[Java] How to create a Maven repository for 2020

6 minute read

Introduction

As a Java engineer, I think that Maven repositories are quite common. I use it even with Gradle.

How do you manage your own library as OSS etc. drop from central repository? If you’re developing locally, mvn install is fine, but if you’re doing CI / CD or sharing libraries with your team or organization, that’s not the case.

This time, I have summarized the method for publishing the library created with Maven. By the way, as of August 2020, the recommended method is to use GCS as a repository.

  • -Register with Maven Central Repository
  • Set up OSS repository server
  • Use GitHub Pages
  • Use GitHub Packages + Actions
  • -Build a repository on S3 / GCS / Azure Blob
  • -GCP Artifact Registry

Register with Maven Central Repository

This is the most straightforward procedure. The registration procedure is a little annoying, but the fact that there is no additional repository work when using it is a big advantage. I think it should be used when you want to expand the users as an OSS library.

Set up OSS repository server

The next possibility is to set up an OSS repository server. This may be common for internal repositories. Nexus Repository ManagerandJFrogartifactory are famous. If you want to make it in a rush, you can also publish the .m2 repository of CI server such as Jenkins with Apache etc. It can not be managed in detail, but it works, so it is an option when you want to make quickly with minimum functions.

Use GitHub Pages

There is a way to utilize “Github Pages” that can host static content on GitHub. It was popular a long time ago. The basic idea is to deploy the library locally with mvn deploy and push it on Github with mvn site. It is quite convenient because you can leave security/availability to GitHub.

The detailed procedure is explained in detail on the following site.

This is a convenient way to make your own library publicly available. It’s free.

Use #GitHub Packages + Actions

Using GitHub Pages as a Maven repository is a bit hacky, but recently maven libary can be published as a formal method as GitHub Packages.

First, register the deploy destination in pom.xml as follows.

pom.xml


    <distributionManagement>
        <repository>
            <id>github</id>
            <name> GitHub OWNER Apache Maven Packages </ name>
            <url>https://maven.pkg.github.com/{YOUR_NAME}/{YOUR_PRJ_NAME}</url>
        </repository>
    </distributionManagement>

You can do it manually, but it is troublesome to manage the private key, so I will use Actions.

.github/workflows/maven-publish.yml


name: Publish jl2-web library
on: [workflow_dispatch]
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    --uses: actions / checkout @ v2
    -name: Set up JDK 11
      uses: actions/[email protected]
      with:
        java-version: 11
        server-id: github # Value of the distributionManagement / repository / id field of the pom.xml
        settings-path: $ {{github.workspace}} #location for the settings.xml file
    --name: Build with Maven
      run: mvn -B package --file jl2-web/pom.xml
    -name: Publish to GitHub Packages Apache Maven
      run: mvn deploy -s $GITHUB_WORKSPACE/settings.xml --file jl2-web/pom.xml
      env:
        GITHUB_TOKEN: $ {{github.token}}

CI/CD works with GitHub Actions based on this YAML. If you use GITHUB_TOKEN, you probably don’t need to manage a special settings.xml.

Then a link is created from the GitHub repository as shown below. image.png![image.png]](Https://qiita-image-store.s3.ap-northeast-1.amazonaws.com/0/54904/bd18a699-f95c-69e4-1c15-79c333b30142.png)

When using the library deployed here, add a dependency repository like the following pom.xml.

pom.xml


    <repositories>
        <repository>
            <id>github</id>
            <name>NKLab repository</name>
            <url>https://maven.pkg.github.com/{YOUR_NAME}/{YOUR_PRJ_NAME}</url>
        </ repository>
    </repositories>

It is very convenient to combine with GitHub Actions, but there are the following issues.

  • a) I didn’t know how to set the public setting without password.
  • b) Permission management when putting multiple libraries in one repository

It’s just an issue, I just don’t know how to do it, but it seems that a doesn’t support it at this point. As for b, I understand that you can do it by using Personal access token etc. But I do not know how to use GITHUB_TOKEN and it is a little pending.

It is convenient to be integrated with GitHub Actions, and there is no problem if authentication is required if it is an in-house library, so I think it is very convenient when developing a team using GitHub. You can choose between a paid plan and a free plan.

Build a repository in GCS by linking with Maven Plugin

How to build on object storage like S3, GCS, Azure Blob.

Although it is not completely free, object storage is cheap enough for each company, and I think that it is convenient for those who are already using it because authority management can be done with IAM of each cloud instead of Maven account management. I use GCP, and I also use CloudBuild, so this is the easiest.

It is easy to use, and you can set extension or extension in pom.xml as follows. The latest version is 2.3, but there is a bug in GCS support, so we recommend 1.7.

<distributionManagement>
    <snapshotRepository>
        <id>nklab-snapshot</id>
        <url>gs://{bucket name}/snapshot</url>
    </snapshotRepository>
</distributionManagement>
<build>
    <extensions>
        <extension>
            <groupId>com.gkatzioura.maven.cloud</groupId>
            <artifactId>google-storage-wagon</artifactId>
            <version>1.7</version>
        </extension>
    </extensions>
</build>

Enter arbitrary bucket name and folder name in url. For the time being, I have named the Snapshot Repository snapshot. Of course you can deploy other than SnapShot by adding the repository tag.

<distributionManagement>
    <snapshotRepository>
        <id>my-repo-bucket-snapshot</id><url>gs://mavenrepository/snapshot</url>
    </snapshotRepository>
    <repository>
        <id>my-repo-bucket-release</id>
        <url>gs://mavenrepository/release</url>
    </ repository>
</distributionManagement>

Then deploy with the following command.

mvn -B deploy

At this time, permission management will be IAM, so if you want to deploy locally to GCS, you need to specify the service account key file as an environment variable as follows. Well, that’s a familiar method with GCP. You can also authenticate by logging in with gcloud auth login –brief.

GOOGLE_APPLICATION_CREDENTIALS=~/seacret/mybuild-1632c221dd5c.json mvn -B deploy

When using it, add it to the pom.xml dependency as follows.

<repositories>
    <repository>
        <id> my-repos </ id>
        <name>My repository</name>
        <url>https://storage.googleapis.com/{bucket name}/snapshot/</url>
    </ repository>
</repositories>

When building from CloudBuild etc., there is no problem as long as you set the GCS side. Those who are accustomed to GCP will find this method useful because it is the same as the normal control of GCS, including the public setting.

GCP Artifact Registry

It is a service that is a successor or an advanced version of Google’s Container Registry. Originally, it only supports Docker Container, but currently Maven and nodejs are also supported as α version.

https://cloud.google.com/artifact-registry?hl=ja

Here, the back end is GCS, but it also has various functions such as automation of security scans, and it is a service that I personally pay attention to. Since GCP is the main platform, it seems to be compatible with other systems such as CloudBuild.

However, this is an alpha version as of 2020/08, so you cannot use it unless you apply. I applied for it for the time being, but I haven’t tried it yet. I feel that it will be available to general users as β from autumn to the end of the year.

Summary

Maven repository hosting is a tedious problem because it is a hassle, but recently there are quite a few options besides hosting OSS yourself. It is also important as a part to realize CI/CD, so I would like to make good use of this area so that I can easily share/publish in-house libraries and personal libraries.

See you Happy Hacking!