From 0a167c301c31e4667ee334b09ada90e07bdd0fae Mon Sep 17 00:00:00 2001 From: Vadim Kharin Date: Wed, 8 Jul 2026 15:54:11 +0300 Subject: [PATCH 01/11] docs(maven-rate-limit): add documentation about configuration maven caching repository --- _docs/kb/articles/maven-rate-limit.md | 370 ++++++++++++++++++++++++++ 1 file changed, 370 insertions(+) create mode 100644 _docs/kb/articles/maven-rate-limit.md diff --git a/_docs/kb/articles/maven-rate-limit.md b/_docs/kb/articles/maven-rate-limit.md new file mode 100644 index 000000000..918663c30 --- /dev/null +++ b/_docs/kb/articles/maven-rate-limit.md @@ -0,0 +1,370 @@ +--- +title: "Maven Central Repository rate limiting in Pipelines" +description: +group: kb +sub-group: articles +toc: true +kb: true +ht: false +common: false +categories: [Pipelines] +support-reviewed: 2023-04-18 LG +--- + +## Overview + +The build failed with following error during execution of maven commands: +```shell +Exception in thread "main" java.io.IOException: Server returned HTTP response code: 429 for URL: https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.6/apache-maven-3.8.6-bin.zip +``` + +## Details + +Codefresh SaaS pipelines share a single egress IP. Maven Central (operated by Sonatype) rate-limits traffic per IP, and the combined volume from all customers running on shared runtimes can trigger that limit — causing your builds to fail with HTTP 429 Too Many Requests. + +This issue only affects pipelines running on Codefresh shared SaaS runtimes: + + system/linux_paying_plan + system/linux_non_paying_plan + system/codefresh-enterprise + system/plan/linux + +If your pipelines run on a hybrid runner (your own Kubernetes cluster), your builds already use your own egress IP and are not affected by this issue. + +The fix is straightforward: route your Maven dependency downloads through a caching proxy that sits between your pipeline and Maven Central. After the first download of each artifact, all subsequent requests are served from the cache — Maven Central never sees repeated traffic from your builds. + +## Configure Maven Proxy Cache using AWS CodeArtifact + +### Step 1: Create a CodeArtifact domain and repository +```shell +# Create a domain (one per AWS account is typical) +aws codeartifact create-domain --domain my-org + +# Create a Maven repository with Maven Central as upstream +aws codeartifact create-repository \ + --domain my-org \ + --repository maven-proxy \ + --description "Maven Central caching proxy" + +# Connect it to Maven Central +aws codeartifact associate-external-connection \ + --domain my-org \ + --repository maven-proxy \ + --external-connection public:maven-central +``` +### Step 2: Get your repository endpoint + +```shell +# Create a domain (one per AWS account is typical) +aws codeartifact create-domain --domain my-org + +# Create a Maven repository with Maven Central as upstream +aws codeartifact create-repository \ + --domain my-org \ + --repository maven-proxy \ + --description "Maven Central caching proxy" + +# Connect it to Maven Central +aws codeartifact associate-external-connection \ + --domain my-org \ + --repository maven-proxy \ + --external-connection public:maven-central +``` +### Step 3: Configure ~/.m2/settings.xml + +```yaml + + + + + codeartifact + aws + + ${env.CODEARTIFACT_AUTH_TOKEN} + + + + + + codeartifact + CodeArtifact Maven Central Proxy + https://my-org-123456789012.d.codeartifact.us-east-1.amazonaws.com/maven/maven-proxy/ + + external:* + + + + +``` +### Step 4: Add a token refresh step to your Codefresh pipeline +CodeArtifact auth tokens expire