Clone maven repository (Archiva manager) - linux

I have an maven repository (managed with Archiva) in my environment to use it for application development. Since it is a mirror of central repository, it has all dependencies I need for my application.
If I want to give the application sources to someone who doesn't have external connection, how can I clone my Archiva repository on its environment? Is there a way to do that?
Thank you.

simply copy the disk content from repositories directory

Related

How to restrict exposing project settings file to all in mavenExecute step of cloud-s4-sdk pipeline?

We are working on the s4sdk pipeline implementation for delivery of SAP CloudFoundry applications (spring-boot micro-services) using the SAP Cloud SDK for Java.
We have multiple developers working on multiple micro-services but all these micro-services are having some common dependencies.
We want to control the versions for all the common dependencies from a central location.
For this we have created a Maven BOM (Bill of Materials) dependency and added it as the parent in pom.xml of all the micro-services.
The aforementioned BOM is housed in Nexus repository and all pom.xmls (of the micro-services) can access the parent using the repository tag like below.
<repository>
<id>my-repo</id>
<name>nexus-repo</name>
<url>http://some/url</url>
</repository> `
The credentials for the above nexus repository are placed in the settings.xml file.
We want to run the above model in the cloud-s4-sdk pipeline. Although it works fine, the problem is that we need to expose the nexus repo access credentials in the settings.xml file.
Per documentation in https://github.com/SAP/cloud-s4-sdk-pipeline/blob/master/configuration.md#mavenexecute, the settings.xml for maven builds needs to be placed relative to the
project root. This is a security concern for us as the project repository is in GitHub and as such projectSettingsFile can be accessed by the developers.
We don't want these credentials to be exposed to the developers. It should be limited to only the admin team.
Is there a way we can achieve this using the cloud-s4-sdk pipeline?
Although nexus facilitates user token for maven settings.xml, but that does not work here as GUI login is still possible using the token values.
I think you could consider the following options:
Allow anonymous read access for artifacts
The developers anyway need a way to build the artifacts locally. How could developers build your service without having access to a dependency. Allowing read access would also enable them to do that.
Commit credentials to git but make git repository private
If you don't want to allow all employees (I guess the only employees have access to your nexus), you can commit the credentials together with the settings.xml but make the repository private to not share these details.
Inject credentials as environment variable
You can inject the credentials as environment variable to your settings xml file. See also: How to pass Maven settings via environmental vars
The setup the environment variable you can surround the full pipeline in your Jenkinsfile with the withCredentials step. For details see: https://jenkins.io/doc/pipeline/steps/credentials-binding/
String pipelineVersion = "master"
node {
deleteDir()
sh "git clone --depth 1 https://github.com/SAP/cloud-s4-sdk-pipeline.git -b ${pipelineVersion} pipelines"
withCredentials([usernamePassword(credentialsId: 'nexus', usernameVariable: 'NEXUS_USERNAME', passwordVariable: 'NEXUS_PASSWORD')]) {
load './pipelines/s4sdk-pipeline.groovy'
}
}
and a settings.xml like:
<username>${env.NEXUS_USERNAME}</username>
<password>${env.NEXUS_PASSWORD}</password>

How do I access the Git included in microclimate?

I want to use microclimate installed on ICP with my local IDE and not the web IDE provided. How do I and my team access the GitLab to work on the code generated by microclimate? How do I commit my changes using my local IDE?
You can find information on how to integrate with your existing IDEs using the following url:
https://microclimate-dev2ops.github.io/howToIDE
Additionally, you can also import your project from GitLab and/or GitHub using the Import Project option and referencing the git repo location. To enable bi-directional code change between Microclimate and GIT, you need to run MicroClimate on ICP and enable the Pipeline.
Hope this helps!
Microclimate does not provide GitLab, but it will work with GitLab. https://docs.gitlab.com/ee/install/kubernetes/gitlab_chart.html provides instructions for installing GitLab onto Kubernetes. Once set up you should be able to interact with GitLab from your local IDE in the same way as you would with any other git server.

