I'd like to know who should have the authority to upload artifacts to the organization's remote repository for maven artifacts. What should be considered as the best practice to follow:
- All developers should have the authority to use maven deploy to upload project jars.
- Only Senior developers.
- QA Analysts.
- Someone else.
FYI: I'm using a nexus hosted repository for maven projects.
Nobody should upload artifacts from their own computer.
Instead, the build system (Jenkins, GitHub Actions, GitLab CI, ...) should build artifacts from branches in your version control (git, svn, ...) and deploy the result to your Nexus.
Generally, I would build SNAPSHOT versions automatically. For release versions, different approaches are possible. If you are using git, you can e.g. build releases from special branches and restrict who can push/merge into these branches.