I have a GitHub repo with a library published to its own GitHub packages maven repository. And I also have another project where I want to reference this library as a dependency.
When I add the following configuration to the POM file of my project it just doesn't work.
<repositories>
<repository>
<id>github</id>
<name>GitHub Packages</name>
<url>https://maven.pkg.github.com/test-account/test-lib</url>
</repository>
</repositories>
It requires me to authenticate. I understand that this is pretty logical as it is basically not a sources repo but an underlying maven repo. But is there a way to have normal maven access to this dependency? My library is in the public repo.
P.S. Please, do not suggest using Jitpack as I would like to have clean solution without any additional resources.
The answer seems to be "you can't". See this comment from a GitHub staff member:
Our Maven service doesn’t allow for unauthorized access right now. We plan to offer this in the future but need to improve the service a bit before that.
For now the simplest option seems to be to create a personal access token with read access and include it in the URL of the <repository> section in your pom.xml, like this:
<repository>
<id>github</id>
<name>GitHub Packages</name>
<url>https://my-user:b96e7de7514e45c5#maven.pkg.github.com/my-user/my-repo</url>
</repository>
Otherwise, options are probably:
Create a personal access token with read access and just share it with the whole world.
Use the workaround described here
Publish to Maven Central (but that's a whole world of pain)
Currently, you cannot. There is an ongoing discussion here with this feature request. You can find multiple workarounds in that discussion thread and also voice your opinion.
The accepted answer no longer works.
Currently GitGuardian automatically revokes the Personal Access Token (PAT) if that method is applied in public repositories. As recommended by GitHub staff, the work-around solution is the following:
Create a PAT with just the read:packages scope
Execute docker run ghcr.io/jcansdale/gpr encode
This will output the following:
$ docker run ghcr.io/jcansdale/gpr encode 0123456789abcsef
An encoded token can be included in a public repository without being automatically deleted by GitHub.
These can be used in various package ecosystems like this:
A NuGet `nuget.config` file:
<packageSourceCredentials>
<github>
<add key="Username" value="PublicToken" />
<add key="ClearTextPassword" value="0123456789abcsef" />
</github>
</packageSourceCredentials>
A Maven `pom.xml` file:
<repositories>
<repository>
<id>github-public</id>
<url>https://public:0123456789abcsef#maven.pkg.github.com/<OWNER>/*</url>
</repository>
</repositories>
An npm `.npmrc` file:
#OWNER:registry=https://npm.pkg.github.com
//npm.pkg.github.com/:_authToken="\u0030123456789abcsef"
You can use this snippet in you project’s configuration file.
Note, you shouldn’t include your own read:packages PAT if you have access to any private packages you need to protect. In this case it is best to create a machine-user.
If you don't consider as additional resource a Gradle plugin, then I'd suggest you mine
I was exactly in your shoes, you can either:
have a Github repository acting as a Maven repository
or publish on Github Packages and easier the consumption for Gradle
clients
Related
Some background:
I have copied the master branch of an external github repository, not owned by me, into a personal repository
This repo contains a Java project and uses Maven for building and compilation
The group ID defined in all pom.xml files is org.mylibrary (let's assume)
When deploying to Artifactory, the deployment is done to myrepo/org/mylibrary/...
I'd like to deploy instead to:
myrepo/org/myorganization/mylibrary
but I would like to avoid editing all the pom.xml files, and replacing all lines containing:
<groupId>org.mylibrary</groupId>
with:
<groupId>org.myorganization.mylibrary</groupId>.
I'm configuring the deployment via the distributionManagement element:
<distributionManagement>
<repository>
<name>releases</name>
<id>deployment.credentials</id>
<url>https://artifactory.lab.myorg.org/artifactory/myrepo</url>
</repository>
</distributionManagement>
What's a clean way of solving this? Replacing the groupId definition in all pom.xml files does the trick, but, as said, that's something I want to avoid.
Thanks!
When deploying to any repository, Artifactory utilizes the layout that is configured for this repository. By default, for Maven repositories, Artifactory uses the "maven-default" layout.
I would recommend you to first add your requested layout and then configure your repository with the newly created layout.
I hope this information is found helpful.
I'm having an error while listing the Mavaen Repository Artifacts in my Jenkins server configuration. Error is given below.
No versions could be resolved for groupid.artifactid rtis.rtis_2.11
But my Nexus server contains the available rtis versions correctly. My point is how I can retrieve those versions available in Nexus server to my Jenkins server?
Available versions in Nexus server
Any help would be greatly appreciated.
Thank You.
As I figured out, automatically upadating mavan-metadata.xml file is the solution. In order to update the file, create a task sheduler for rebuild metadata with a cron job.
Go to Administration -> Scheduled Tasks in Nexus Repo. For more info, please refer to the image given below.
Jenkins is not finding nexus repository to resolve the artifact.
