distribution management repositories losing authentication settings

repaint-io / maven-tiles

Injecting maven configurations by composition rather than inheritance

155 stars 32 forks source link

distribution management repositories losing authentication settings #149

Closed notiriel closed 8 months ago

notiriel commented 9 months ago

By just creating a new MavenRepository, the authentication settings of the repositories get removed. The additional code reuses the existing repos before creating a new one without auth.

talios commented 9 months ago

Cheers for this - do you have an example project you could add as an IT test? Or adapt/copy the existing src/it/distributionManagemetTile test?

notiriel commented 8 months ago

adapting the src/it/distributionManagemetTile didn't work, since actual distribution is disabled. Also I didn't find a way to verify presence of authentication information from the log files (which is good from a security point of view). I therefore decided to write a gray box test to verify the functionality of the change.

talios commented 8 months ago

Cheers - that's merged. I'll look at getting that released tomorrow.

RobertTheBlair commented 8 months ago

I've been seeing similar issues with distribution management authentication being lost. Sadly this fix did not address it for my case. Started having problems since 2.37.
The issue is deep in a company repo, so will take some time to make a clean example. The workaround is to not use tiles to manage dependencyManagement settings.

When I have time, I'll try making a simple reproduction.

talios commented 8 months ago

@RobertTheBlair doh! Yeh - I always use the altDeploymentRepository property version in our release tile (which I still need to add an example to the doc).

If you can find a reproducible case that would be excellent!

RobertTheBlair commented 1 month ago

@talios I lost track of this request for a few months, but got reminded about this today. I have a workaround, putting the dependency management in all 150 pom files, or not upgrading tiles. What is notable is that without adding this section, the only thing seeming to be missing from the attempt to distribute is the credentials.

<distributionManagement>
        <repository>
            <id>xoom-maven-releases</id>
            <name>Xoom Releases Repository</name>
            <url>https://ourprivate-artifactory.com/maven-xoom-releases</url>
        </repository>
</distributionManagement>

eta: to be clear, please don't take this as a request to solve my problems on your dime.