I'm using gitlab CI to deploy artifacts to my team's maven repository and I'm having difficulty to setup the maven credentials.
I don't want to put them on the settings.xml file since the CI runner is used by other teams with different repositories and I'd like to keep our repository clean from other artifacts.
How can I do it differently? I was thinking of using maven arguments or the POM file along with CI variables.
As you wrote you can use variable defined in CI.
Next you can use environment variable in settings.xml, eg:
<settings>
...
<servers>
<server>
<id>yourId</id>
<username>${env.CI_MVN_USERNAME}</username>
<password>${env.CI_MVN_PASSWORD}</password>
</server>
</servers>
...
</settings>
According to example you can use common settings.xml and each team will define own maven credentials.
Related
I have three Jenkins Maven jobs: one that builds and installs dependencies (JARs) and two that use those dependencies to bundle deployable WAR files.
I have configured all the three jobs to use a specific settings.xml file and, while not fully understanding the difference between the Settings file and Global Settings file (even after reading the ?, it's not clear), under Build I set both fields to the file path I wish to use, just in case:
/opt/maven/conf/settings.xml specifies:
<localRepository>/var/lib/maven/repo</localRepository>
however, the dependencies get downloaded in a different location: /var/lib/jenkins/maven-repositories/1 as /var/lib/jenkins is JENKINS_HOME.
The console output logs the following:
Executing Maven: -B -f /var/lib/code/src/pom.xml -Dmaven.repo.local=/var/lib/jenkins/maven-repositories/2 -s /opt/maven/conf/settings.xml -gs /opt/maven/conf/settings.xml clean install -P depBuild
which is confusing because maven.repo.local is different that what the file listed under -s and -gs says it should be.
Why does it not download and install dependencies in the local repo I specify in the settings.xml I tell it to use?
Here is the whole settings.xml:
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
<localRepository>/var/lib/maven/repo</localRepository>
<servers>
<server>
<id>build.tomcat.all</id>
<username>buildman</username>
<password>mypass</password>
</server>
</servers>
<pluginGroups></pluginGroups>
<proxies></proxies>
<mirrors></mirrors>
<profiles></profiles>
</settings>
Try configuring it using the Config File Provider Plugin. After installing this plugin, you can create a config file in Manage Jenkins > Managed files > Add a new Config > Maven settings.xml.
It also starts you off with a template so you can just modify what you need. I just added the <localRepository> tag after the commented explanation about it.
Then in your Maven job, choose "provided settings.xml" and select the config file you just created.
Make sure you don't have any overriding options in MAVEN_OPTS and that "Use private Maven repository" is not checked.
PS: It doesn't look like you need to do this with "Global settings.xml" - you can leave that as "Use default". My limited understanding is that the global settings affects all users of the maven system, while the non-global one only affects the user that runs maven. I don't think it matters for most projects, but maybe if you have a special project where some shell execution happens under a different user, this could be important. (I'm just guessing.)
On our jenkins box we clone our repo using https rather than ssh. However when I run the
mvn release:prepare
command it is pushing the commits via ssh. I am pretty sure it is because in my pom.xml in the scm section I have
<connection>scm:git:ssh:<internal package></connection>
<developerConnection>scm:git:ssh:<internal package></developerConnection>
I am pretty sure I can just change that to to be something like https: however where do I put the username and password so that it can connect?
The credentials are stored in mavens settings file, so that the are not exposed in the pom.
Add a server section to your ~/.m2/settings file with your GitHub user/password, i.e.
<servers>
<server>
<id>GitHub</id>
<username>[User]</username>
<password>[Password]</password>
</server>
</servers>
Add a property <project.scm.id>GitHub</project.scm.id> to your properties section in the pom.
The reference to the server Id is not detailed in the release plugin config but the top level pom properties.
The maven documentation says:
http://maven.apache.org/guides/mini/guide-mirror-settings.html
Using A Single Repository. You can force Maven to use a single
repository by having it mirror all repository requests. The repository
must contain all of the desired artifacts, or be able to proxy the
requests to other repositories. This setting is most useful when using
an internal company repository with the Maven Repository Manager to
proxy external requests.
