Issue
We're using Google Cloud Build to build a Spring Boot application written in Java. However, we have a private Maven repository (hosted on Artifact Registry if that matters), and the application won't build unless it has access to this repository.
The cloudbuild.yaml
file looks like this:
steps:
- name: maven:3.8.6-eclipse-temurin-17-alpine
entrypoint: mvn
args: [ 'clean', 'verify', '-Dmaven.test.skip=true' ]
Usually, I add the credentials to the private maven repository to the ~/.m2/settings.xml
file.
What's the recommended approach to give Maven access to a private Maven repository when building the project with Google Cloud Build?
Solution
You can create an additional step in Google Cloud Build to generate credentials and store them in the file (~/.m2/settings.xml
), before running the maven step:
###### previous Cloud Build Steps ###
- name: 'bash'
args: ['./cloudbuild_credentials.sh'] ### <--- script to generate creds
dir: 'src' ### <--- directory might be different
id: 'generate-credentials'
env:
- PRIVATE_REPO_PASS=$_PRIVATE_REPO_PASS ### <--- keys might be passed to Cloud Build via Triggers
###### next Cloud Build Steps ###
An example how the script (cloudbuild_credentials.sh
) might look like (generates and saves ~/.m2/settings.xml
file with the sensitive data):
printf '
<settings>
<servers>
<server>
<id>private-repo</id>
<username>xyz</username>
<password>%s</password>
</server>
</servers>
</settings>
' "${PRIVATE_REPO_PASS}" > ~/.m2/settings2.xml
This way you commit only non-sensitive data to the repo, and you pass the key from the outside. For example via Google Cloud Build Triggers.
Answered By - star67
Answer Checked By - Terry (JavaFixing Volunteer)