How to create a Maven repository for 2020
Introduction
I think Java engineers use Maven repositories very often for some reason. I use it even with Gradle.
How do you manage your own library, assuming that OSS etc. will be dropped from the central repository? If you're developing locally, mvn install is fine, but if you're doing CI / CD or sharing libraries with your team or organization, that's not the case.
So this time I summarized how to publish the library created by Maven. By the way, as of August 2020, the recommended method is to use GCS as a repository.
--Register with Maven Central Repository --Set up an OSS repository server --Use GitHub Pages --Use GitHub Packages + Actions --Build a repository in S3 / GCS / Azure Blob
- GCP Artifact Registry
Register with Maven Central Repository
This is the most straightforward procedure. The registration procedure is a bit cumbersome, but it's a big advantage that there is no need to add a repository when using it. I think it is good to use it when you want to expand the users as an OSS library.
Set up an OSS repository server
The next thing you can think of is setting up an OSS repository server. This may be common for internal repositories. Nexus Repository Manager and JFrog artifactory are famous. If you want to make it by rushing, you can also publish the .m2 repository of CI server such as Jenkins with Apache etc. I can't manage it in detail, but it works, so it's an option when you want to make it quickly with the minimum functions.
Use GitHub Pages
There is a way to utilize "Github Pages" that can host static content on GitHub. It was popular a long time ago.
The basic idea is to deploy the library locally with mvn deploy and push it on Github with mvn site. It's quite convenient because you can leave security / availability to GitHub.
The detailed procedure is explained in detail on the following site.
-[Small story] I made a simple Maven repository using GitHub Pages
This is a convenient way to publish your own library to Public. It's free.
Use GitHub Packages + Actions
Using GitHub Pages as a Maven repository is a bit hacky, but recently it has become possible to publish maven libary as a formal method as GitHub Packages.
-[Configure Apache Maven for use with GitHub Packages](https://docs.github.com/en/packages/using-github-packages-with-your-projects-ecosystem/configuring-apache-maven- for-use-with-github-packages)
First, register the deployment destination in pom.xml as follows.
pom.xml
<distributionManagement>
<repository>
<id>github</id>
<name>GitHub OWNER Apache Maven Packages</name>
<url>https://maven.pkg.github.com/{YOUR_NAME}/{YOUR_PRJ_NAME}</url>
</repository>
</distributionManagement>
You can do it manually, but managing the private key is a hassle, so use Actions.
.github/workflows/maven-publish.yml
name: Publish jl2-web library
on: [ workflow_dispatch ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up JDK 11
uses: actions/setup-java@v1
with:
java-version: 11
server-id: github # Value of the distributionManagement/repository/id field of the pom.xml
settings-path: ${{ github.workspace }} # location for the settings.xml file
- name: Build with Maven
run: mvn -B package --file jl2-web/pom.xml
- name: Publish to GitHub Packages Apache Maven
run: mvn deploy -s $GITHUB_WORKSPACE/settings.xml --file jl2-web/pom.xml
env:
GITHUB_TOKEN: ${{ github.token }}
CI / CD works on GitHub Actions based on this YAML. If you use GITHUB_TOKEN, you probably don't need to manage the special settings.xml.
Then a link will be created from the GitHub repository as shown below.
When using the library deployed here, add the dependent repository as shown in pom.xml below.
pom.xml
<repositories>
<repository>
<id>github</id>
<name>NKLab repository</name>
<url>https://maven.pkg.github.com/{YOUR_NAME}/{YOUR_PRJ_NAME}</url>
</repository>
</repositories>
It's very convenient in combination with GitHub Actions, but it has the following issues.
--a) I didn't know how to set up public without a password --b) Permission management when putting multiple libraries in one repository
It's a challenge, or just I don't know how to do it, but somehow a doesn't seem to support it at this time. Regarding b, I understand that it can be done by using Personal access token etc., but I do not know how to do it with GITHUB_TOKEN and it is a little pending.
It is convenient to be integrated with GitHub Actions, and there is no problem if authentication is required if it is an in-house library, so I think it is very convenient when developing a team using GitHub. You can choose between a paid plan and a free plan.
Build a repository in GCS by linking with Maven Plugin
How to build on object storage like S3, GCS, Azure Blob.
Although it is not completely free, object storage is cheap enough for each company, and I think that it is convenient for those who are already using it because authority management can be done with IAM of each cloud instead of Maven account management. I'm using GCP and I'm also using CloudBuild, so this is the easiest.
It's easy to use, and you can set the plugin or extension in pom.xml as follows. The latest is 2.3, but we recommend using 1.7 because there is a bug in GCS support.
<distributionManagement>
<snapshotRepository>
<id>nklab-snapshot</id>
<url>gs://{Bucket name}/snapshot</url>
</snapshotRepository>
</distributionManagement>
<build>
<extensions>
<extension>
<groupId>com.gkatzioura.maven.cloud</groupId>
<artifactId>google-storage-wagon</artifactId>
<version>1.7</version>
</extension>
</extensions>
</build>
Enter any bucket name and folder name in ʻurl. For the time being, I'm naming the Snapshot Repository snapshot. Of course, you can deploy other than SnapShot by adding the repository` tag.
<distributionManagement>
<snapshotRepository>
<id>my-repo-bucket-snapshot</id>
<url>gs://mavenrepository/snapshot</url>
</snapshotRepository>
<repository>
<id>my-repo-bucket-release</id>
<url>gs://mavenrepository/release</url>
</repository>
</distributionManagement>
Then deploy with the following command.
mvn -B deploy
At this time, authority management will be IAM, so if you want to deploy locally to GCS, you need to specify the key file of the service account in the environment variable as follows. Well, it's a familiar method on GCP. You can also authenticate by logging in with gcloud auth login –brief.
GOOGLE_APPLICATION_CREDENTIALS=~/seacret/mybuild-1632c221dd5c.json mvn -B deploy
If you want to use it, add it to pom.xml dependency as follows.
<repositories>
<repository>
<id>my-repos</id>
<name>My repository</name>
<url>https://storage.googleapis.com/{Bucket name}/snapshot/</url>
</repository>
</repositories>
When building from CloudBuild etc., there is no problem as long as you set the GCS side. This method is convenient for those who are accustomed to GCP because it is the same as the normal control of GCS including the public setting.
GCP Artifact Registry
It is a service that is a successor or an advanced version of Google's Container Registry. Originally it only supports Docker Container, but now Maven and nodejs are also supported as alpha version.
https://cloud.google.com/artifact-registry?hl=ja
Here, the back end is GCS, but it also has various functions such as automation of security scans, and it is a service that I personally pay attention to. Since GCP is the main platform for me, it seems to be compatible with each system such as Cloud Build.
However, this is an alpha version as of 08/08/2020, so you cannot use it unless you apply. I applied for it for the time being, but I haven't tried it yet. From autumn to the end of the year, I feel that it will be available to general users as β.
Summary
Hosting Maven repositories is a hassle, so it's a nasty problem, but lately there are quite a few options other than hosting OSS yourself. It is also important as a part that realizes CI / CD, so I would like to make good use of this area so that I can easily share / publish in-house libraries and personal libraries.
Then Happy Hacking!
Recommended Posts