How do I use Jenkins credentials when running ‘mvn deploy’?
I have a Maven project and want to build it with mvn clean deploy to deploy the built artifact into a nexus repository.
Access data (username and password) for this repository is stored in Jenkins credentials.
I want to call mvn deploy in Jenkins to read the credentials for that Nexus repository from Jenkins (not hard-coded in settings.xml).
What should I do if I can’t access the settings.xml on the Jenkins server?
Update 1:
I created an entry in Profile Management (JENKINS_URL/configfiles/index) with the following data:
Type: Maven settings.xml
Replace All: Yes
Server ID: myServer
Credentials: Credentials for the Nexus repository
Contents:
<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
<servers>
<server>
<id>myServer</id>
<username>foo</username>
<password>bar</password>
</server>
</servers>
</settings>
myServer is also used for pom.xml of the artifact I’m building
<distributionManagement>
<repository>
<id>myServer</id>
<url>http://nexus.mycompany.com</url>
</repository>
</distributionManagement>
In the configuration of the job, I included the settings shown below. Nexus settings.xml is a configuration in Config File Management.
But it doesn’t work – I get a “forbidden” error when the build tries to deploy the artifact to Nexus.
Update 2: When I run mvn -X deploy locally (stored in my local settings.xml with the same credentials as in Jenkins, I see the following output:
[DEBUG] Failed to decrypt password for server XXX release repository: org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException: java.io.FileNotFoundException: /XXXXXXXXXXXXXXX/.m2/settings-security.xml (No such file or directory)
org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException: org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException: java.io.FileNotFoundException: /XXXXXXXXXXXXXXX/.m2/settings-security.xml (No such file or directory)
at org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher.decrypt(DefaultSecDispatcher.java:121)
at org.apache.maven.settings.crypto.DefaultSettingsDecrypter.decrypt(DefaultSettingsDecrypter.java:107)
at org.apache.maven.settings.crypto.DefaultSettingsDecrypter.decrypt(DefaultSettingsDecrypter.java:63)
at org.apache.maven.internal.aether.DefaultRepositorySystemSessionFactory.newRepositorySession(DefaultRepositorySystemSessionFactory.java:165)
However, the password in settings.xml is not encrypted at all:
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
https://maven.apache.org/xsd/settings-1.0.0.xsd">
<localRepository/>
<interactiveMode/>
<offline/>
<pluginGroups/>
<servers>
<server>
<id>NEXUS_REPOSITORY_SNAPSHOTS</id>
<username>user</username>
<password>password</password>
</server>
</servers>
<mirrors/>
<proxies/>
<profiles/>
<activeProfiles/>
</settings>
I found a report of a similar error here
Solution
You can use the Jenkins config-file-provider plugin (link: https://plugins.jenkins.io/config-file-provider/) Create one or more Maven settings.xml files.
NOTE: Really this helps also if you need differents settings.xml for
different projects.
Then in the maven deployment step of the Jenkins project, you can choose to point to one of the defined settings.xml files (instead of pointing to the generic Jenkins server/.m2/settings.xml).