every 12 hours, so you need to fetch a fresh one at the start of each build. Add this as the first step in your pipeline: +```yaml +version: "1.0" + +steps: + clone: + title: "Cloning repository" + type: "git-clone" + repo: "${{CF_REPO_OWNER}}/${{CF_REPO_NAME}}" + revision: "${{CF_BRANCH}}" + git: "github" + + get_codeartifact_token: + title: Refresh CodeArtifact auth token + image: amazon/aws-cli + working_directory: "${{clone}}" + commands: + - echo CODEARTIFACT_AUTH_TOKEN=$(aws codeartifact get-authorization-token --domain codefresh-org --domain-owner ${DOMAIN_OWNER} --region us-east-1 --query authorizationToken --output text) >> ${{CF_VOLUME_PATH}}/env_vars_to_export + + build: + title: Maven build + image: maven:3.9-eclipse-temurin-21 + working_directory: "${{clone}}" + commands: + - mvn -s ci/settings.xml clean install +``` + +## Configure Maven Proxy Cache using Google Artifact Registry +### Step 1: Create a Remote Repository +```shell +gcloud artifacts repositories create maven-proxy \ + --project=YOUR_PROJECT_ID \ + --repository-format=maven \ + --location=us-east1 \ + --description="Maven Central caching proxy" \ + --mode=remote-repository \ + --remote-mvn-repo=MAVEN-CENTRAL +``` + +### Step 2: Get the repository URL +Your proxy URL follows this pattern: +```shell +https://LOCATION-maven.pkg.dev/PROJECT_ID/REPOSITORY_NAME/ +# Example: +https://us-east1-maven.pkg.dev/my-project/maven-proxy/ +``` +### Step 3: Configure ~/.m2/settings.xml +```yaml + + + + + artifact-registry + _json_key + ${env.GOOGLE_JSON_KEY_FILE} + + + + + + artifact-registry + GCP Artifact Registry — Maven Central Proxy + https://LOCATION-maven.pkg.dev/PROJECT_ID/REPOSITORY_NAME/ + central + + + + +``` +### Step 4: Authenticate in Codefresh pipeline +Store your service account json key file as a Codefresh secret variable named `GOOGLE_JSON_KEY_FILE`. Maven picks it +up automatically via the `${env.GOOGLE_JSON_KEY_FILE}` reference in `settings.xml`. + +```yaml +version: "1.0" + +steps: + clone: + title: "Cloning repository" + type: "git-clone" + repo: "${{CF_REPO_OWNER}}/${{CF_REPO_NAME}}" + revision: "${{CF_BRANCH}}" + git: "github" + + build: + title: Maven build + image: maven:3.9-eclipse-temurin-21 + working_directory: "${{clone}}" + commands: + - mvn -s ci/settings.xml clean install +``` + +## Configure Maven Proxy Cache using Azure Artifacts +### Step 1: Create a feed with Maven Central upstream + +1. In Azure DevOps, go to **Artifacts** → **Create Feed** +2. Name your feed (e.g. `maven-proxy`) +3. Check **"Include packages from common public sources"** — this enables Maven Central + as an upstream automatically +4. Click **Create** + +To add Maven Central to an existing feed manually: + +1. Open your feed → gear icon → **Upstream sources** +2. Click **Add Upstream** → **Public source** +3. Select **Maven Central** (`https://repo.maven.apache.org/maven2/`) +4. Click **Save** + +### Step 2: Get your feed URL + +Your feed URL follows this pattern: + +``` +https://pkgs.dev.azure.com/ORGANIZATION/PROJECT/_packaging/FEED_NAME/maven/v1 +``` + +### Step 3: Generate a Personal Access Token + +In Azure DevOps: **User Settings** → **Personal Access Tokens** → **New Token** + +Set scope: **Packaging → Read & write** + +### Step 4: Configure `~/.m2/settings.xml` + +```xml + + + + + azure-artifacts + AzureDevOps + ${env.AZURE_ARTIFACTS_PAT} + + + + + + azure-artifacts + Azure Artifacts — Maven Central Proxy + https://pkgs.dev.azure.com/MY_ORG/MY_PROJECT/_packaging/maven-proxy/maven/v1 + external:* + + + + +``` + +### Step 5: Set the PAT in your Codefresh