Bitbucket Pipelines access other node repository

I have enabled Bitbucket Pipelines in one of my node.js repositories to have it run the build on every commit. My repository depends on another node.js repository. For development I've linked the one to the other using npm link.
I've tried a git clone of that repository that is specified in the bitbucket-pipelines.yml file, but the build gets stuck on that command. I guess it's because git is asking for authentication at that point.
Is there a way to allow the container to access other repositories in the same team? Or is there a better way altogether on how to solve this? I'd also be fine with switching to another CI tool if Bitbucket Pipelines aren't capable of this – the only requirement is that it's free for teams < 5 people.
Btw. I'd like to avoid paying for npm private packages if possible.
Thanks!
You can organize access by ssh key for another repo like described in official docs https://confluence.atlassian.com/bitbucket/access-remote-hosts-via-ssh-847452940.html

how to set permission in Git?

I am new to Git and after I lots of searching I found that I must have set Linux permissions in my Git server.
But I want to know, is it possible to set permissions in Git?
I am working on a team about six people and I don't like to everyone on the team can access all the project for security reasons.
For example, If somebody in my team works on UI in my Store section I want to he/she have it's own branch but when he/she PULL the project with Git just have access to files and folders I let.
I have to add that I have my own Git server on a local network using Linux Debian and I'm using "SourceTree" as my GUI for Git and I have few experience on Git command line, so I need do it from GUI if possible.
Edited:
Does Git lab support permission like this: I have a repository that uses Laravel framework and I'd like to set permission for UI developers that only access views and PHP developers access some controllers not all the part of the controller in the project.
You can checkout GitLab: https://about.gitlab.com/ for this. Out of the box git does not support what you need/want.
No, Git doesn't manage this directly. Anyone with authentication credentials to the repository has access to the entire repository.
Traditionally, this is managed with third-party solutions, such as Gitolite, GitHub private repositories, and other systems.
In addition to other answers: if you want only certain parts of project to be accessible to each developer, you can use git submodules.
This is also preferable if project has logically and functionally separate parts. (Like front-end and back-end. )

Building projects with Maven offline without using M2 repo but using system jars

I have a requirement for a project in an open source operating system, to use Maven completely offline under nix environment. i.e. it should use the dependencies available in the system (probably at /usr/share/ + few other places?). Maven should not download any dependency from internet.
Is there a solution to achieve this? Creating the M2 repo in the system is not a viable solution. The issue is that the file system is read-only. We can only work on a temporary folder (/tmp for example) with write access. But maintaining a repo at a temporary location is a bad design, isn't it?
Saying it another way, the new to be installed maven project should use the existing packages in the system, if available. If packages does not exist, it should get installed separately ( via the package manager), and should not be copied to the m2 repo.
Is there any known way to do this?
Thanks for the help!
PS: Please note that I'm not asking about -o option to take it offline!
You can create your own "mirror" repository (Mirror of actual Maven repository on /tmp) and ask Maven to use that instead of remote repository.
Example :
http://maven.apache.org/guides/mini/guide-mirror-settings.html
I think you can create a local maven repository (with right folders tree and pom files), but use symbol links to jars in your write-only directory. Sure this solution is not easier then Shamit Verma's approach and you must write some code.
The approach we used is the following.
We've taken a decision to store m2 repo at /usr/share/maven-2/maven_home/m2_repo/. This isn't a temporary folder, and needs admin rights to write. But that isn't a problem since the installing packages also needs admin privileges.
We've symlinked the jars in the repo to point to system-level jars. i.e. we maintained the maven repository structure, but the jars were symlinked them to the system-jars. This means there's no unnecessary duplication and waste of space. We still keep the pom files in repo. The pom files were rewritten by a python script to match our needs.
Further, we refered dependencies with the system scope. For example,
<dependency>
<groupId>groupId</groupId>
<artifactId>artifactId</artifactId>
<version>666</version>
<scope>system</scope>
<systemPath>/usr/share/maven-core/lib/maven-core.jar</systemPath>
</dependency>
With system scope, it doesn't matter what the groupId:artifactId:version combination. It just picks the jar it find at <systemPath>

Resources