We're trying to setup Gradle to publish artifacts to Artifactory. There are two sets of credentials that can be configured, a "deployer" and "resolver". The deployer seems fairly obvious, as the target repository is read-only, a set of credentials are necessary to authenticate for deployment.
However, what is this "resolver" in the context of maven repositories. We are already using Gradle's dependency management, so project dependencies are already getting resolved via the repositories we have configured using Gradle.
So what's the point of this second "resolver" configuration, and why would it need credentials?
Thanks.
If you're using the Gradle Artifactory Plugin, then it allows you to set optional user/pass for a repository that requires authenticated read access (can be set in Artifactory using permission targets).
A maven (or ivy, if configured) repository with these credentials will be added to your project by the plugin behind the scenes.
I think this is needed e.g. if you use your own enterprise repository (like Nexus or Artifactory) and you even need credentials to read that repositories (which may be the case in companies).
Related
Currently I am using bamboo for maven builds. Artifactory is being used for artifact deployment. During initial bamboo setup, artifactory admin user and password got configured in maven settings.xml. Due to admin privileges, bamboo plan everytime overwrites artifact at the time of deployment. I would like to stop this artifact overwrite behavior.
I would like to:
Replace admin account in settings.xml with another account which will have only artifact upload access in Artifactory.
Teams will use their own generic ID in bamboo plans for uploading artifacts to Artifactory.
Is there any other standard solution to fix this overwrite problem.? I am not sure how teams will be able to pass their artifactory generic id and password for maven build in bamboo. And is this industry used approach while dealing with maven builds for multiple teams in Bamboo/Jenkins.?
Thanks,
Pushpraj
You can configure different Artifactory users for each of your Bamboo Plans. Here's how you can achieve this:
Install the Bamboo Artifactory Plugin on your Bamboo instance.
The plugin adds an "Artifactory" section in Bamboo's Administration. Configure the details of your Artifactory server there.
The plugin also adds a few new Bamboo tasks. One of them is "Artifactory Maven". This task allows you to run a maven build, while resolving the build dependencies and deploying the build artifacts to Artifactory. For the deployment and resolution, the task configuration allows you to override the Artifactory user defined in the Bamboo administration. This allows you to deploy artifacts from different plans using different Artifactory users.
Important: the deployment to Artifactory happens during maven's install goal.
You can read more about the plugin in the Bamboo Artifactory Plugin User Guide
We are currently migrating from Nexus to Artifactory and one thing we are missing is an API call to resolve maven dependencies in artifactory. Nexus has this endpoint /service/local/dependency?r=snapshots,releases&c=&e=pom&s=compile&f=list&g=<my.group>&a=<my-artifact>&v=<my-version> which gives a compiled list of all, including transitive, depdendencies.
We need this because we (mis)use maven as a generic deployment/versioning system to create artifacts (zip files of shell scripts actually) and to manage depenedencies. These dependencies are also necessary for production deployments.
Since we migrate from Nexus we don't have builds accessible and I am not yet sure if we want to use them. Is there a way to get a rest endpoint like the nexus one in Artifactory? Maybe a user plugin? Any hints on how this could be done?
I need to set up my own maven repository, since some open sourced libraries are not in Maven Central. I want to use Nexus OSS, and then I can upload the libraries I need to Nexus OSS.
My question is, do I also need to upload those libraries that are originally in Maven Central and I can directly use in POM to Nexus OSS?
Nexus is a proxy for global repositories. You can define in Nexus configuration what repositories are you going to use. You do not need to upload libraries that are accessible from configured global repositories.
You can also host your own repository for your local libraries. Everything is configurable.
When you configure your Nexus you need to just connect to it trough maven config and all actions are done behind the scene. Don't worry about it.
All libraries that are needed to compile your project, firstly are downloaded to your Nexus and then from Nexus to your local repo.
For example this is the easiest way to configure Nexus with your maven:
Nexus - maven - Configuration
Not at all: In your local $userprofile/.m2/settings.xml file (as well as in every pom.xml, altough is not a good practice) you can define as many repositories as you want. And so, you will be able to reference artifacts published to different repositories.
I am having some doubts/queries about setting up Ondemand Bamboo instance. I am having cloud based Git repository. I want to checkout source code, build my project with Maven 3.x and access generated maven artifacts repository.
Q:do Ondemand Bamboo instance provide maven repository access ?
Cloubees is providing this facility: it provides a maven central proxy that's nexus based and a private repository. So, in case of Cloudbees, developer has to point to repository hosted at CloudBees location https://repository-myproject.forge.cloudbees.com/release
Q: Is the similar facility available with Ondemand Bamboo setup?
If yes, to access maven repository, do I need to keep my Bamboo's Image-instance always in 'START' mode?
IF No, how can I transfer artifacts to locally hosted Nexus server? Is it possible to FTP/ upload from Bamboo instance to different server?
Any help/hint will be appreciated. Thanks
On cloudbees, the default maven configuration is set so that those maven repositories are available by default, so you don't have anything to configure. I don't think bamboo embrace the maven build process such a way
We have recently decided to use Maven as build system. I'm responsible to migrate all the projects from Ant to Maven. We also decided to use Apache Archiva to configure an internal repository in the company.
I see that Archiva create two repositories by default (internal and snapshots). I also see that it configures the internal repository to proxy the central and java.net repositories.
Are there some best practices regarding Archiva configuration?
In the Archiva documentation, there is a possibility to configure Maven to use only the internal repository and then access the remote repository through the internal repository. What do you think about this option?
Thanks for your help
A Maven repository manager is essential to support Enterprise Maven development. The Maven installer is merely a bootstrap, running Maven for the first time downloads everything it needs from the Maven Central repository in order to compile your project.
The benefits of using a Maven repository aree documented elsewhere but I'll summarize:
Efficiency. Repository acts as a cache for Maven Central artifacts
Resilience. Repository protects against remote repository failures or lack of internet connection
Repeatability. Storing common artifacts centrally, avoids shared build failures caused by developers maintaining their own local repositories.
Audit. If all 3rd party libraries used by development come from a single entry point in the build process one can assess how often they're used (based on download log files) and what kinds of licensing conditions apply.
To that end I'd encourage you to use the following Archiva features:
Locking down to only use Archiva. Configure Maven clients download everything from Archiva.
Virtual repositories for each team. Configure all the remote repositories used by teams centrally in Archiva instead of leaving the details to the teams themselves.
PS
I use Nexus for my Maven repository management, but the same concepts apply.