pipeline + +Store your PAT as a Codefresh secret variable named `AZURE_ARTIFACTS_PAT`. Maven picks it +up automatically via the `${env.AZURE_ARTIFACTS_PAT}` reference in `settings.xml`. + +```yaml +version: "1.0" + +steps: + clone: + title: "Cloning repository" + type: "git-clone" + repo: "${{CF_REPO_OWNER}}/${{CF_REPO_NAME}}" + revision: "${{CF_BRANCH}}" + git: "github" + + build: + title: Maven build + image: maven:3.9-eclipse-temurin-21 + working_directory: "${{clone}}" + commands: + - mvn -s ci/settings.xml clean install +``` + +## Configure Maven Proxy Cache using Self-Hosted Nexus Repository Manager + +Nexus OSS is free. Infrastructure cost depends on your setup — a minimal deployment (2 vCPU, 4 GB RAM, 100 GB storage) runs roughly $60–120/month on most cloud providers. A production-grade setup with SSD storage and egress is closer to $200–500/month. + +>_**Note**:_ +> +>The reason the YAML editor does not catch this at this time is because it istechnically a valid YAML file. + + +### Step 1 — Deploy Nexus OSS to your cluster + +Use [official sonatype documentation](https://help.sonatype.com/en/install-nexus-repository.html) to check requirements for Nexus repository installation. + +### Step 2: Configure a Maven proxy repository in Nexus + +1. Open the Nexus UI (typically `http://nexus.your-domain.com`) +2. Log in (default credentials: admin / check `/nexus-data/admin.password`) +3. Go to **Settings** → **Repositories** → **Create repository** +4. Choose **maven2 (proxy)** +5. Set: + - **Name:** `maven-central-proxy` + - **Remote storage URL:** `https://repo.maven.apache.org/maven2/` + - **Blob store:** default +6. Click **Create repository** + +Your proxy URL will be: + +``` +http://nexus.your-domain.com/repository/maven-central-proxy/ +``` + +### Step 3: Configure `~/.m2/settings.xml` + +```xml + + + + + nexus + ${env.NEXUS_USER} + + ${env.NEXUS_PASSWORD} + + + + + + nexus + Nexus Maven Central Proxy + https://nexus.your-domain.com/repository/maven-central-proxy/ + + external:* + + + + +``` + +### Step 4: Add credentials to your Codefresh pipeline + +Add Codefresh secret variables named `NEXUS_USER` and 'NEXUS_PASSWORD''. Maven picks it +up automatically via the `${env.NEXUS_USER}` and `${env.NEXUS_PASSWORD}` reference in `settings.xml`.: + +```yaml +version: "1.0" + +steps: + clone: + title: "Cloning repository" + type: "git-clone" + repo: "${{CF_REPO_OWNER}}/${{CF_REPO_NAME}}" + revision: "${{CF_BRANCH}}" + git: "github" + + build: + title: Maven build + image: maven:3.9-eclipse-temurin-21 + working_directory: "${{clone}}" + commands: + - mvn -s ci/settings.xml clean install +``` +## Verifying the Proxy Works +Check logs for the step where maven package installations are executed +``` +Downloading from proxy: https://your-proxy-url/org/apache/... +``` + +If you see your proxy URL instead of repo.maven.apache.org, the redirect is working. From 725588569060552e8df85ea5702c33e07a97916b Mon Sep 17 00:00:00 2001 From: Vadim Kharin Date: Wed, 8 Jul 2026 17:05:29 +0300 Subject: [PATCH 02/11] docs(maven-rate-limit): add documentation about configuration maven caching repository --- _docs/kb/articles/maven-rate-limit.md | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/_docs/kb/articles/maven-rate-limit.md b/_docs/kb/articles/maven-rate-limit.md index 918663c30..f8aded824 100644 --- a/_docs/kb/articles/maven-rate-limit.md +++ b/_docs/kb/articles/maven-rate-limit.md @@ -13,9 +13,11 @@ support-reviewed: 2023-04-18 LG ## Overview -The build failed with following error during execution of maven commands: +The build failed