|
| 1 | +--- |
| 2 | +title: Optimizing Java packages for Dependabot updates |
| 3 | +intro: 'By including metadata in your `pom.xml` file, you can enhance the information available to users in {% data variables.product.prodname_dependabot%} pull requests to update your Java packages.' |
| 4 | +shortTitle: Optimize Java packages # Max 31 characters |
| 5 | +allowTitleToDifferFromFilename: true |
| 6 | +versions: |
| 7 | + fpt: '*' |
| 8 | + ghec: '*' |
| 9 | + ghes: '*' |
| 10 | +type: how_to |
| 11 | +topics: |
| 12 | + - Dependabot |
| 13 | + - Dependencies |
| 14 | + - Repositories |
| 15 | +--- |
| 16 | + |
| 17 | +{% data variables.product.prodname_dependabot %} uses the information defined in `pom.xml` files to create pull requests to update Java dependencies for the Gradle and Maven ecosystems. When you include the project metadata that {% data variables.product.prodname_dependabot %} expects, pull requests contain links to the release notes for the suggested package update and a link where users can report any issues. This information means that users can update their packages with confidence after reviewing all the release information. |
| 18 | + |
| 19 | +## Including the metadata {% data variables.product.prodname_dependabot %} needs in pom.xml files |
| 20 | + |
| 21 | +{% data variables.product.prodname_dependabot %} uses the URLs for the project, the source code management system, and the issue management system to build the summary for update pull requests. |
| 22 | + |
| 23 | +* `url` the home page for the project, see [More Project Information](https://maven.apache.org/pom.html#More_Project_Information) in the POM reference |
| 24 | +* `scm` the URL of the source code management system used by the project, see [SCM](https://maven.apache.org/pom.html#scm) in the POM Reference |
| 25 | +* `issueManagement` the URL of the issue management system used by the project, see [Issue Management](https://maven.apache.org/pom.html#issue-management) in the POM Reference |
| 26 | + |
| 27 | +### Example for a project hosted on {% data variables.product.github %} |
| 28 | + |
| 29 | +```xml |
| 30 | +<project> |
| 31 | + <url>https://github.com/OWNER/REPOSITORY</url> |
| 32 | + <scm> |
| 33 | + <url>https://github.com/OWNER/REPOSITORY</url> |
| 34 | + </scm> |
| 35 | + <issueManagement> |
| 36 | + <url>https://github.com/OWNER/REPOSITORY/issues</url> |
| 37 | + </issueManagement> |
| 38 | +</project> |
| 39 | +``` |
| 40 | + |
| 41 | +Replace `OWNER` and `REPOSITORY` with the detailed for your project. |
| 42 | + |
| 43 | +## Impact of omitting project metadata from pom.xml files |
| 44 | + |
| 45 | +If you forget to include the URLs that {% data variables.product.prodname_dependabot %} checks for, then pull requests to update Java packages are still created. However, the information available to users in the pull request summary will be limited. |
| 46 | + |
| 47 | +* **Project repository or Source code management URL undefined:** no links to release notes in {% data variables.product.prodname_dependabot %} pull requests |
| 48 | +* **Issue management URL undefined:** no link to the issues page for reporting problems. |
| 49 | + |
| 50 | +Adding this information helps {% data variables.product.prodname_dependabot %} provide better, more accurate updates for your project, complete with helpful links to release notes and issue trackers. |
| 51 | + |
| 52 | +## Further reading |
| 53 | + |
| 54 | +* [Maven SCM Plugin](https://maven.apache.org/scm/maven-scm-plugin/) |
0 commit comments