Maven repository hosting for non-public artifacts? [closed] - maven

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 5 years ago.
Improve this question
Is there some hosting solution, be it paid or free, that offers explicit maven repository hosting for non-public artifacts, preferably with support?
These are the alternatives I'm aware about:
Hosting on your own public server with credentials
For open source projects, there is free sonatype hosting
Hosting on Amazon
It can be hosted on github, google code or some other VCS hosting
However, all of these either require some maintenance overhead beyond just using the repository manager (beyond just using nexus) and/or are not really fully supported solutions, or are not meant for closed-source projects.
If I need to have a solution that is available on the internet but it is "private" as it should be available for the people of the Company only, are there some other alternatives? I'm assuming here that there is no server that is already public, so having a new server just for maven artifact hosting seems a bit big. I'm a bit surprised that I was unable to find commercial alternatives.

I'm developer of mymavenrepo.com - it's very simple maven hosting which perfectly fits for personal use and small companies

Jfrog offer their artifactory repository manager as a cloud service.
Personally some of the default configuration choices ("fixing" metadata, etc) are just plain wrong, but you can configure it to do the right thing.
(Full disclosure: both jfrog and sonatype are partners of cloudbees (my employer))
Edit:
They offer a 30-day trial, and their pricing can be seen here.

JitPack is a services that makes it easy to host non-public (private) Maven artifacts.
The way it works is that it builds your private Git repositories from source and publishes resulting artifacts.
The artifacts are only accessible to you and those who have access to Git repo itself, like people in your company.
The way you use it is by adding the repository and point your dependencies at the Git Repo:
Add repository:
<repository>
<id>jitpack.io</id>
<url>https://jitpack.io</url>
</repository>
Add dependency
<dependency>
<groupId>com.github.User</groupId>
<artifactId>Repository</artifactId>
<version>Tag</version>
</dependency>
More information and authentication in the docs. Their pricing can be seen on their pricing page.

I've been searching for this as well and came acrosss this link https://blog.openshift.com/nexus-repository-manager-in-the-cloud-for-free-with-openshift/ which explains how to set up a Nexus application on OpenShift. I followed the steps outlined in this page and got it up and running pretty quickly. You can disble the "anonymous" user to remove public access and set up your own users. It can tie into LDAP you have that available.

It seems there is a service called deps about to open in 2017. From their description, it sounds like the answer to my question, but we'll have to see how it turns out.

This might be considered a promotion, but we just released support for hosting Maven repositories in the cloud at Deveo. There is no other information available yet than the release blog post. The pricing, however, should be more friendly than what jFrog offers.
Disclaimer: I'm affiliated with the company.

There is no commercial offering of Nexus Repository in the cloud as such, but any managed server that includes the features to run a Java application is suitable. And there are LOTS of them around. And others partners like CA automatically include it in a stack they provision for customers.
The only overhead you are going to have to manage is to install and run Nexus Repository. That however is trivial and can be done within a couple of minutes.
Depending on your usage you could even run this on a VM that you turn off when no one needs it. E.g. out of 24 hours a day .. if your dev and CI servers only need it for 12 .. shut the VM down the rest of the time. And you can automate that all easily as well.

DropBox is another possible option see https://code.google.com/p/peter-lavalle/wiki/MavenOnDropBox

Related

Continuous Integration/ Delivery Tools (EOL Bamboo)

I've been looking through the site and I have found some information with regards to this topic, but most of the information is old and possibly outdated.
example: Continuous Integration tools
We are: We're a SaaS product with a microservice (200+) architecture.
We have: We currently do our building through bamboo, and we use nexus as an artifact manager with proper versioning. We deploy those artifacts using bamboo to many different machines. For our frontend deployment we build our code through continua and use AWS codedeploy to handle the deployment. We use Bitbucket and Jira for our development. We have done a POC with bitbucket pipelines but we were lacking proper version management there as well as proper environment management. Setting up 10 servers for every repository manually is just something that we don't want to do.
We want: Since bamboo is EOL next year and since there are many alternatives with different levels of complexity we are currently unsure about the tools that are most suited to our needs. We are currently running everything on dedicated linux machines, but we want to switch to docker containers in AWS in the near future. Support for running gulp scripts etc. would be great since that could help us move from continua and bamboo to one single solution.
The setup of bamboo has been a struggle in the past due to difficulties with the software itself. A nice balance between features and complexity would be best. Does anybody have experience with one or more of the options out there? Some that come to mind are CircleCi, teamCity, GitLab, Jenkins and AWS codePipeline.
Many thanks,
Kenny
Bamboo doesn't EOL next year, but Atlassian forces to switch from perpetual licenses to DC licences to be renewed every year. You can get discount prices when switch to Server to DC licenses. See details at https://www.atlassian.com/licensing/data-center
I would propose Kraken CI. It is open-source and can work on-premise but in the cloud as well. In the cloud, it has support for AWS and Azure, and can do autoscaling depending on a number of tasks.
If you are interested please contact me.

