Exposed local m2 artifacts from a servlet - maven

Is there a java library that will help in serving the local m2 artifacts under a specific endpoint servlet?
For example: /maven.
Note: I'm familiar with Artifactory and such, but this is not the setup I am looking for.
It's more like I have a project and I want that project to expose the jars in the machine where that project is running.

Working with files is always tricky, you can easily expose data from other directories which can be used by attacker.
To your question: As khmarbaise wrote I'd also really recommend to use Nexus / Artifactory. But if you just need to expose your local repository "the easy way" and "the safe way", you can use web server like Apache2 or Nginx and serve your artifacts as static files.
Lastly if you really want to go to the "danger zone", it's pretty easy to write a Servlet which returns file in some directory, you would call it for example like this: http://localhost:8080/FileServlet?file=junit/junit/4.12/junit-4.12.jar And then use this rewrite filter: https://www.ocpsoft.org/rewrite/ to change URL for example to: http://localhost:8080/repo/junit/junit/4.12/junit-4.12.jar

Related

Is it possible to use a Nexus Repository to store a Gradle Remote Build Cache?

I have access to a private Nexus Repository and would like to speed up my CI builds and thought that I could use the private repository to store and access my build cache. Is this a possibility or a dead end?
It works like a breeze.
Just create a "Raw" repository and give a user write permission for it.
This user then is used to fill the cache and you can use another user or anonymous access to read from the cache.
I just tried it minutes ago.
Any web server that supports PUT for storing files and GET for retrieving the same files should be fine with the default HttpBuildCache implementation.
You can even provide an own client-side implementation to use any remote service you want as build cache.
No.
Gradle's remote build cache is one of the selling points of Gradle Enterprise. So it's not something you can just "plugin" to another piece of software like Nexus.
There is however a Docker image that is designed to work with Gradle Enterprise. Maybe you could make use of that somehow.
But again, the remote build cache is a selling point of Gradle enterprise and as a result is designed to work with Gradle enterprise.
https://gradle.com/build-cache/

Download artifacts from Maven repository without using Maven

In various shell scripts, we need to download artifacts from a Maven repository (Nexus 2.x at the moment, but may change in the future).
The servers that run the scripts usually have no Maven installed. So I am looking for something http based.
On the one hand, there is a REST interface which can be used like
wget "http://local:8081/service/local/artifact/maven/redirect?g=com.mycompany&a=some-app&v=1.2.3"
On the other hand, you can construct a "standard" URL that seems to work for different Maven repositories. It consists of a prefix, then the groupId with slashes instead of dots, then the artifactId, then the version and then a file name of the form artifactId-(classifier)-version.type.
What is the recommended practise?
The Maven coordinates section of the POM reference describes the second scenario you mentioned. In general I've found that pattern easiest to explain to folks learning Maven, i.e. whether local or remote, an artifact is located at
$REPO/groupId/as/path/artifactId/version/artifactId-version[-classifier].type
where $REPO can be $USER_HOME/.m2/repository or https://remote.repo:port/....
I would also prefer the second as I suspect it will be easier for this app to work with another repository some day if needed. Even if not quite true, it's more self-documenting, so seems like it would be easier to adjust.

How to get a list of components and related assets out of Nexus3?

I am trying to export assets out of Sonatype Nexus3 so that I can refactor our software artifact persistence. Primarily I want to use Nexus3 as a mirror/grouping tool for disparate repositories and not push to it directly as we currently do. For this to work I need to extract all of our Docker, Maven, and NPM components/assets out of it. The problem is, Nexus3 uses blob stores for asset persistence and I want the raw assets out.
Docker images are easy. I can just walk each repository's Docker Registry API to get a list of images to pull and then push them to a new location.
For Maven artifacts, however (and I assume this applies to NPM artifacts as well), I am unable to export repositories using something like the Maven Wagon Plugin's copy goal or just about anything else because all solutions that I have seen rely on directory listing which has not been implemented in Nexus3.
If I was able to get a listing of all components and associated assets in the Nexus3 hosted repositories this would be tedious but good enough to script. Is there some CLI or API trick to extracting such info out of Nexus3? Is there a query I can run against the embedded OrientDB instance after logging into the Karaf OSGi console?
Looking for some pointers!
You might find some help in the answer here: Using the Nexus3 API how do I get a list of artifacts in a repository
I think this will get you where you need to be :)

TeamCity local artifacts path pattern

I want to create automatic upload to ftp, using 'FTP Upload' runner, with different build configuration, which depends on successfull build of main configuration. But the thing is I don't know the pattern. As for now path looks like this:
C:\ProgramData\JetBrains\TeamCity\system\artifacts\<project_name>\<build config name>\528
What variable contains this last number?
The problem was with bad description of my problem, more definiteve one:
I have to store artifacts on FTP. FTP is on the same machine as TC server and agent (don't ask me why). So I have to somehow grab artifacts and put them into ftp://"project"/msi and ftp://"project"/nuget, depending on build configuration. I've tried: Grabbing artifacts directly - from folder shown in the initial post, idea failed.
The solution is to create another build configuration and set Artifact dependencies, this makes artifacts reachable from new build configuration, which allows to use FTP Upload runner.
Thanks everyone!

Nexus OSS: publish to static mirror

Do you know a way to configure Nexus OSS so that it publishes the artifact repository to a remote server in a form that can be statically served, e.g. by Apache Httpd? I'd like to use this static copy to serve only my own artifacts, so the nexus server could actively trigger an update in case there is something new published.
Technically, I think it should be possible to create the metadata for the repo and store them in a static file, but I'm not sure with that. Any hints appreciated.
If there is another repo manager to achieve that, it would be fine for me as well.
I clearly understand the advantages to use the repo manager directly, but due to IT rules I can run Nexus only internally and it would be necessary to have these artifacts available in a (private) repo copy on the Internet as well.
A typical way to solve this IT requirement of only exposing known servers like Apache httpd is to setup Apache httpd as a reverse proxy as documented here.
You can use that approach in a more restrictive way by only exposing a specific repository or better repository group (so you can combine snapshots and releases) and tying that together with a specific user or a specifically restricted setup of the anonymous user that is used by default when no credentials are passed through.
Also if you need more help feel free to contact us in the user mailinglist or on hipchat.

Resources