Verify these settings are correct in Maven POM:
<repositories>
<repository>
<id>project</id>
<url>https://yourreposerver/nexus/content/groups/public/</url>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<id>project</id>
<url>https://yourreposerver/nexus/content/groups/public/</url>
</pluginRepository>
</pluginRepositories>
Also, Jenkins plugin help page, will give you more information on what kind of settings you might be missing while setting up your job.
You have to specify the type in the dependency to be downloaded. By default in Maven it is 'jar'. However in your case it it 'tgz' so you have to specify that provided that is possible in the Jenkins user interface. I can not see that option but it should be there.
The other potential problem is that is was flagged as not found in the local repository Jenkins is using. Then you would have to either delete the metadata or force an update of it. On the Maven commandline this would be done with -U however in your UI I am not sure.
I am in the process of learning maven and setting up a build environment. One thing I can't figure out, how to set up a project such that it finds a company-wide parent pom. I would like this to work:
$ git clone some_project
$ cd some_project
$ mvn install some_project
The some_project/pom.xml should reference a company-wide pom which it could get from a company maven repository. But where do I specify the company repository?
Putting it in some_project/pom.xml would probably do but then the location is hardcoded in many projects, which could lead to quite some trouble down the road should the server location change.
Having it in settings.xml could work I guess but would break the above requirement.
Edit
Thanks for the answers. I am going with the settings.xml solution although it won't allow the above sequence of commands. Seems like there is no solution that does not require some sort of initial manual setup and of the proposed solutions settings.xml is the simplest to me. Therefore I can't decide which of the two answers to accept. Both are equally good.
Here's the part from settings.xml I came up with:
...
<profiles>
<profile>
<activation>
<property>
<name>!skip</name>
</property>
</activation>
<repositories>
<repository>
<id>internalrepo</id>
<name>Central Internal Maven Repository</name>
<url>http://server.company.example.com/mvnrepo</url>
</repository>
</repositories>
</profile>
</profiles>
...
I'd recommend putting it in settings.xml.
If your company runs its own maven repo, it makes sense to have this configured in settings.xml - especially as you may need to add things like access credentials, which of course should never appear in a (shared) project pom. The only downside is that each user will have to jump through one additional (one-time) hoop when first installing their maven client.
An alternative is to not actually get the root pom from the company maven repo initially, but instead install it directly into your local repo from git. If your root pom is itself a maven project (which is not uncommon) and is available in git, simply clone it and run mvn install.
Putting the company repository URL in settings.xml is considered a good practice. You can also have associated username/password needed for repository upload.
If you care about repository relocation, you must rely on a good DNS choice (repository.mycompany.com is generaly fine) and a good usage of web servers rewrite rules.
I am trying to configure the deploy step in a Maven 3.0.4 POM using the <distributionManagement> tag. From XSD for POMs (line 1389), it suggests that merely providing the id should allow Maven too look up the corresponding values from the settings.xml file. I have the desired server listed (which is configured correctly since I can pull dependencies from it and see it mentioned when running in -X debug mode: [DEBUG] Repositories (dependencies): [archiva.snapshots (http://snap-mvnrepo.initech.com/archiva/repository/snapshots, releases+snapshots)]) in the settings.xml. However, when I just provide the <id> in my POM and try to deploy, I get an error that Maven is missing the URL for the repository, but when I explicitly provide the <url> the deploy works.
Does anyone know what I should do to get it working by id only? I don't want to hard code the URL.
DISCLAIMERS: Typos are likely the result of anonymization, but it is possible that they are "real" so feel free to point away at any.
About the <id> child tag of <repository> from the XSD for POMs (line 1389):
A unique identifier for a repository. This is used to match the repository to configuration in the settings.xml file, for example.
From my settings.xml:
<profile>
<id>archiva_dev</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<repositories>
<repository>
<id>archiva.snapshots</id>
<name>Initech Internal Snapshot Repository</name>
<url>http://snap-mvnrepo.initech.com/archiva/repository/snapshots</url>
</repository>
</repositories>
</profile>
From my (failing) pom.xml:
<distributionManagement>
<repository>
<id>archiva.snapshots</id>
<!--
<name>Initech Internal Snapshot Repository</name>
<url>http://snap-mvnrepo.initech.com/archiva/repository/snapshots</url>
-->
</repository>
</distributionManagement>
The error:
Caused by: java.lang.IllegalStateException: Failed to create release distribution repository for com.initech.ws:initechws:pom:1.0-SNAPSHOT
at org.apache.maven.project.MavenProject.getReleaseArtifactRepository(MavenProject.java:1853)
at org.apache.maven.project.MavenProject.getDistributionManagementArtifactRepository(MavenProject.java:1377)
at org.apache.maven.plugin.deploy.DeployMojo.getDeploymentRepository(DeployMojo.java:227)
at org.apache.maven.plugin.deploy.DeployMojo.execute(DeployMojo.java:118)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:101)
... 20 more
Caused by: org.apache.maven.artifact.InvalidRepositoryException: URL missing for repository archiva.snapshots
at org.apache.maven.repository.legacy.LegacyRepositorySystem.buildArtifactRepository(LegacyRepositorySystem.java:775)
at org.apache.maven.project.MavenProject.getReleaseArtifactRepository(MavenProject.java:1843)
... 24 more
The /project/distributionManagement/id value defines the /settings/servers/server/id to match against in order to identify the credentials to use when connecting to the url specified by /project/distributionManagement/url
Because the URL for deployment is very often different from the URL for read access, and the same credentials may apply to multiple URLs, there is no looking up of /project/repositories/repository or /project/pluginRepositories/pluginRepository.