How to integrate Maven and Github without third party services?

I am currently using JitPack to access my GitHub repository via Maven. I used to love JitPack, but their servers seem to be overwhelmed, they have terrible technical support, so all in all I'd like to stop using it. Does anyone have a suggestion on what is a good way to achieve a similar result? In other words, I'd like to be able to push a change to my GitHub repo, tag it, and be able to use it in my maven builds immediately.
My follow up question is: why is there even a need for a third party server to host these jars? Is there any way to simply have maven pull these github repos, compile them locally, storing cache in ~/.m2, and that's it. For most of my development effort, this would be enough. I find myself constantly at the mercy of JitPack's crappy servers and poor service that drive me crazy.

Nexus Site Repository: Can I use SCP?

We run a Nexus 2.14 with a site repository. At the moment, we deploy the sites using DAV, which is at times quite a burden for the server because a lot of small files are transferred separately.
SCP would probably be a better alternative, but I found no information whether this is supported by Nexus and if so, what I need to do to use it.
The Sonatype support told that this is not possible.

Does Artifactory offer similar feature that the procurement suite in Sonatype Nexus Pro does?

I am researching the pros/cons of Artifactory and Nexus.
There is a feature in Nexus that I like very much -- the procurement suite. It provides GUI to define the procurement rule. After the procured repository is populated with all the artifacts needed for the build, the admin can choose to stop the procurement and the procured repository is reverted back to be a local repository. As I understand, Artifactory provides includes/excludes pattern definition in the remote repository to achieve similar control, but it is far more rudimentary than what Nexus offers. I am not an expert on Artifactory. Does Artifactory offers something more advanced to tight control the artifacts used in the build, like the procurement suite does?
BTW, I like Artifactory's Watch feature, sending email when a add/delete/update happens in a watched repository. Nexus does not offer email notification, though it provides RSS feed. Artifactory does not support RSS feed now, but it says this feature is in development. Sometimes I just wish there is one product that can offer all these features combined. :-)
Ok. The JFrog folks gave me the official answer and would like to share with everyone. Theincludes/excludes pattern I mentioned in my original question is the main mechanism Artifactory uses to control the access the artifacts in the build. Besides that, Artifactory also offers something called License Control Addon in their Pro version. It basically allows you to manage and get alerted for unauthorized licenses of 3rd party libraries and dependencies when they are getting deployed from your CI server. It does not directly apply to my use case, but it is good to know. Also they pointed out that as a user, I can use their User plugin API to do whatever I want. That's also good to know, but at least for now, I am not interested in developing a plugin for Artifactory myself.
It's been a while since I used artifactory, but I think when you configure a repo, you have the option on applying a regex to the artifacts that it will pull. That might do what you need/want.

Is there a publicly accessible bamboo instance running anywhere?

I'm looking for a publicly accessible bamboo instance, preferably an official Atlassian one, and preferably building some realistic projects.
I think one used to exist at http://opensource.bamboo.atlassian.com -- or so say the Atlassian Forums -- but it appears to be dead now. Any others out there?
I also posted this question on the Atlassian Forums and got an answer there. Here's the gist:
Some Atlassian projects (smaller ones, like libraries) use instances that can be accessed. One such instance can be found here.
Furthermore, Atlassian supports open source/non-profit projects by issuing free licences. Projects making use of such licenses to host publicly facing Bamboo instances can be found by performing an appropriately constructed google search. Here are some examples:
Publicly accessible Bamboo instances in a recent version
Publicly accessible Bamboo instances of open source projects
All Bamboo instances used by open source projects

Resources