We're using Google Cloud Build to build a Spring Boot application written in Java. However, we have a private Maven repository (hosted on Artifact Registry if that matters), and the application won't build unless it has access to this repository.
The cloudbuild.yaml file looks like this:
steps:
- name: maven:3.8.6-eclipse-temurin-17-alpine
entrypoint: mvn
args: [ 'clean', 'verify', '-Dmaven.test.skip=true' ]
Usually, I add the credentials to the private maven repository to the ~/.m2/settings.xml file.
What's the recommended approach to give Maven access to a private Maven repository when building the project with Google Cloud Build?
You can create an additional step in Google Cloud Build to generate credentials and store them in the file (~/.m2/settings.xml), before running the maven step:
###### previous Cloud Build Steps ###
- name: 'bash'
args: ['./cloudbuild_credentials.sh'] ### <--- script to generate creds
dir: 'src' ### <--- directory might be different
id: 'generate-credentials'
env:
- PRIVATE_REPO_PASS=$_PRIVATE_REPO_PASS ### <--- keys might be passed to Cloud Build via Triggers
###### next Cloud Build Steps ###
An example how the script (cloudbuild_credentials.sh) might look like (generates and saves ~/.m2/settings.xml file with the sensitive data):
printf '
<settings>
<servers>
<server>
<id>private-repo</id>
<username>xyz</username>
<password>%s</password>
</server>
</servers>
</settings>
' "${PRIVATE_REPO_PASS}" > ~/.m2/settings2.xml
This way you commit only non-sensitive data to the repo, and you pass the key from the outside. For example via Google Cloud Build Triggers.