- Publish to the GitLab Package Registry
- Authenticate to the Package Registry with Gradle
- Publish using Gradle
- Install a package
- Helpful hints
Maven packages in the Package Registry
Publish Maven artifacts in your project’s Package Registry using Gradle. Then, install the packages whenever you need to use them as a dependency.
For documentation of the specific API endpoints that the Maven package manager client uses, see the Maven API documentation.
Learn how to build a Gradle package.
Publish to the GitLab Package Registry
Tokens
You need a token to publish a package. Different tokens are available depending on what you’re trying to achieve. For more information, review the guidance on tokens.
- If your organization uses two-factor authentication (2FA), you must use a personal access token with the scope set to
api. - If you publish a package via CI/CD pipelines, you must use a CI job token.
Create a token and save it to use later in the process.
Authenticate to the Package Registry with Gradle
Authenticate with a personal access token or deploy token in Gradle
In your GRADLE_USER_HOME directory,
create a file gradle.properties with the following content:
gitLabPrivateToken=REPLACE_WITH_YOUR_TOKEN
Your token name depends on which token you use.
| Token type | Token name |
|---|---|
| Personal access token | Private-Token |
| Deploy token | Deploy-Token |
Add a repositories section to your
build.gradle
file:
repositories {
maven {
url "https://gitlab.example.com/api/v4/groups/<group>/-/packages/maven"
name "GitLab"
credentials(HttpHeaderCredentials) {
name = 'REPLACE_WITH_TOKEN_NAME'
value = gitLabPrivateToken
}
authentication {
header(HttpHeaderAuthentication)
}
}
}
Or add it to your build.gradle.kts file if you are using Kotlin DSL:
repositories {
maven {
url = uri("https://gitlab.example.com/api/v4/groups/<group>/-/packages/maven")
name = "GitLab"
credentials(HttpHeaderCredentials::class) {
name = "REPLACE_WITH_TOKEN_NAME"
value = findProperty("gitLabPrivateToken") as String?
}
authentication {
create("header", HttpHeaderAuthentication::class)
}
}
}
Authenticate with a CI job token in Gradle
To authenticate with a CI job token, add a repositories section to your
build.gradle
file:
repositories {
maven {
url "${CI_API_V4_URL}/groups/<group>/-/packages/maven"
name "GitLab"
credentials(HttpHeaderCredentials) {
name = 'Job-Token'
value = System.getenv("CI_JOB_TOKEN")
}
authentication {
header(HttpHeaderAuthentication)
}
}
}
Or add it to your build.gradle.kts file if you are using Kotlin DSL:
repositories {
maven {
url = uri("$CI_API_V4_URL/groups/<group>/-/packages/maven")
name = "GitLab"
credentials(HttpHeaderCredentials::class) {
name = "Job-Token"
value = System.getenv("CI_JOB_TOKEN")
}
authentication {
create("header", HttpHeaderAuthentication::class)
}
}
}
Naming convention
You can use one of three API endpoints to install a Maven package. You must publish a package to a project, but note which endpoint
you use to install the package. The option you choose determines the settings you add to your pom.xml file for publishing.
The three endpoints are:
- Project-level: Use when you have a few Maven packages that are not in the same GitLab group.
- Group-level: Use when installing packages from many different projects in the same GitLab group. GitLab does not guarantee the uniqueness of package names in the group. You can have two projects with the same package name and package version. As a result, GitLab serves whichever one is more recent.
- Instance-level: Use when installing many packages from different GitLab groups or in their own namespace.
