Access to private Maven Repository from Google Cloud Build?-CodePudding

We're using Google Cloud Build to build a Spring Boot application written in Java. However, we have a private Maven repository (hosted on Artifact Registry if that matters), and the application won't build unless it has access to this repository.

The cloudbuild.yaml file looks like this:

steps:
  - name: maven:3.8.6-eclipse-temurin-17-alpine
    entrypoint: mvn
    args: [ 'clean', 'verify', '-Dmaven.test.skip=true' ]

Usually, I add the credentials to the private maven repository to the ~/.m2/settings.xml file.

What's the recommended approach to give Maven access to a private Maven repository when building the project with Google Cloud Build?

CodePudding user response：

You can create an additional step in Google Cloud Build to generate credentials and store them in the file (~/.m2/settings.xml), before running the maven step:

###### previous Cloud Build Steps ###

- name: 'bash'
  args: ['./cloudbuild_credentials.sh'] ### <--- script to generate creds
  dir: 'src'                            ### <--- directory might be different
  id: 'generate-credentials'
  env:
      - PRIVATE_REPO_PASS=$_PRIVATE_REPO_PASS ### <--- keys might be passed to Cloud Build via Triggers

###### next Cloud Build Steps ###

An example how the script (cloudbuild_credentials.sh) might look like (generates and saves ~/.m2/settings.xml file with the sensitive data):

printf '
<settings>
    <servers>
        <server>
            <id>private-repo</id>
            <username>xyz</username>
            <password>%s</password>
        </server>
    </servers>
</settings>
' "${PRIVATE_REPO_PASS}" > ~/.m2/settings2.xml

This way you commit only non-sensitive data to the repo, and you pass the key from the outside. For example via Google Cloud Build Triggers.