with following error during installation of maven dependencies: ```shell -Exception in thread "main" java.io.IOException: Server returned HTTP response code: 429 for URL: https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.6/apache-maven-3.8.6-bin.zip +Exception in thread "main" java.io.IOException: +Server returned HTTP response code: 429 for URL: +https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.6/apache-maven-3.8.6-bin.zip ``` ## Details @@ -36,6 +38,7 @@ The fix is straightforward: route your Maven dependency downloads through a cach ## Configure Maven Proxy Cache using AWS CodeArtifact ### Step 1: Create a CodeArtifact domain and repository + ```shell # Create a domain (one per AWS account is typical) aws codeartifact create-domain --domain my-org @@ -52,6 +55,7 @@ aws codeartifact associate-external-connection \ --repository maven-proxy \ --external-connection public:maven-central ``` + ### Step 2: Get your repository endpoint ```shell @@ -70,6 +74,7 @@ aws codeartifact associate-external-connection \ --repository maven-proxy \ --external-connection public:maven-central ``` + ### Step 3: Configure ~/.m2/settings.xml ```yaml @@ -99,7 +104,9 @@ aws codeartifact associate-external-connection \ ``` + ### Step 4: Add a token refresh step to your Codefresh pipeline + CodeArtifact auth tokens expire every 12 hours, so you need to fetch a fresh one at the start of each build. Add this as the first step in your pipeline: ```yaml version: "1.0" @@ -128,7 +135,9 @@ steps: ``` ## Configure Maven Proxy Cache using Google Artifact Registry + ### Step 1: Create a Remote Repository + ```shell gcloud artifacts repositories create maven-proxy \ --project=YOUR_PROJECT_ID \ @@ -140,6 +149,7 @@ gcloud artifacts repositories create maven-proxy \ ``` ### Step 2: Get the repository URL + Your proxy URL follows this pattern: ```shell https://LOCATION-maven.pkg.dev/PROJECT_ID/REPOSITORY_NAME/ @@ -147,6 +157,7 @@ https://LOCATION-maven.pkg.dev/PROJECT_ID/REPOSITORY_NAME/ https://us-east1-maven.pkg.dev/my-project/maven-proxy/ ``` ### Step 3: Configure ~/.m2/settings.xml + ```yaml ``` ### Step 4: Authenticate in Codefresh pipeline + Store your service account json key file as a Codefresh secret variable named `GOOGLE_JSON_KEY_FILE`. Maven picks it up automatically via the `${env.GOOGLE_JSON_KEY_FILE}` reference in `settings.xml`. @@ -196,6 +208,7 @@ steps: ``` ## Configure Maven Proxy Cache using Azure Artifacts + ### Step 1: Create a feed with Maven Central upstream 1. In Azure DevOps, go to **Artifacts** → **Create Feed** @@ -286,7 +299,7 @@ Nexus OSS is free. Infrastructure cost depends on your setup — a minimal deplo >The reason the YAML editor does not catch this at this time is because it istechnically a valid YAML file. -### Step 1 — Deploy Nexus OSS to your cluster +### Step 1: Deploy Nexus OSS to your cluster Use [official sonatype documentation](https://help.sonatype.com/en/install-nexus-repository.html) to check requirements for Nexus repository installation. @@ -362,7 +375,8 @@ steps: - mvn -s ci/settings.xml clean install ``` ## Verifying the Proxy Works -Check logs for the step where maven package installations are executed + +Check logs for the step where maven dependencies installations are executed ``` Downloading from proxy: https://your-proxy-url/org/apache/... ``` From f822ae4f09e867621e07b7dbba60bc604b563799 Mon Sep 17 00:00:00 2001 From: Yaroslav Drachenko Date: Mon, 13 Jul 2026 15:17:01 +0200 Subject: [PATCH 03/11] Apply suggestion from @yaroslav-codefresh --- _docs/kb/articles/maven-rate-limit.