Add support to pass Maven Global settings using CLI

[pavanvikas]

Is your feature request related to a problem? Please describe. As we are able to pass the Global settings through maven client as below, we need to have a similar option when using CLI as well. This will help users when we need to pass special Maven global settings while executing the build.

mvn -V -B -gs ${globalsettings}

Describe the solution you'd like to see We would like to pass Maven Global settings using JFrog CLI.

Describe alternatives you've considered There is no alternative to pass Maven Global settings when using CLI.

[yahavi]

@pavanvikas, This feature is already supported since the JFrog CLI passes the parameters to Maven as they are. To make it work, just add the jf (or jfrog for old versions) prefix in the beginning of the command:

jf mvn install -V -B -gs ${globalsettings} 

However, please notice that resolution and deployment servers may be overridden by the configuration created by the jf mvn-config command. For more information read the docs.

Please let me know if that helped.

[oallauddin]

@yahavi how do we use global settings with jf audit? trying to xray scan a maven project but want to use global settings instead of user settings. jf audit seems to only support user settings.

When I run jf audit it tries to pull dependencies from maven central instead of our artifactory because user settings do not exist.

jf audit --mvn --watches releases-watch

[main] ERROR org.apache.maven.DefaultMaven - [ERROR] Some problems were encountered while processing the POMs:
[FATAL] Could not transfer artifact artifact-version.pom from/to central (https://repo.maven.apache.org/maven2): transfer failed for https://repo.maven.apache.org/group/artifact/version/artifact-version.pom and 'parent.relativePath' points at wrong local POM 

[eyalbe4]

@oallauddin, Since Maven's settings.xml can conflict with JFrog CLI's repositories configuration, JFrog CLI doesn't use it. You can use the jf c add and jf mvnc commands to determine the resolution repositories.

[csturiale]

What if I need to use more repositories for dependencies resolution?

[yahavi]

@csturiale, You can create a Virtual Repository in Artifactory, containing your needed remote and local repositories. Read more about Virtual Repositories here.

Please let us know if that helped.

[csturiale]

Thanks @yahavi . I forgot to mention that all the different repositories or groups require different grants and permissions. We’ re managing it dynamically by creating the right maven settings accordong to the grant of the user who runs the job. For this reason the solution proposed by you cannot be applied

[yahavi]

Thanks for the response @csturiale. You can create an unlimited number and combinations of virtual repositories. What do I miss? Why isn't it possible to use one virtual repository for every use case?

[csturiale]

@yahavi , because grants and permissions are linked to ldap groups. You should create combinations for each project you’re supporting. Supposing that I m supporting 1000 projects and each project has its own Ldap group configured. Me, as user , I will be granted through ldap for project 1 and 2 and another user for project 3 and 4, what you suggested can be done for few users and conbinations(projects), but what if we have thousands of users and projects? Please, also, consider that permissions can change in ldap

[csturiale]

@yahavi any news on this issue? do you plan to fix it?

[shuvadipc]

Closing this. Original ask was addressed and for multiple repositories please consider the virtual repository offering from JFrog. Regarding concern with multiple projects, access control and related stuff, there are multiple automation tools available to kill that maintenance concern. For additional help with that automation, please reach out to JFrog's professional service team.