As a follow-up from the thread on Artifactory and Bintray, and this great thread about who should have write access to our Maven Repository , I’m hoping to gain more insights into a recommended approach for organizations building an maintaining their own distributions.
TL;DR - Does it make sense to have multiple Maven repositories hosting artifacts under the “org.openmrs.module” group id, and if not, what should be our recommendation moving forward?
Per @cintiadr’s post, my understanding is that we have recently limited access to the main Artifactory Maven repository to OpenMRS Bamboo, which means that only modules that are built in an OpenMRS Bamboo Job can be published to our Artifactory.
We have made some exceptions to this policy for organizations with extensive pre-existing workflows, and my organisation (PIH) is one of those. But the question persists as to whether this is a suitable long-term solution and whether this is an approach that we can scale to any group that needs it.
In an attempt to experiment with having our own maven repository for PIH, I recently acquired an OSS Bintray license for our organization, and following the article I found here, attempted to see if I could configure publishing snapshots to their OSS Artifactory instance at oss.jfrog.org (OJO). I tried this out with one of our modules (rwandareports) to see if I could get it to work, and as I was linking this to Jcenter to activate Artifactory, I was posed with this question:
Enter a Maven Group ID under which your artifacts can be uploaded. Your groupId is expected to be uniquely used by you.
Well, the Maven Group ID for this module is “org.openmrs.module” - which I think is probably the case for 95% of modules out there, whether they are “OpenMRS community modules” or not - so this seemed like a bad idea, and I was left wondering what to do next.
My question comes back to this- does it make sense to have multiple Maven repositories that exist in the wild that all are all hosting artifacts under the “org.openmrs.module” group id, and if not, what should be our recommendation moving forward?
Why am I asking about this now?
I’m currently thinking about this for supporting our RwandaEMR distribution as we have several partners who are collaborating and several modules that are hosted under different github organizations - github.com/openmrs, github.com/PIH, and github.com/rwanda-rbc-emr.
For many of the collaborators, using the OpenMRS SDK and distribution projects (both of which rely upon all artifacts existing in cloud maven repositories) is a new process, and I am trying to get this set up across this landscape. I imagine the same need exists in Kenya, Uganda, Nigeria, Haiti, and elsewhere and I am curious to learn from those groups (eg. @ssmusoke) how they have dealt with maven artifacts.
To add another wrinkle, even if I could set this up in a PIH Maven Repository, I’m not sure that would be a perfect solution as PIH is just one partner in the collaboration. OpenMRS is in many respects a more ideal organization under which to publish and house these shared build artifacts. In this case, OpenMRS Artifactory would be similar to OpenMRS Talk forums that focus on Kenya or Haiti or Bahmni - provides community tools and resources to enable more effective collaboration across groups.
So, this leads me back to publishing these country-specific modules and other artifacts to the OpenMRS Artifactory instance, and for us to establish a way to scale this if possible.
I’d very much like to hear other thoughts and ideas and potential approaches to this.