The short answer is thus that you must specify /project/distributionManagement/url in order to be able to deploy, and if you need credentials in order to deploy to that URL you need to specify /project/distributionManagement/id and ensure that the matching credentials exist in your settings.xml
How could we update the documentation to make the above clearer and prevent future users from becoming confused in the manner you have been?
Update
The modello toolchain is generating the XSL with only some of the sentences, so
A unique identifier for a repository. This is used to match the repository to configuration in the settings.xml file, for example.
Is actually
A unique identifier for a repository. This is used to match the repository
to configuration in the settings.xml file, for example.
Furthermore, the identifier is used during POM inheritance and profile
injection to detect repositories that should be merged.
Source
Finally in order to fully make sense of the sentence, you need to be aware that the settings.xml file is just the source of settings when Maven is invoked from the command line. Maven Embedder may actually mean that the settings provided to Maven come from some other source entirely (think, e.g. from the configuration database of Eclipse or another IDE) which is the reason for some of the fun in MRELEASE-577.
A better way to read the first sentence might be
A unique identifier for a repository. This is used to match the repository to configuration, for example in the settings.xml file.
But if you can suggest something even better I will update the docs accordingly
I have several projects which use Maven and I would like to run an internal repository on my work network. I have several libraries which are from third parties and cannot be released into the wild, as well as a few libraries of our own which need to be available within the network (including to our TeamCity CI Server) but cannot be deployed outside the network. After a bit of research, I found three main recommendations on how to accomplish this: Archiva, Artifactory, and Nexus. I have tried each, and have failed to achieve a successful build of any of my projects using the internal repositories created by any of them.
This leads me to believe that I am misunderstanding something or doing something wrong. Does anyone know of a tutorial that will walk me through setting up and internal Maven repository and integrate it with my project?
I have only worked with Nexus, but I found it very easy to install:
Go to http://www.sonatype.org/nexus/go to download the OSS version
Get the 'WAR' distribution
Install the servlet in my installation of Tomcat, via the Web Application Manager
At that point, I can visit http://myserver:8080/nexus to see everything working.
For a superficial setup, I add the default password to my settings.xml:
<servers>
<server>
<id>my-snapshots</id>
<username>admin</username>
<password>admin123</password>
</server>
<server>
<id>my-releases</id>
<username>admin</username>
<password>admin123</password>
</server>
</servers>
and in my POM file:
<distributionManagement>
<snapshotRepository>
<id>my-snapshots</id>
<name>My internal repository</name>
<url>http://myserver:8080/nexus/content/repositories/snapshots</url>
</snapshotRepository>
<repository>
<id>my-releases</id>
<name>My internal repository</name>
<url>http://myserver:8080/nexus/content/repositories/releases</url>
</repository>
</distributionManagement>
To go beyond this, the learning curve jumps up quite a bit, but I found Sonatype's online books to be pretty good. Repository Management with Nexus is the one for understanding what you can do with the repository server. The only thing I found tricky is that some of the info applies only to their commercial software and they don't work too hard to advertise the difference.
Repository managers like Archiva and Nexus are more than just an internal repository. They serve as proxies that obviate reaching out to Maven central or other external repository.
For just an internal repository all you need is a network or HTTP accessible location that has the structure of a Maven repository. Then you refer to it as another repository in your settings file.
<repository>
<id>my-internal-repo</id>
<url>http://myrepo.mycompany.com/</url>
</repository>
See more in Maven's documentation at http://maven.apache.org/guides/introduction/introduction-to-repositories.html.
I would suggest to use the Nexus evaluation guide (latest available version is 2.13 now) that comes with the Nexus Pro Installer, but also works with Nexus Open Source for the simple use cases of proxying and deploying components.
The examples are also available on github and include setups for Maven, Ant/Ivy and Gradle. Once you have a look at the examples and read the guide you will be able to set up your projects in the same way easily.
And of course if there is any problems you can always ask on the mailing list or chat with the developers on hipchat