Configure Deploy to fetch artifacts from a Maven repository

This topic describes how to fetch artifacts from a Maven repository. You can access artifacts stored in a Maven repository using the fileUri property of Deploy artifacts. To use this feature, you must configure the Maven repositories that Deploy will search for artifacts.

Step 1 - Get your Maven repository details

Collect information about the configuration of your environment. The list of repositories that are used by a Maven project are listed in its pom.xml file. Authentication and proxy configuration is specified in the settings.xml file of your development or Jenkins environment. For more information, see Maven Settings Reference.

For example, the pom.xml file may contain:


And settings.xml file may contain the following configuration:


Step 2 - Configure Deploy Maven repositories

Maven repositories are configured in XL_DEPLOY_SERVER_HOME/CentralConfiguration/deploy-artifact-resolver.yaml. The Maven example configuration above translates to the following .yaml configuration:

        - id: xebialabs-releases
          url: ""
            username: deployer
            password: secret
            enabled: false

The structure of deploy-artifact-resolver.yaml is different from settings.xml and pom.xml. There is a list of repositories (maven.repositories: [...]), and each repository contains the configuration related to it. This configuration includes:

  • Basic information: id and url.
  • authentication configuration with the same elements as servers in settings.xml, such as: username, password, privateKey and passphrase.
  • proxy configuration to use when connecting to this repository. For example:
            port: 80
            username: proxyuser
            password: proxypass
  • Repository policies for releases and snapshots configure whether this repository will be used to search for SNAPSHOT and non-SNAPSHOT versions of artifacts. The value of snapshots should always be false because unstable references, such as snapshots, are not supported.

    The checksumPolicy property configures how strictly Deploy will react to unmatched checksums when downloading artifacts from this Maven repository. Permitted values are: ignore, fail, or warn. Deploy does not cache remote artifacts locally, this means that the updatePolicy configuration does not apply.

    This is an example configuration of repository policy:

          enabled: true
          checksumPolicy: fail
          enabled: false

The remaining Maven configuration in settings.xml does not apply to Deploy. For example, you do not need to specify mirrors because you can use a mirror URL directly in your repository definition, and profiles are used to configure the Maven build, which does not happen in Deploy.

Step 3 - Restart Deploy

You must restart the Deploy server for changes in deploy-artifact-resolver.yaml to be applied.