To achieve this, set mirrorOf to *.
<settings>
...
<mirrors>
<mirror>
<id>internal-repository</id>
<name>Maven Repository Manager running on repo.mycompany.com</name>
<url>http://repo.mycompany.com/proxy</url>
<mirrorOf>*</mirrorOf>
</mirror>
</mirrors>
...
</settings>
I don't understand this paragraph.
Shouldn't it be something like this?
Using A Single Mirror You can force Maven to use a single
mirror by having it mirror all repository requests. The mirror must contain all of the desired artifacts for all the
repositories, or be able to proxy the requests to other
repositories. This setting is most useful when using an internal
company repository with the Maven Repository Manager to proxy external
requests. To achieve this, set mirrorOf to *.
<settings>
...
<mirrors>
<mirror>
<id>internal-mirror</id>
<name>Maven Mirror Manager running on mirror.mycompany.com</name>
<url>http://mirror.mycompany.com/proxy</url>
<mirrorOf>*</mirrorOf>
</mirror>
</mirrors>
...
</settings>
Where is my miss-understanding?
I mean, <mirror><id>internal-repository</id>... seems just wrong to me.
Mirror means a repository that is used as a passerelle/proxy to an other repository.
When using a repository manager like Nexus, Artiafactory, Archiva... you dispose of one local entreprise repository wich proxifies remotes ones.
So there is no need to declare too many repositories in your pom or setting.xml. Using Just one mirror which redirect all requests to the repository manager you have will be sufficient.
That is the meaning of the documentation.
As maven documentation says:
Repositories can be declared inside a project, which means that if you have your own custom repositories, those sharing your project easily get the right settings out of the box. However, you may want to use an alternative mirror for a particular repository without changing the project files.
For repositories in settings.xml, declaring mirrors for them is redundant because you can just replace the repositories directly. You should use mirrors for repositories in pom.xml.
For example. Project X is a public project that list all the repos it required in its pom.xml.
Most people can just download and build the project directly.
Alex wants to build the project on his working PC at company, and his company has an internal enterprice repo. So he uses the company repo in his settings.xml as a mirror for the project repos.
Bob cannot access some project repos directly due to connection issue. He can use other public mirrors for that repo.
Repos in pom.xml is used as default implements and mirrors should be used for special cases.
I have installed nexus on my local machine. I want my pom file to point to this repo. How can I add my custom repository to my pom.xml file?
From Maven - Settings Reference
The repositories for download and deployment are defined by the repositories and distributionManagement elements of the POM. However, certain settings such as username and password should not be distributed along with the pom.xml. This type of information should exist on the build server in the settings.xml.
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
http://maven.apache.org/xsd/settings-1.0.0.xsd">
...
<servers>
<server>
<id>server001</id>
<username>my_login</username>
<password>my_password</password>
<privateKey>${user.home}/.ssh/id_dsa</privateKey>
<passphrase>some_passphrase</passphrase>
<filePermissions>664</filePermissions>
<directoryPermissions>775</directoryPermissions>
<configuration></configuration>
</server>
</servers>
...
</settings>
id: This is the ID of the server (not of the user to login as) that matches the id element of the repository/mirror that Maven tries to connect to.
username, password: These elements appear as a pair denoting the login and password required to authenticate to this server.
privateKey, passphrase: Like the previous two elements, this pair specifies a path to a private key (default is ${user.home}/.ssh/id_dsa) and a passphrase, if required. The passphrase and password elements may be externalized in the future, but for now they must be set plain-text in the settings.xml file.
filePermissions, directoryPermissions: When a repository file or directory is created on deployment, these are the permissions to use. The legal values of each is a three digit number corrosponding to *nix file permissions, ie. 664, or 775.
Note: If you use a private key to login to the server, make sure you omit the element. Otherwise, the key will be ignored.
