sos-wagon-private
Deploy and consume artifacts in private S3 repositories. Designed to be used from Leiningen, but should be usable in other contexts by deploying to repositories at "s3p://" URLs.
Note: This is a derived version of https://github.com/s3-wagon-private/s3-wagon-private
Usage
Leiningen 2.x
Add the plugin and repositories listing to project.clj.
NB: You need to add these to your project.clj, not your personal ~/.lein/profiles.clj. For more details on why, see Leiningen's doc on repeatability:
:plugins [[exoscale/sos-wagon-private "1.3.2-exoscale8"]]
To authenticate to the S3 bucket, you can either use any of the AWS SDK credential providers, store credentials in an encrypted file, or store your credentials in arbitrary environment variables.
AWS credential providers
Using one of the AWS SDK chained provider class credential providers:
Add the following to project.clj:
:repositories [["private" {:url "s3p://mybucket/releases/" :no-auth true}]]
An excerpt of the most commonly used credential providers:
- Environment Variables -
AWS_ACCESS_KEY_IDandAWS_SECRET_ACCESS_KEY - Java System Properties -
aws.accessKeyIdandaws.secretKey - Credential profiles file at the default location (~/.aws/credentials) with the AWS Credentials File Format. To use a particular profile, specify the env var
AWS_PROFILEor a Java system property ofaws.profile, otherwise, the fallback will be the default profile name ("default") - Instance profile credentials delivered through the Amazon EC2 metadata service
Store credentials in an encrypted file
Add the following to project.clj:
:repositories [["private" {:url "s3p://mybucket/releases/" :creds :gpg}]]
And in ~/.lein/credentials.clj.gpg:
{"s3p://mybucket/releases" {:username "AKIA2489AE28488" ;; AWS Access Key
:passphrase "98b0b104ca1211e19a6c" ;; AWS Secret Key
}}
The map key here can be either a string for an exact match or a regex checked against the repository URL if you have the same credentials for multiple repositories.
See lein help deploying for additional details on storing credentials.
Store credentials under arbitrary environment variables
:repositories {"releases" {:url "s3p://my-maven/releases/"
:username :env/my_cool_aws_access_key_id
:passphrase :env/my_cool_aws_secret_access_key
:sign-releases false}
"snapshots" {:url "s3p://my-maven/snapshots/"
:username :env/my_cool_aws_access_key_id
:passphrase :env/my_cool_aws_secret_access_key}}
Maven
pom.xml
<build>
<extensions>
<extension>
<groupId>s3-wagon-private</groupId>
<artifactId>s3-wagon-private</artifactId>
<version>1.3.1</version>
</extension>
</extensions>
</build>
<!-- to publish to a private bucket -->
<distributionManagement>
<repository>
<id>someId</id>
<name>Some Name</name>
<url>s3p://some-bucket/release</url>
</repository>
<snapshotRepository>
<id>someSnapshotId</id>
<name>Some Snapshot Name</name>
<url>s3p://some-bucket/snapshot</url>
</snapshotRepository>
</distributionManagement>
<!-- to consume artifacts from a private bucket -->
<pluginRepositories>
<pluginRepository>
<id>clojars.org</id>
<name>Clojars Repository</name>
<url>http://clojars.org/repo</url>
</pluginRepository>
</pluginRepositories>
<repositories>
<repository>
<id>someId</id>
<name>Some Name</name>
<url>s3p://some-bucket/release</url>
</repository>
</repositories>
settings.xml
This xml is only necessary if not using one of the AWS SDK chained provider class methods of authentication.
<settings>
<servers>
<server>
<!-- you can actually put the key and secret in here, I like to get them from the env -->
<id>someId</id>
<username>${env.AWS_ACCESS_KEY}</username>
<privateKey>${user.home}/.ssh/id_rsa</privateKey>
<passphrase>${env.AWS_SECRET_KEY}</passphrase>
</server>
</servers>
</settings>
AWS Policy
Here's a sample AWS policy that would allow both read and write access to
the bucket mybucket:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "S3WagonPrivateAllowConfiguration",
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::mybucket"
]
},
{
"Sid": "S3WagonPrivateAllowGetAndPut",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:GetObjectVersion",
"s3:ListBucket",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::mybucket/*"
]
}
]
}
Troubleshooting
If you are seeing errors like: java.lang.IllegalArgumentException: No matching ctor found for class org.sonatype.aether.repository.Authentication, and you are using lein-npm, try upgrading to version 0.5.1 or later. It contains fixes for an issue when using keyword sourced environment variables in your :repositories.
Releasing this library
# Make sure all of the versions are as you want them
git tag v1.x.y
git push --tags
mvn deploy
# Bump to the next SNAPSHOT version
Pushing to Exoscale
Assuming leiningen, the configuration would be:
:repositories [["private" {:url "s3p://some-bucket/some-prefix" :no-auth true}]]
You'll then need a correct configuration in ~/.aws/credentials, assuming
you have a configuration in your artifacts profile in ~/.aws/credentials, you can then:
env AWS_PROFILE=artifacts AWS_DEFAULT_REGION=ch-dk-2 lein deploy private
License
Copyright © 2011-2013 Phil Hagelberg, Scott Clasen, Allen Rohner
Based on aws-maven from the Spring project.
Distributed under the Apache Public License version 2.0.
Can you improve this documentation? These fine people already did:
Daniel Compton, Phil Hagelberg, Colin Jones, Scott Clasen, Pierre-Yves Ritschard, Anuj Kumar, Sheel Choksi, Arthur Ulfeldt, Tim Gilbert, Allen Rohner, Jeremy Heiler & Raymond HuangEdit on GitHub
cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close