How to Set Up a Private Maven Repository in Amazon S3
Amazon S3 is a perfect place for keeping private Maven artifacts. I assume you keep public artifacts in Maven Central because you want them to be available to everybody. Private artifacts are those you don't want visible to anyone except members of your team. Thus, you want to deploy your .jar
files there and make sure they are visible only by your team. Here is how we do this in all our Java projects.
Create an S3 Bucket
First, you create a new S3 bucket. I would recommend you name it using your project domain and a prefix. For example, with repo.teamed.io
, repo
is a prefix and teamed.io
is the domain.
There's no need to configure any permissions for this bucket. Just create it through the Amazon S3 console.
Create an IAM User
Create a new IAM user. I recommend you name it like teamed-maven
if your project name is teamed
.
Add a new "inline policy" to the user:
{
"Statement": [
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::repo.teamed.io",
"arn:aws:s3:::repo.teamed.io/*"
]
}
]
}
Here, repo.teamed.io
is the name of the S3 bucket you created a minute ago.
Make sure you have an "access key" for this new user. It must look similar to this:
key: AKIAI9NNNJD5D7X4TUVA
secret: t5tZQCwuaRhmlOXfbGE5aTBMFw34iFyxfCEr32av
The key is 20 characters (all caps), and the secret is 40 characters.
Extend settings.xml
Add this configuration to your ~/.m2/settings.xml
file:
<settings>
<servers>
<server>
<id>repo.teamed.io</id>
<username>AKIAI9NNNJD5D7X4TUVA</username>
<password>t5tZQCwuaRhmlOXfbGE5aTBMFw34iFyxfCEr32av</password>
</server>
[...]
</servers>
[...]
</settings>
Configure pom.xml
Add this configuration to pom.xml
:
<project>
<distributionManagement>
<snapshotRepository>
<id>repo.teamed.io</id>
<url>s3://repo.teamed.io/snapshot</url>
</snapshotRepository>
<repository>
<id>repo.teamed.io</id>
<url>s3://repo.teamed.io/release</url>
</repository>
</distributionManagement>
<repositories>
<repository>
<id>repo.teamed.io</id>
<url>s3://repo.teamed.io/release</url>
</repository>
</repositories>
[...]
</project>
Then, configure S3 Wagon, also in pom.xml
:
<project>
<build>
<extensions>
<extension>
<groupId>org.kuali.maven.wagons</groupId>
<artifactId>maven-s3-wagon</artifactId>
<version>1.2.1</version>
</extension>
</extensions>
[...]
</build>
</project>
You're ready to go. You can deploy your artifacts just by running Maven from the command line:
$ mvn clean deploy
Configure s3auth.com
Now you want to see these artifacts in your browser, in a secure mode, by providing secure credentials. I recommend you use s3auth.com, as explained in Basic HTTP Auth for S3 Buckets.
Configure Rultor
Another recommendation is to configure rultor.com for deployment of your artifacts to S3 automatically.
First, encrypt your settings.xml
with this Rultor remote:
$ gem install rultor
$ rultor encrypt -p me/test settings.xml
Instead of me/test
, you should use the name of your GitHub project.
As a result, you will get a new file named settings.xml.asc
. Add it to the root directory of your project, then commit and push. The file contains your secret information, but only the Rultor server can decrypt it.
Create a .rultor.yml
file in the root directory of your project (The Rultor reference page explains this format in greater detail):
decrypt:
settings.xml: "repo/settings.xml.asc"
deploy:
script: |
mvn clean deploy --settings ../settings.xml
Now it's time to see how it all works together. Create a new ticket in the GitHub issue tracker and post something like this into it (read more about Rultor commands):
@rultor deploy
You will get a response in a few seconds. The rest will be done by Rultor.