All you should need is the id, username and password
The id and URL should be defined in your pom.xml like this:
<repositories>
...
<repository>
<id>acme-nexus-releases</id>
<name>acme nexus</name>
<url>https://nexus.acme.net/content/repositories/releases</url>
</repository>
...
</repositories>
If you need a username and password to your server, you should encrypt it.
Maven Password Encryption
First of all I can highly recommend reading the Nexus book. It will explain the benefits of using a Maven repository manager.
There is a section on how to configure your Maven build to use Nexus:
http://www.sonatype.com/books/nexus-book/reference/config.html
This leads me to question why you altering your POM file? I suspect what you really want to do is setup Nexus as a remote repository mirror. This is done in your Maven settings file.
The following tells Maven use Nexus as your default repository (Instead of Maven Central)
<settings>
..
..
<mirrors>
<mirror>
<id>nexus</id>
<url>http://localhost:8081/nexus/content/groups/public</url>
<mirrorOf>central</mirrorOf>
</mirror>
</mirrors>
This is desired behaviour since your Nexus repository is configured to cache artifacts retrieved from Central (which is good for build performance).
Note:
The "public" repository group could include other repositories proxied by your Nexus instance (Not just Maven Central). You probabily want this behaviour, as it centralizes all repository management. It just makes your build less portable for people outside of your organization.
It seems the answers here do not support an enterprise use case where a Nexus server has multiple users and has project-based isolation (protection) based on user id ALONG with using an automated build (CI) system like Jenkins. You would not be able to create a settings.xml file to satisfy the different user ids needed for different projects. I am not sure how to solve this, except by opening Nexus up to anonymous access for reading repositories, unless the projects could store a project-specific generic user id in their pom.xml.
From the Apache Maven site
<project>
...
<repositories>
<repository>
<id>my-internal-site</id>
<url>http://myserver/repo</url>
</repository>
</repositories>
...
</project>
"The repositories for download and deployment are defined by the repositories and distributionManagement elements of the POM. However, certain settings such as username and password should not be distributed along with the pom.xml. This type of information should exist on the build server in the settings.xml." - Apache Maven site - settings reference
<servers>
<server>
<id>server001</id>
<username>my_login</username>
<password>my_password</password>
<privateKey>${user.home}/.ssh/id_dsa</privateKey>
<passphrase>some_passphrase</passphrase>
<filePermissions>664</filePermissions>
<directoryPermissions>775</directoryPermissions>
<configuration></configuration>
</server>
</servers>
If you don't want or you cannot modify the settings.xml file, you can create a new one at the root of your project, and call maven passing it as a parameter with the -s argument:
$ mvn COMMAND ... -s settings.xml
From maven setting reference, you can not put your username/password in a pom.xml
The repositories for download and deployment are defined by the repositories and distributionManagement elements of the POM. However, certain settings such as username and password should not be distributed along with the pom.xml. This type of information should exist on the build server in the settings.xml.
You can first add a repository in your pom and then add the username/password in the $MAVEN_HOME/conf/settings.xml:
<servers>
<server>
<id>my-internal-site</id>
<username>yourUsername</username>
<password>yourPassword</password>
</server>
</servers>
I'd like to use CloudBees for my CI environment, but I'd also like to deploy my Maven artifacts to my existing private Nexus repository. In my current local Hudson setup, I utilize the username/password settings within the .m2/settings.xml file as follows:
...
<servers>
<server>
<id>my-repository</id>
<username>username</username>
<password>password</password>
</server>
</servers>
...
How/where can I configure these credentials on CloudBees?
You can put these in your private webdav filestore: http://wiki.cloudbees.com/bin/view/DEV/Sharing+Files+with+Build+Executors
Then, just point Maven at this by passing the '-s' option, or clicked the "Advanced" section of your Maven build and add the path in the "Alternate settings file" field.
You should follow this step by step guide:
http://developer.cloudbees.com/bin/view/DEV/Accessing+under+an+external+Maven+repository