Securely using the deploy token in .gitlab-ci.yml - maven

I have procured a deploy token with write access to our company's maven registry. I keep this token in .m2/settings.xml. mvn deploy from local dev boxes work fine:
$ mvn deploy
I could keep the token in custom-settings.xml as part of the source code repo and in .gitlab-ci.yml I could invoke mvn deploy like so:
mvn --settings custom-settings.xml deploy
Apparently this will expose the deploy token which I'm trying to avoid. How do I pass the token securely to the mvn deploy step in .gitbal-ci.yml?

Related

How to use mvn with GitHub actions (self-hosted runner)

I am using GitHub enterprise server, so I cannot use stCarolas/setup-maven. (because it is not an verified account).
I think it is normal to pre-install maven in runner, but I am forbidden to do so by my administrators.
How should I use the mvn command?

What is the difference between deploying an artifact into Artifactory with 'mvn deploy' command and with Artifactory UI?

I usually use mvn versions:use-latest-versions command to update my dependencies to the latest ones which other teams have been deployed to our free Jfrog's Artifactory server on our local address : http://192.168.100.243:8082/artifactory/X_Douran/.
My problem is when I deploy an artifact (a jar file) with Artifactory UI or with curl (using Jfrog's Rest Api), the command mvn versions:use-latest-versions doesn't work correctly and do not update my pom but when I run mvn clean deploy on my source code of my dependent project then running mvn versions:use-latest-versions on my final project it works correctly and do update my dependency in my pom.
So I want to know what is the different between deploying via Artifactory UI and deploying via mvn clean deploy ?
You always need to deploy the POM along the JAR, otherwise Maven will not work correctly with these dependencies. Furthermore, you need to make sure that the metadata files are updated. I am not sure that Artifactory does this if you deploy using curl or the UI.
Deploying your own JARs regularly through the UI is not recommended. You should build them on a build server (like Jenkins) and then automatically deploy them to Artifactory.
Changing JAR files "by hand" should be forbidden.

How to authenticate with GitHub to install private Maven packages in CircleCI?

My Maven web application uses several JAR dependencies hosted as private GitHub packages. I'm trying to set up a CI/CD pipeline with CircleCI.
When CircleCI tries to build with mvn package, it fails with a 401 when attempting to install the private packages. I don't know how to approach authenticating. I've added SSH deploy and user keys to the project settings, but that doesn't seem to help Maven. I know that locally, I added a server tag with my personal access token to the .m2/conf/settings.xml file to authenticate. But what should I do within CircleCI? Googling hasn't revealed anything.
Update: I included settings.xml with a hardcoded access token within the repository and included -gs ./settings.xml in my maven build command to point to it. Works but doubt this is best practice, so leaving the question open.

How can I use mvn dependency:get with a custom repository and login information

I am using a custom repository for local development (Artifactory) and that requires login information for any access. This works nicely when setting username and encrypted password in the .m2/settings.xml file and defining the repository server in the pom.xml of a project.
I am not getting it to work when using mvn dependency:get as the remoteRepositories property lists the server url and not the server id.
The command I currently use is
mvn org.apache.maven.plugins:maven-dependency-plugin:3.1.1:get -DremoteRepositories=https://artifactory.example.com/artifactory/repo -Dartifact=com.example.parent:parent:1
Is it possible to put the server id value into the command line for the mvn command somehow or to look up the server url in the settings.xml file?

Gitlab appengine:deploy missing JAR on Gitlab only

I have setup a multi module spring boot application including Google appengine integration. Locally everything works fine.
If I do a clean checkout of my GIT repo and after that execute
mvn clean install
mvn appengine:deploy
The app gets properly deployed to Google appengine
If I try to do the same on gitlab using the following deploy pipeline
deploy-prod:
stage: deploy
image: $CI_REGISTRY_IMAGE/build
when: manual
environment: prod
script:
- 'mvn clean install'
- 'mvn appengine:deploy'
I get an error saying:
Failed to execute goal on project XXX: Could not resolve dependencies
for project YYY:XXX:war:0.0.1-SNAPSHOT: Could not find artifact
YYY:XXX:jar:0.0.1-SNAPSHOT
Do you have any idea what is wrong/different here? Never had such problems on Gitlab? And I have no idea what is different to the case when I do a clean checkout locally and execute the same commands there?
Thanks for your help.
I assume, you are checking it at your local machine. But have you checked it with $CI_REGISTRY_IMAGE/build manually? I think there is an issue with the docker image itself.

Resources