When should generatePom for maven deploy-file be set to false?

Question

I am calling deploy-file like this to load some JARs into my corporate repository:

mvn org.apache.maven.plugins:maven-deploy-plugin:2.8.2:deploy-file \
  -Dfile=lib/SomeLib.jar \
  -DrepositoryId=mycompany-central \
  -Durl=http://myserver/artifactory/libs-release-local -DgeneratePom=false \
  -DgroupId=com.some.lib \
  -DartifactId=SomeLib \
  -Dversion=1.2.5.3 

I set generatePom to false under the assumption that I want to generate or alter as little as possible. The libraries I am loading happened to be built using maven and also contain a POM under META-INF.

Question: Under what conditions, in general, should generatePom be set to false? Should generatePom be set to false in my case?

Answer 1

The pom.xml file is required for transitive dependencies. Transitive dependencies are dependencies defined in the dependencies section, if any, of the .pom file available as part of a deployed artefact.

The .pom file is essentially a copy of the original pom.xml file, renamed to reflect the library name (i.e. artifactId-version.jar, then artifactId-version.pom).

When resolving a dependency, maven will also check its .pom file and as such get information about its dependencies (which become transitive dependencies then) and build (and fetch) the required dependencies graph for it (that is, re-iterate the same process for each and every declared dependency).

From official Maven - Introduction to the dependency mechanism

This feature is facilitated by reading the project files of your dependencies from the remote repositories specified. In general, all dependencies of those projects are used in your project, as are any that the project inherits from its parents, or from its dependencies, and so on.

Note: bold is mine. project files are normally the pom.xml files, renamed into *.pom files once related artifacts are uploaded to a Maven repository (or installed into the local Maven cache).

Using -DgeneratePom=false, we should hence pass a pom.xml file via the pomFile option, otherwise (setting generatePom to true) a new one would be automatically generated

Generate a minimal POM for the artifact if none is supplied via the parameter pomFile. Defaults to true if there is no existing POM in the local repository yet.

The autogenerated .pom file will be almost empty (Maven coordinates (groupId, artifactId, version) but no dependencies section in it), hence Maven will treat this artefact as library with no transitive dependencies: it cannot find any, it cannot guess neither.

That would still be fine if actually no transitive dependencies were required. Otherwise, compilation (or runtime) errors would occur when using is as a dependency in another Maven project. If instead the artefact is deployed into a build-store, then transitive dependencies become less crucial and an automatically generated pom can still be fine.

---

From your comments:

Is there any difference between a generated pom and using the pom extracted from the JAR?

As explained above, there are big differences between an automatically generated one and the original pom.xml file. But this difference is essentially only important if the target artifact will then be used as a maven dependency by another project. The pom.xml file stored under META-INF is normally a copy of the original one.

Also, if I use the pom from the JAR will deploy-file just get the artifact name, groupId, and version from the file?

Yes, as specified by official documentation:

groupId: GroupId of the artifact to be deployed. Retrieved from POM file if specified. artifactId: ArtifactId of the artifact to be deployed. Retrieved from POM file if specified. version: Version of the artifact to be deployed. Retrieved from POM file if specified.

And also also specified by the official example

Note that the groupId, artifactId, version and packaging informations are automatically retrieved from the given pom.