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_docs/kb/articles/maven-rate-limit.md b/_docs/kb/articles/maven-rate-limit.md index f8aded824..da1b56dc6 100644 --- a/_docs/kb/articles/maven-rate-limit.md +++ b/_docs/kb/articles/maven-rate-limit.md @@ -22,7 +22,7 @@ https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.6/apache- ## Details -Codefresh SaaS pipelines share a single egress IP. Maven Central (operated by Sonatype) rate-limits traffic per IP, and the combined volume from all customers running on shared runtimes can trigger that limit — causing your builds to fail with HTTP 429 Too Many Requests. +Maven Central (operated by Sonatype) rate-limits traffic per IP, and the combined volume from all customers running on shared runtimes can trigger that limit — causing your builds to fail with HTTP 429 Too Many Requests. This issue only affects pipelines running on Codefresh shared SaaS runtimes: From e05d75e13b60c0045fc133d7c6f2c657f3d1f6f0 Mon Sep 17 00:00:00 2001 From: Vadim Kharin Date: Mon, 13 Jul 2026 16:55:28 +0300 Subject: [PATCH 04/11] refactoring --- _docs/kb/articles/maven-rate-limit.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/_docs/kb/articles/maven-rate-limit.md b/_docs/kb/articles/maven-rate-limit.md index da1b56dc6..41f67074a 100644 --- a/_docs/kb/articles/maven-rate-limit.md +++ b/_docs/kb/articles/maven-rate-limit.md @@ -22,16 +22,16 @@ https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.6/apache- ## Details -Maven Central (operated by Sonatype) rate-limits traffic per IP, and the combined volume from all customers running on shared runtimes can trigger that limit — causing your builds to fail with HTTP 429 Too Many Requests. +Maven Central (operated by Sonatype) rate-limits traffic per IP, and the combined volume from all customers running on shared runtimes can trigger that limit — causing your builds to fail with HTTP 429 Too Many Requests. When facing the rate limit for a long time it might result in 403 Forbidden error. -This issue only affects pipelines running on Codefresh shared SaaS runtimes: +This issue mostly affects pipelines running on Codefresh shared SaaS runtimes which is Cloud Builds or these runtimes: system/linux_paying_plan system/linux_non_paying_plan system/codefresh-enterprise system/plan/linux -If your pipelines run on a hybrid runner (your own Kubernetes cluster), your builds already use your own egress IP and are not affected by this issue. +If your pipelines run on a hybrid runner (your own Kubernetes cluster), your builds already use your own egress IP and you might not face this issue. However, if it happens this guide is still relevant for you. The fix is straightforward: route your Maven dependency downloads through a caching proxy that sits between your pipeline and Maven Central. After the first download of each artifact, all subsequent requests are served from the cache — Maven Central never sees repeated traffic from your builds. From 4c4f14cb300683851b31582360cea971f66be554 Mon Sep 17 00:00:00 2001 From: vadim-kharin-codefresh Date: Mon, 13 Jul 2026 16:56:22 +0300 Subject: [PATCH 05/11] refactoring from @yaroslav-codefresh Co-authored-by: Yaroslav Drachenko --- _docs/kb/articles/maven-rate-limit.