Ban Distribution Management

This rule can be used to force the absence of distributionManagement in your pom files.

The following parameters are supported by this rule:

  • allowRepository - You can allow repository entry (default: false).
  • allowSnapshotRepository - you can allow snapshotRepository entry (default: false).
  • allowSite - You can allow site entry (default: false).

Sample Plugin Configuration:

<project>
  [...]
  <build>
    <plugins>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-enforcer-plugin</artifactId>
        <version>3.5.0</version>
        <executions>
          <execution>
            <id>no-distribution-management-at-all</id>
            <goals>
              <goal>enforce</goal>
            </goals>
            <configuration>
              <rules>
                <banDistributionManagement/>
              </rules>
            </configuration>
          </execution>
        </executions>
      </plugin>
    </plugins>
  </build>
  [...]
</project>

Best Practice

Usually you should define the distributionManagement only in a limited number of cases. If you are in a corporate environment it makes usually only sense to define the distributionManagement in the corporate pom and forbid the usage in any other pom's. Sometimes it makes sense to allow for example the site repository definition in your other pom's which can be defined by using the banDistributionManagement rule. For this use case the following has to be defined in your corporate pom file:

<project>
  [...]
  <build>
    <plugins>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-enforcer-plugin</artifactId>
        <version>3.5.0</version>
        <executions>
          <execution>
            <id>no-distribution-management-at-all</id>
            <goals>
              <goal>enforce</goal>
            </goals>
            <configuration>
              <rules>
                <banDistributionManagement>
                  <allowSite>true</allowSite>
                </banDistributionManagement>
              </rules>
            </configuration>
          </execution>
        </executions>
      </plugin>
    </plugins>
  </build>
  [...]
</project>

The Project Types

If we take a closer look to the possible project structures you will find the following cases where the green arrow will show our current position.

  • The Project without Parent.

    We have no parent and no modules at all. This could be the situation where we are creating a corporate pom file or another simple Maven project. So the definition of maven-enforcer-plugin is within this pom file.

    Root Project.

    In consequence it does not really make sense to check if the pom contains distributionManagement entries or not.

  • Project with Parent.

    We have a project with a parent. The parent is likely a kind of a corporate pom file which contains the definition of maven-enforcer-plugin. So in this case it makes sense to check if distributionManagement entries are made or not.

    Note: At the moment it is not possible to check if the parent does not contain the definition of maven-enforcer-plugin which would change the situation.

    Root project.
  • Project with Parent and Modules.

    This situation is more or less the same as the one before. So banDistributionManagement rule will check the distributionManagement entries.

    Root project with parent and modules.
  • Root Project With Modules.

    If we don't have a parent this means the definition of maven-enforcer-plugin is likely done in the current pom file which means it does not make really sense to check the distributionManagement.

    Root with Modules.
  • Module of a Multi Module Build

    In this case we have the scenario that the module m1 has a parent p1 which could contain the definition of the maven-enforcer-plugin or the parent of which in consequence means to check the distributionManagement entries.

    Root with Modules.