dependencies, source
directory, plugin, goals etc. used by Maven to build the project. When you should execute
a maven command you give maven a POM file to execute the commands. Maven reads
pom.xml file to accomplish its configuration and operations.
2. Dependencies and Repositories: Dependencies are external Java libraries required for
Project and repositories are directories of packaged JAR files. The local repository is just a
directory on your machine hard drive. If the dependencies are not found in the local
Maven repository, Maven downloads them from a central Maven repository and puts
them in your local repository.
3. Build Life Cycles, Phases and Goals: A build life cycle consists of a sequence of build
phases, and each build phase consists of a sequence of goals. Maven command is the
name of a build lifecycle, phase or goal. If a lifecycle is requested executed by giving
maven command, all build phases in that life cycle are executed also. If a build phase is
requested executed, all build phases before it in the defined sequence are executed too.
4. Build Profiles: Build profiles a set of configuration values which
allows you to build your project using different configurations. For
example, you may need to build your project for your local computer,
for development and test. To enable different builds you can add
different build profiles to your POM files using its profiles elements
and are triggered in the variety of ways.
5. Build Plugins: Build plugins are used to perform specific goal. you
can add a plugin to the POM file. Maven has some standard plugins
you can use, and you can also implement your own in Java.
Installation process of Maven

1. Verify that your system has java installed or not. if not then install java.
2. Check java Environmental variable is set or not. if not then set java
environmental variable.
3. Download maven.
4. Unpack your maven zip at any place in your system.
5. Add the bin directory of the created directory apache-maven-3.5.3(it
depends upon your installation version) to the PATH environment
variable and system variable.
6. open cmd and run mvn -v command. If it print following lines of code
then installation completed.
POM(Project Object Model)
• Project Object Model (POM) is an XML file that has all the
information regarding project and configuration details. The POM has
the description of the project, details regarding the versioning, and
configuration management of the project.
• The XML file is located in the project home directory. When you
execute a task, Maven searches for the POM in the current directory.
The Need for Maven

• Maven is chiefly used for Java-based projects, helping to download

dependencies, which refers to the libraries or JAR files. The tool helps
get the right JAR files for each project as there may be different
versions of separate packages.
• After Maven, downloading dependencies doesn’t require visiting the
official websites of different software. You can visit mvnrepository to
find libraries in different languages. The tool also helps to create the
right project structure which is essential for execution.
Steps/Process Involved in Building a Project

• Add or write the code to create the application creation, and process it
into the source code repository.
• Edit any necessary configuration / pom.XML / plugin details.
• Build the actual application.
• Save your build process output as either a WAR or EAR file to a local server
or other location.
• Access the file from the local location or server and deploy it to the
production or client site.
• Update the application document by changing the date and updated
application version number, if necessary.
• Create and generate a report as requested for the application or the
requirement.
Advantages of Maven

• Helps manage all the processes, such as building, documentation,

releasing, and distribution in project management
• Simplifies the process of project building
• Increases the performance of the project and the building process
• The task of downloading Jar files and other dependencies is done
automatically
• Provides easy access to all the required information
• Makes it easy for the developer to build a project in different environments
without worrying about the dependencies, processes, etc.
• In Maven, it’s easy to add new dependencies by writing the dependency
code in the pom file
Disadvantages of Maven

• Maven requires installation in the working system and the Maven

plug-in for the IDE
• If the Maven code for an existing dependency is unavailable, you
cannot add that dependency using Maven itself.
• Some sources claim that Maven is slow.
 Companies Using Maven

• Accenture
• JPMorgan Chase & Co
• Via Varejo
• craft base
• Red Hat
• Mitratech Holdings, Inc.
• KRG TECHNOLOGIES
• Radio - Canada
mvn archetype:generate -DgroupId=com.
javaproject -DartifactId=javaproject -
DarchetypeArtifactId=maven-archetype-
quickstart -DinteractiveMode=false
SonarQube

• SonarQube, developed by SonarSource, is an open-source tool for

automated code review and analysis. Consistent code quality is
something every manager or technical director aims to maintain, and
although new tools pop up frequently, each promising more features
than the last, very few code quality and security tools come close to
competing with SonarQube. Supporting static code analysis for 20+
languages, this Sonar code quality tool is trusted and used by many
professional teams worldwide.
• We will be looking over how to start using the SonarQube tool for
code quality in your own projects to generate detailed reports on
bugs, security vulnerabilities, duplicate code, code smells, and much
more. Let’s get started.
 Features:

• Can perform automatic reviews with static code analysis for many
problems that affect code quality.
• Helps maintain quality and reliability of code projects over its life-span
using advanced quality test metrics and graphs.
• Integrates seamlessly with other tools like Jenkins, Atlassian, MSBuild,
etc, which helps productive workflow.
• Supports most popular programming languages like Java, Python,
JavaScript, etc (along with framework support).
How SonarQube helps to assess the quality of the code

SQALE approach is used in the SonarQube top-notch design, with specific

changes. The SQALE technique, widely recognized, concentrates primarily on
programming difficulty, maintenance and will not consider the program's
hazards.
In essence, if a significant safety issue is found in a program, one needs to solve
every stability, modifications, usability, and running strictly according to the
SQALE approach and after turn again in the latest severe problem. In reality, if
possible flaws in the program for such a lengthy period and gets zero consumer
error complaints, it is far more critical to concentrate on remediating the latest
deficiencies.
How to Use SonarQube Tool For Code
Quality
• Step 1: Download and Unzip SonarQube
• Prerequisites: Java (Oracle JRE11 or OpenJDK 11 minimum)
• SonarQube comes in four different editions, including paid ones,
however, for the purpose of this article, we will be using their free
open-source community edition.
Step 2: Run the SonarQube local server

At this point, you should be greeted with a little `.bat` file (if you
are on windows) or a `.sh` file (if you are on Linux or Mac). The next
step will be to execute this file to proceed into the console.
On Windows, navigate into the parent directory containing the
`StartSonar.bat` file. This can be done by navigating to the unzipped
folder ('sonarqube') and into the bin and windows-x86-xx folder
Step 3: Start a new SonarQube project

Now that you have successfully run your SonarQube server, you can proceed
to start your first code project. Click on the ‘+’ icon on the top right of the
navigation bar and select ‘Create New Project.’

In the next page, enter a unique project key and a short and suitable display
Name and click on Set Up.
Step 4: Setup Project properties and SonarScanner
This step should be pretty straightforward if you have spent any time
working on code projects.
Register the
…\sonar-scanner-cli-<version>-<OS>\sonar-scanner-<version>-<OS>\bin
directory in your environment variable list.
This can be done by adding an entry in the `Add Environment Variables`
window for Windows.
Step 5: View your analysis report on Sonar Dashboard

After the scan has completed through your code-base, go back to your SonarQube
dashboard on http://localhost:9000 and log in using your credentials. Select your
created project and you will find a code analysis report waiting for you.
The free Community Edition should include Reliability (measured in # of bugs),
Security (in terms of vulnerabilities), Maintainability (depending on your code debt
and smells), Coverage, and Duplications. Depending on the number and intensity of
each check, the Quality Gate will either 'Pass' or 'Fail' the project. A green color
grade will show areas where your code performed well while yellow and red color
grades will highlight problem areas.
https://www.geeksforgeeks.org/introduction-apache-maven-build-automation-
tool-java-projects/

https://www.youtube.com/watch?v=1tC6Z57AOkY