In enterprise environment, the connection to central maven could be blocked. In this case,
i) either don't connect to central maven at all
ii) or if the connection to central maven is not successful, don't raise exception, just move on to other repositories
currently i see below exception
/vendor/ruby/2.6.0/gems/excon-0.76.0/lib/excon/socket.rb:285:in `select_with_timeout': connect_write timeout reached (Excon::Error::Timeout)
so I am wondering if there is any way to tell dependabot to not try connecting to maven central at all.
fyi. i am running https://github.com/dependabot/dependabot-script
Generally what happens in an enterprise environment, it does have the local repository like Nexus within the network. Now you mirror your local nexus repo in settings.xml. You can mirror any no. of repo in your settings.xml. Now, maven first try to find the dependencies in your all local repo first and if it does not find it, only then it goes for maven central repo.
If the maven central is not block, then the library first downloaded to your local nexus repo and then would be downloaded to your local. So next time when you will try to download this library, it will be available in your local enterprise nesus repo.
You can block the maven central repo, refer - https://stackoverflow.com/questions/4997219/disable-maven-central-repository#:~:text=In%20maven's%20home%2C%20in%20the,or%20just%20override%20it's%20definition.
But as per your question, if the dependency library not found in any repo, there would always be an exception in maven build.
Related
I have a problem with a Maven artifact from a predecessor.
He modified an external maven library and uploaded it under the same version name to the Nexus releases repo.
When I build my project I obviously get the official version and not the intended.
Locally I just overwrite my local .m2 repo with it.
But for our cicd server this is not an outcome, because I have no file system access, and because the situation might repeat itself.
There is no source code so rebuilding and reversioning would be cumbersome.
My question is: how can I force to get the artifact downloaded from the releases and not the default central repo, meanwhile getting all other dependencies come from the latter?
I work in an organisation and we use nexus repositories. I want a simple approach of how can I replicate few groups from nexus repository in to local server so that maven downloads the dependencies from local server and not from nexus.
If you use local server in the sense of base machine then you use clean install as a maven goal. The build code will be available under .m2/repository folder.
Install Nexus locally, create Proxy Repository for each of the repo or group that you want to have locally. In Proxy Repository you'd need to set up URLs to the remote repos.
Now point Maven to this local Nexus (e.g. with <mirrors> in settings.xml). First time Maven downloads a dependency it will go to Local Nexus which would grab the dependency from the remote one. This file is going to be cached in Local Nexus and further downloads won't hit the Remote Nexus.
PS: don't know why you would do this.
I'm using Sonatype Nexus 1.5.0 and a particular jar has a newer version in the Public Maven Central while my Nexus doesn't have it.
Assume that only the server where the Nexus is installed has the internet connection and my local laptop is not allowed to connect to internet directly, how to let the Nexus the download the newer version of the jar so that my local build can download the newer version from Nexus?
The settings.xml of my local Maven is configured with the URL of the Nexus to download the jars.
Please advise.
Here is a summary of how your local repository, remote repo (Nexus), and Maven Central work together. If you have requested the new version of the jar in your POM, then it should end up in Nexus and your local artifact repo. If it doesn't, something is not configured correctly, and #khmarbaise gave you some good starting points for troubleshooting in his comment.
I have setup an in-house Sonatype Nexus repository and configure the maven to check my local Nexus instead of getting artifacts directly from public repositories.
http://www.sonatype.com/books/nexus-book/reference/config-sect-intro.html
Our project was able to download the most artifacts except one artifact in Maven central.
Here is the build error:
Failed to execute goal on project shindig-gadgets: Could not resolve dependencies for project org.apache.shindig:shindig-gadgets:jar:3.0.0-SNAPSHOT: Could not find artifact com.ibm.icu:icu4j:jar:4.6 in nexus (http://my_nexus_repository:8081/nexus/content/groups/public) -> [Help 1]
I see that icu4j-4.6.jar does exist in the Maven central repository. On my local nexus repository, it doesn't exist. I see only icu4j-4.6.pom exists on my local nexus repository.
It's not like my nexus repository setting is totally broken. maven project has successfully downloaded numerous jar files from multiple public repositories via my local nexus maven repository except icu4j-4.6.jar.
I don't understand why I'm having a problem with only icu4j-4.6.jar. Would it be incorrectly cached on either my local maven or nexus maven repository?
If it was incorrectly cached, how can I clean the local maven or nexus maven repository?
The similar problem is described at
Missing maven dependency using nexus setup
icu4j-4.6.jar does not show up in the search list. Only icu4j-4.6.pom shows up in the search list. I don't think is Snapshot VS Release issue because icu4j-4.6.jar seems release jar.
Is it possible that the nexus repo just stopped responding for a while? You can try mvn -X (or -d?) to get detailed info about what is going on. You might also try configuring an alternative repo.
Perhaps you haven't enabled remote index downloads from Maven Central. This would explain why only the POM file appears in your local search (The only file which has been downloaded via the proxy repo).
There might be another issue causing the download failure for the jar itself.... I suppose try and solve one problem at a time :-)
Try adding -U to your mvn arguments to force an update of your local repository.
You could also have corrupt meta data in the repo. In which case, delete that artifact from the repo's cache and let it refresh.
If the artifact in question was cached in properly from the proxy repository, using mvn -U will fix the problem
However if you are seeing pom on your nexus ,this usually happens when the artifact from the proxy repository is not cached in properly. The way to fix is
1) Browse to the component in the Proxy Repository.
2) Invalidate the cache for the repository and reindex the Nexus repository.
3) run mvn clean -U
I am using Teamcity to build by Maven based Java Project.
I have recently added a third party artifact into my Nexus Repository Manager. Now when I am building the project, I am getting the following error:
[core:project1] Failed to execute goal on project project1: Could not resolve dependencies for project core:project1:jar:1.0.0: Failure to find com.oracle:ojdbc:jar:11.2.0.2.0 in http://localhost:8081/nexus/content/groups/public was cached in the local repository, resolution will not be reattempted until the update interval of nexus has elapsed or updates are forced
Can anyone tell me how can i FORCE updates in the local repository cache on my build server? Is this something to do with Maven settings.xml ?
Try running maven with with the -U option.
http://www.sonatype.com/books/mvnref-book/reference/running.html#running-sect-deps-option
I think, that your real trouble was that the public group (nexus)
wasn't aggregating artifacts from third party.
The solution was to add a repository for third party artifacts to
settings.xml or to make a different group that will also provide
yours third party artifacts.