0

So I got a self-hosted instance of drone running on my server alongside a nexus3 repository. Now I have a java project that should be built, tested and then deployed into the repository every push, which works fine until we get to the deployment part. I found the plugin on the official site for plugins, Maven Auth which is supposed to create a settings.xml based on the configuration, that works (made my pipeline output the contents of the file via cat and showed a valid settings.xml file). The next step is configured to run

mvn deploy -B -s settings.xml

For some reason, maven doesn't use the username and password provided in the settings.xml (the server always returns an Unauthorized 401 error)

Entire .drone.yml:

kind: pipeline
name: default
type: docker

steps:
  - name: compile
    image: maven:3-jdk-8
    commands:
      - mvn compile -B -U
    when:
      event:
        - push
  - name: test
    image: maven:3-jdk-8
    commands:
      - mvn test -B
    when:
      event:
        - push
  - name: authenticate
    image: robertstettner/drone-mvn-auth
    settings:
      servers:
        - id: some-id (same in pom.xml distribution repos)
          username: username
          password:
            from_secret: repo_password
  - name: deploy_repo
    image: maven:3-jdk-8
    commands:
      - mvn deploy -B -gs settings.xml
    when:
      event:
        - push

Some advice why this doesn't work would be dope! Thanks in advance!

Edit 2: So I investigated further and installed mitmproxy on my server to analyze the traffic (Client -> Nginx SSL termination proxy -> mitmproxy -> running nexus).

To authorize apparently maven uses a header called "Authorization". And the content is "Basic " + username:password encoded in base64.

Turns out, the content of the Authorization header from the request the drone instance issues is malformed. Decoded it looks like this:

Authorization: Basic USERNAME:[object Object]

instead of

Authorization: Basic USERNAME:password

I am going to try getting around the

password:
  from_secret: repo_password

and hope the settings.xml file is the generated properly

Md5Lukas
  • 1
  • 5
  • I would start with testing whether the *settings.xml* file is ok by trying to deploy a simple maven "hello world" project and then moving on. Also you can try setting the credentials yourself, it's not that complicated (instead of relying on 3rd party). – eugen-fried Feb 15 '20 at 16:29

1 Answers1

0

After trying for multiple hours (and failing) trying to get this plugin to work I now decided to use a custom step to create the settings.xml using environment variables. Just set the secret "repo_username" to the username and the secret "repo_password" to the password and you should be good to go.

  - name: create settings.xml
    image: alpine:latest
    environment:
      REPO_ID: sytm-nexus
      REPO_USERNAME:
        from_secret: repo_username
      REPO_PASSWORD:
        from_secret: repo_password
    commands:
      - echo '<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd"><servers><server><id>'$REPO_ID'</id><username>'$REPO_USERNAME'</username><password>'$REPO_PASSWORD'</password></server></servers></settings>' > settings.xml

Edit: As that solution was too hacky for me I created my own drone plugin, which can be found here

Md5Lukas
  • 1
  • 5