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/_docs/kb/articles/maven-rate-limit.md b/_docs/kb/articles/maven-rate-limit.md index 41f67074a..c1c980b2e 100644 --- a/_docs/kb/articles/maven-rate-limit.md +++ b/_docs/kb/articles/maven-rate-limit.md @@ -33,7 +33,14 @@ This issue mostly affects pipelines running on Codefresh shared SaaS runtimes wh If your pipelines run on a hybrid runner (your own Kubernetes cluster), your builds already use your own egress IP and you might not face this issue. However, if it happens this guide is still relevant for you. -The fix is straightforward: route your Maven dependency downloads through a caching proxy that sits between your pipeline and Maven Central. After the first download of each artifact, all subsequent requests are served from the cache — Maven Central never sees repeated traffic from your builds. +**The fix is straightforward**: route your Maven dependency downloads through a caching proxy that sits between your pipeline and Maven Central. After the first download of each artifact, all subsequent requests are served from the cache — Maven Central never sees repeated traffic from your builds. + +There are a **couple of options** to proceed with: +- AWS CodeArtifact +- Google Artifact Registry +- Azure Artifacts +- Self-hosted Nexus Repository Manager + ## Configure Maven Proxy Cache using AWS CodeArtifact From e5903c27f2e6a10ab064029b6b1fda20a15bda98 Mon Sep 17 00:00:00 2001 From: vadim-kharin-codefresh Date: Mon, 13 Jul 2026 16:57:19 +0300 Subject: [PATCH 06/11] refactoring from @yaroslav-codefresh Co-authored-by: Yaroslav Drachenko --- _docs/kb/articles/maven-rate-limit.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_docs/kb/articles/maven-rate-limit.md b/_docs/kb/articles/maven-rate-limit.md index c1c980b2e..34d77a016 100644 --- a/_docs/kb/articles/maven-rate-limit.md +++ b/_docs/kb/articles/maven-rate-limit.md @@ -383,7 +383,7 @@ steps: ``` ## Verifying the Proxy Works -Check logs for the step where maven dependencies installations are executed +Check the build logs for the pipeline step where maven dependencies installation is executed -- if you see your proxy URL instead of repo.maven.apache.org, the caching proxy is working as expected: ``` Downloading from proxy: https://your-proxy-url/org/apache/... ``` From ba25b1b5789b37ced29b56dd7a92b557083ae6e2 Mon Sep 17 00:00:00 2001 From: vadim-kharin-codefresh Date: Mon, 13 Jul 2026 16:57:33 +0300 Subject: [PATCH 07/11] refactoring from @yaroslav-codefresh Co-authored-by: Yaroslav Drachenko --- _docs/kb/articles/maven-rate-limit.md | 1 - 1 file changed, 1 deletion(-) diff --git a/_docs/kb/articles/maven-rate-limit.md b/_docs/kb/articles/maven-rate-limit.md index 34d77a016..3b56d987d 100644 --- a/_docs/kb/articles/maven-rate-limit.md +++ b/_docs/kb/articles/maven-rate-limit.md @@ -388,4 +388,3 @@ Check the build logs for the pipeline step where maven dependencies installation Downloading from proxy: https://your-proxy-url/org/apache/... ``` -If you see your proxy URL instead of repo.maven.apache.org, the redirect is working. From 9afccb7b9d6d3fff488d900cf9283ca46518ae25 Mon Sep 17 00:00:00 2001 From: vadim-kharin-codefresh Date: Mon, 13 Jul 2026 16:57:50 +0300 Subject: [PATCH 08/11] Apply suggestion from @yaroslav-codefresh Co-authored-by: Yaroslav Drachenko --- _docs/kb/articles/maven-rate-limit.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/_docs/kb/articles/maven-rate-limit.md b/_docs/kb/articles/maven-rate-limit.md index 3b56d987d..9590e47db 100644 --- a/_docs/kb/articles/maven-rate-limit.md +++ b/_docs/kb/articles/maven-rate-limit.md @@ -301,10 +301,6 @@ steps: Nexus OSS is free. Infrastructure cost depends on your setup — a minimal deployment (2 vCPU, 4 GB RAM, 100 GB storage) runs roughly $60–120/month on most cloud providers. A production-grade setup with SSD storage and egress is closer to $200–500/month. ->_**Note**:_ -> ->The reason the YAML editor does not catch