Where to save the setting-security.xml file to use Maven encryption? - maven

We are using TeamCity 9.1 and the default bundled Maven version 3.0.5
In the build, we are using Maven to interact with a Nexus server.
We would like to encrypt the password in the Maven settings.xml file as described in this article:
http://maven.apache.org/guides/mini/guide-encryption.html
This requires a settings-security.xml file which should be in the same folder as the Maven settings.xml one.
The setting.xml file is saved in TeamCity, and deployed to the server as a custom "User settings selection" file - so I don't know where it is being deploy to on the agent.
Where should we save the settings-security.xml file ?
Should this be manually deployed to all the agents? and if so, in which folder should it be?
(We have both Windows and Linux agents)
I'm not sure what is the best practice to use an encrypted Maven password in TeamCity, so I'd appriciate any help.
Thanks

"I don't know where it is being deploy to on the agent" .. You can find this within the build log output .. Just search for settings.. With User settings file, they are typically stored in a temp directory in the build agent.
When you attempt to encrypt your password using (as per the encryption guide):
mvn --encrypt-password my_password
It expects to find: settings-security.xml; if this isn't present you will get.
[ERROR] Error executing Maven.
[ERROR] java.io.FileNotFoundException: /home/krbuild/.m2/settings-security.xml (No such file or directory)
[ERROR] Caused by: /home/krbuild/.m2/settings-security.xml (No such file or directory)
So the security file needs to be stored on each agent on which you intend to run your build configuration (not in VCS). There is still no dedicated support for this feature; see TW-39595
The work around would be to set an agent property, e.g.
path.to.maven.security=/path/to/file/security-settings.xml
Then refer to it in your Maven build step:
-Dsettings.security=%path.to.maven.security%

Related

Setting dynamic password from Maven

We've started using an AWS CodeArtifact Maven repository. Before connecting, developers must run a command ("aws") to acquire a temporary access token. How can I configure Maven to acquire and use this token automatically, without requiring running a script, configuring an IDE or changing the simple command line "mvn install"?
Maybe there's a trick I'm overlooking.
The token must be "interpolated" in the element <server>/<password> in settings.xml. This file will pre-process either an environment variable ({$env.token}) or a Java system property ({$token}). It will not process a project property.
The repository password cannot be specified within the POM file.
The settings.xml file cannot use project properties.
The exec-maven-plugin cannot set an environment variable in the parent process (Windows). It can write to a file.
The properties-maven-plugin cannot set a dynamic system property (e.g., from a file or script output).
The surefire plugin binds to the test phase and forks a JVM.
The Windows setx command does not affect the running process.
UPDATE: Maven downloads repository metadata before the first phase, so no plugin will solve the problem.

how to do force deploy maven project via jenkins..?

when I do deploy of maven project via jenkins the output says success but i cant see changes on the server. what i can see is the target folder on the jenkins server contain all the required changes but dont know why it is unable to deploy those files on the test server, below are some details.
command to deploy
clean package jboss-as:deploy -DjbossUser=${jbossUser} -DjbossPass=${jbossPass} -DjbossServer=${jbossServer} -DjbossServerPort=${jbossServerPort}
file type that contain the changes : *.html & *.js
Any help is appreciated
Thanks
Kapil
I also faced similar issue. It seems there are some deploy mechanism exists in Jenkins where the version is configured. It should take the build(snapshot) version from pom.xml

jenkins is not using local maven repository

I have few jars which I have installed in my local maven repo(in windows under user/.m2). While building the project from command-line it's perfectly downloading the jars and packaging it.
Now I have created a Jenkins job (mvn clean package) to do so, but while running the jobs it's not picking up those jars from local repo instead trying to download it from central repo.
I tried all possible solutions available in Internet but still no luck. Can you please how I can configure Jenkins so that it should download those jars from my local repo ?
I also tried :-
1. offline mode
2. gave local repo path in settings.xml
3. use of nexus/artifactory in not an option for me
Seems maven executed by Jenkins not used the settings.xml in your local
you can try to change the maven command/goal in Jenkins job configuration with one more option:
-f <your local settings.xml path>
you can copy the settings.xml to your source code folder for debug purpose, after prove it work, then consider how to prepare the settings.xml for jenkins job with below options:
Option 1 use Config file provider plugin
Click Config Files -> Add a New Config -> Maven settings.xml
Change name and set your xml into content field:
In your job configuration, click the Advance... button in Build Section, choose your added settings.xml as below:

maven password encryption (settings-security.xml) not working using external binary through m2e

I am using eclipse indigo, with subclipse 1.8, and the latest version of m2eclipse. However, due to the fact that the embedded version of maven within m2e is broken when performing releases, I have configured eclipse to use my maven installation located at e:/maven-3.0.3.
Instead of storing my settings.xml file in C:\Users\Sam.m2 like I normally would, I am now storing my settings.xml file in e:\maven-3.0.3\conf, for uniformity purposes. Since I am not using the embedded version of maven, it makes sense to use only one settings file, located where my external binary is.
Here is the problem - I have created a master password and stored it in settings-security.xml and put it in my c:\users\sam.m2 directory, according to the format on the maven mini-guide. I have also duplicated it and stored it in my e:\maven-3.0.3\conf directory. The settings-security file exists in both places, before I run "mvn --encrypt-password" from the command line. So then I do "mvn --encrypt-password myrepopass" after my master password is created, and settings-security.xml is located in both places.
When I put plain-text passwords in settings.xml, everything works fine. When I encrypt them using the master I have specified, I get this error when trying to do something which checks out from scm (such as mvn release:prepare). Not sure why this isn't working.
[ERROR] svn: E170001: OPTIONS of 'https://secure.myrepo.com/svn/scoresecret/trunk /scs-global-parent': authorization failed: Could not authenticate to server: rejected Basic challenge (https://secure.myrepo.com)
It turns out that for some reason, the maven encryption mini-guide technique doesn't work with SCM servers - only artifact repositories. Not 100% sure why, but others have had the same issue.

Access Maven build properties in Jenkins post-build script to retrieve deployed artifact

I've got a Maven project that Jenkins builds and deploys to a remote repository. I then need to copy the deployed .war to an external location. I've been trying to do this with a post-build shell script but I don't see any way to get the build information from maven (for example, the URL of the deployed artifact). Is there a way to get it, or a way to do this that's more integrated into maven? I can calculate the deployment path using Jenkins build parameters but it seems like a hack.
Thanks,
Steve
After a maven build you should always find the build artifact at
target/<artifactId>-<version>.<packaging>
You can access this path within the maven pom.xml by using the maven properties (see pom reference)
${project.build.directory}/${project.artifactId}-${project.version}.${project.packaging}
To copy the artifact to another location after the build you can use several approaches described e.g. in this thread.

Resources