Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/doc/user/packages/maven_repository/index.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/user/packages/maven_repository/index.md')
-rw-r--r--doc/user/packages/maven_repository/index.md77
1 files changed, 72 insertions, 5 deletions
diff --git a/doc/user/packages/maven_repository/index.md b/doc/user/packages/maven_repository/index.md
index eaa04404a1f..957374245d2 100644
--- a/doc/user/packages/maven_repository/index.md
+++ b/doc/user/packages/maven_repository/index.md
@@ -605,7 +605,7 @@ To publish a package by using Gradle:
gradle publish
```
-Now navigate to your project's **Packages & Registries** page and view the published artifacts.
+Now navigate to your project's **Packages and registries** page and view the published artifacts.
### Publishing a package with the same name or version
@@ -624,7 +624,7 @@ To prevent users from publishing duplicate Maven packages, you can use the [Grap
In the UI:
-1. For your group, go to **Settings > Packages & Registries**.
+1. For your group, go to **Settings > Packages and registries**.
1. Expand the **Package Registry** section.
1. Turn on the **Reject duplicates** toggle.
1. Optional. To allow some duplicate packages, in the **Exceptions** box, enter a regex pattern that matches the names and/or versions of packages you want to allow.
@@ -670,14 +670,20 @@ Downloading from gitlab-maven: http://gitlab.example.com/api/v4/projects/PROJECT
### Use Maven with `mvn dependency:get`
-You can install packages by using the Maven commands directly.
+You can install packages by using the Maven `dependency:get` [command](https://maven.apache.org/plugins/maven-dependency-plugin/get-mojo.html) directly.
1. In your project directory, run:
```shell
- mvn dependency:get -Dartifact=com.nickkipling.app:nick-test-app:1.1-SNAPSHOT
+ mvn dependency:get -Dartifact=com.nickkipling.app:nick-test-app:1.1-SNAPSHOT -DremoteRepositories=gitlab-maven::::<gitlab endpoint url> -s <path to settings.xml>
```
+ - `<gitlab endpoint url>` is the URL of the GitLab [endpoint](#use-the-gitlab-endpoint-for-maven-packages).
+ - `<path to settings.xml>` is the path to the `settings.xml` file that contains the [authentication details](#authenticate-to-the-package-registry-with-maven).
+
+NOTE:
+The repository IDs in the command(`gitlab-maven`) and the `settings.xml` file must match.
+
The message should show that the package is downloading from the Package Registry:
```shell
@@ -697,9 +703,70 @@ dependencies {
}
```
+### Request forwarding to Maven Central
+
+> [Introduced](<https://gitlab.com/gitlab-org/gitlab/-/issues/362657>) behind a [feature flag](../../feature_flags.md), disabled by default in GitLab 15.4
+
+FLAG:
+On self-managed GitLab, by default this feature is not available. To make it available, ask an administrator to [enable the feature flag](../../../administration/feature_flags.md) named `maven_central_request_forwarding`.
+On GitLab.com, this feature is not available.
+
+When a Maven package is not found in the Package Registry, the request is forwarded
+to [Maven Central](https://search.maven.org/).
+
+When the feature flag is enabled, administrators can disable this behavior in the
+[Continuous Integration settings](../../admin_area/settings/continuous_integration.md).
+
+There are many ways to configure your Maven project so that it will request packages
+in Maven Central from GitLab. Maven repositories are queried in a
+[specific order](https://maven.apache.org/guides/mini/guide-multiple-repositories.html#repository-order).
+By default, maven-central is usually checked first through the
+[Super POM](https://maven.apache.org/guides/introduction/introduction-to-the-pom.html#Super_POM), so
+GitLab needs to be configured to be queried before maven-central.
+
+[Using GitLab as a mirror of the central proxy](#setting-gitlab-as-a-mirror-for-the-central-proxy) is one
+way to force GitLab to be queried in place of maven-central.
+
+Maven forwarding is restricted to only the [project level](#project-level-maven-endpoint) and
+[group level](#group-level-maven-endpoint) endpoints. The [instance level endpoint](#instance-level-maven-endpoint)
+has naming restrictions that prevent it from being used for packages that don't follow that convention and also
+introduces too much security risk for supply-chain style attacks.
+
+#### Setting GitLab as a mirror for the central proxy
+
+To ensure all package requests are sent to GitLab instead of Maven Central,
+you can override Maven Central as the central repository by adding a `<mirror>`
+section to your `settings.xml`:
+
+```xml
+<settings>
+ <servers>
+ <server>
+ <id>central-proxy</id>
+ <configuration>
+ <httpHeaders>
+ <property>
+ <name>Private-Token</name>
+ <value>{personal_access_token}</value>
+ </property>
+ </httpHeaders>
+ </configuration>
+ </server>
+ </servers>
+ <mirrors>
+ <mirror>
+ <id>central-proxy</id>
+ <name>GitLab proxy of central repo</name>
+ <url>https://gitlab.example.com/api/v4/projects/{project_id}/packages/maven</url>
+ <mirrorOf>central</mirrorOf>
+ </mirror>
+ </mirrors>
+</settings>
+```
+
## Remove a package
-For your project, go to **Packages & Registries > Package Registry**.
+For your project, go to **Packages and registries > Package Registry**.
To remove a package, select the red trash icon or, from the package details, the **Delete** button.
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-11 22:48:41 +0300