this at this time is because it istechnically a valid YAML file. - ### Step 1: Deploy Nexus OSS to your cluster From 8e7460983999541563648343538ce48be3980824 Mon Sep 17 00:00:00 2001 From: Vadim Kharin Date: Mon, 13 Jul 2026 17:08:57 +0300 Subject: [PATCH 09/11] fix issue with templating --- _docs/kb/articles/maven-rate-limit.md | 29 +++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/_docs/kb/articles/maven-rate-limit.md b/_docs/kb/articles/maven-rate-limit.md index 9590e47db..e3a0f90ac 100644 --- a/_docs/kb/articles/maven-rate-limit.md +++ b/_docs/kb/articles/maven-rate-limit.md @@ -115,7 +115,9 @@ aws codeartifact associate-external-connection \ ### Step 4: Add a token refresh step to your Codefresh pipeline CodeArtifact auth tokens expire every 12 hours, so you need to fetch a fresh one at the start of each build. Add this as the first step in your pipeline: -```yaml +`codefresh.yml` +{% highlight yaml %} +{% raw %} version: "1.0" steps: @@ -139,7 +141,8 @@ steps: working_directory: "${{clone}}" commands: - mvn -s ci/settings.xml clean install -``` +{% endraw %} +{% endhighlight %} ## Configure Maven Proxy Cache using Google Artifact Registry @@ -195,7 +198,9 @@ https://us-east1-maven.pkg.dev/my-project/maven-proxy/ Store your service account json key file as a Codefresh secret variable named `GOOGLE_JSON_KEY_FILE`. Maven picks it up automatically via the `${env.GOOGLE_JSON_KEY_FILE}` reference in `settings.xml`. -```yaml +`codefresh.yml` +{% highlight yaml %} +{% raw %} version: "1.0" steps: @@ -212,7 +217,8 @@ steps: working_directory: "${{clone}}" commands: - mvn -s ci/settings.xml clean install -``` +{% endraw %} +{% endhighlight %} ## Configure Maven Proxy Cache using Azure Artifacts @@ -278,7 +284,9 @@ Set scope: **Packaging → Read & write** Store your PAT as a Codefresh secret variable named `AZURE_ARTIFACTS_PAT`. Maven picks it up automatically via the `${env.AZURE_ARTIFACTS_PAT}` reference in `settings.xml`. -```yaml +`codefresh.yml` +{% highlight yaml %} +{% raw %} version: "1.0" steps: @@ -295,7 +303,8 @@ steps: working_directory: "${{clone}}" commands: - mvn -s ci/settings.xml clean install -``` +{% endraw %} +{% endhighlight %} ## Configure Maven Proxy Cache using Self-Hosted Nexus Repository Manager @@ -359,7 +368,9 @@ http://nexus.your-domain.com/repository/maven-central-proxy/ Add Codefresh secret variables named `NEXUS_USER` and 'NEXUS_PASSWORD''. Maven picks it up automatically via the `${env.NEXUS_USER}` and `${env.NEXUS_PASSWORD}` reference in `settings.xml`.: -```yaml +`codefresh.yml` +{% highlight yaml %} +{% raw %} version: "1.0" steps: @@ -376,7 +387,9 @@ steps: working_directory: "${{clone}}" commands: - mvn -s ci/settings.xml clean install -``` +{% endraw %} +{% endhighlight %} + ## Verifying the Proxy Works Check the build logs for the pipeline step where maven dependencies installation is executed -- if you see your proxy URL instead of repo.maven.apache.org, the caching proxy is working as expected: From 5e4252235107868c5d2edeccd6990b80a2c244fe Mon Sep 17 00:00:00 2001 From: Vadim Kharin Date: Mon, 13 Jul 2026 17:10:34 +0300 Subject: [PATCH 10/11] set correct type for xml texts --- _docs/kb/articles/maven-rate-limit.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/_docs/kb/articles/maven-rate-limit.md b/_docs/kb/articles/maven-rate-limit.md index e3a0f90ac..c57ad954d 100644 --- a/_docs/kb/articles/maven-rate-limit.md +++ b/_docs/kb/articles/maven-rate-limit.md @@ -84,7 +84,7 @@ aws codeartifact associate-external-connection \ ### Step 3: Configure ~/.m2/settings.xml -```yaml +```xml