Only packages with the same path as the project are exposed by the instance-level endpoint.
| Project | Package | Instance-level endpoint available |
|---|---|---|
foo/bar |
foo/bar/1.0-SNAPSHOT |
Yes |
gitlab-org/gitlab |
foo/bar/1.0-SNAPSHOT |
No |
gitlab-org/gitlab |
gitlab-org/gitlab/1.0-SNAPSHOT |
Yes |
Endpoint URLs
| Endpoint | Endpoint URL | Additional information |
|---|---|---|
| Project | https://gitlab.example.com/api/v4/projects/<project_id>/packages/maven |
Replace gitlab.example.com with your domain name. Replace <project_id> with your project ID found on your project’s homepage. |
| Group | https://gitlab.example.com/api/v4/groups/<group_id>/-/packages/maven |
Replace gitlab.example.com with your domain name. Replace <group_id> with your group ID found on your group’s homepage. |
| Instance | https:///gitlab.example.com/api/v4/packages/maven |
Replace gitlab.example.com with your domain name. |
In all cases, to publish a package, you need:
- A project-specific URL in the
distributionManagementsection. - A
repositoryanddistributionManagementsection.
Edit the Groovy DSL or Kotlin DSL
The Gradle Groovy DSL repositories section should look like this:
repositories {
maven {
url "<your_endpoint_url>"
name "GitLab"
}
}
In Kotlin DSL:
repositories {
maven {
url = uri("<your_endpoint_url>")
name = "GitLab"
}
}
- Replace
<your_endpoint_url>with the endpoint you chose.
Publish using Gradle
Your token name depends on which token you use.
| Token type | Token name |
|---|---|
| Personal access token | Private-Token |
| Deploy token | Deploy-Token |
To publish a package by using Gradle:
-
Add the Gradle plugin
maven-publishto the plugins section:In Groovy DSL:
plugins { id 'java' id 'maven-publish' }In Kotlin DSL:
plugins { java `maven-publish` } -
Add a
publishingsection:In Groovy DSL:
publishing { publications { library(MavenPublication) { from components.java } } repositories { maven { url "https://gitlab.example.com/api/v4/projects/<PROJECT_ID>/packages/maven" credentials(HttpHeaderCredentials) { name = "REPLACE_WITH_TOKEN_NAME" value = gitLabPrivateToken // the variable resides in $GRADLE_USER_HOME/gradle.properties } authentication { header(HttpHeaderAuthentication) } } } }In Kotlin DSL:
publishing { publications { create<MavenPublication>("library") { from(components["java"]) } } repositories { maven { url = uri("https://gitlab.example.com/api/v4/projects/<PROJECT_ID>/packages/maven") credentials(HttpHeaderCredentials::class) { name = "REPLACE_WITH_TOKEN_NAME" value = findProperty("gitLabPrivateToken") as String? // the variable resides in $GRADLE_USER_HOME/gradle.properties } authentication { create("header", HttpHeaderAuthentication::class) } } } } -
Replace
PROJECT_IDwith your project ID, which you can find on your project’s home page. -
Run the publish task:
gradle publish
Go to your project’s Packages and registries page and view the published packages.
Install a package
To install a package from the GitLab Package Registry, you must configure the remote and authenticate. After configuring the remote and authenticate, you can install a package from a project, group, or namespace.
If multiple packages have the same name and version, when you install a package, the most recently-published package is retrieved.
Add a dependency to build.gradle in the dependencies section:
dependencies {
implementation 'com.mycompany.mydepartment:my-project:1.0-SNAPSHOT'
}
Or to build.gradle.kts if you are using Kotlin DSL:
dependencies {
implementation("com.mycompany.mydepartment:my-project:1.0-SNAPSHOT")
}
Helpful hints
For the complete list of helpful hints, see the Maven documentation.
Create Maven packages with GitLab CI/CD by using Gradle
You can create a package each time the main branch
is updated.
-
Authenticate with a CI job token in Gradle.
-
Add a
deployjob to your.gitlab-ci.ymlfile:deploy: image: gradle:6.5-jdk11 script: - 'gradle publish' only: - main -
Commit files to your repository.
When the pipeline is successful, the Maven package is created.
Publishing a package with the same name or version
When you publish a package with the same name and version as an existing package, the new package files are added to the existing package. You can still use the UI or API to access and view the existing package’s older assets.
Consider using the Packages API or the UI to delete older package versions.
Do not allow duplicate Maven packages
To prevent users from publishing duplicate Maven packages, you can use the GraphQl API or the UI.
In the UI:
- For your group, go to Settings > Packages and registries.
- Expand the Package Registry section.
- Turn on the Do not allow duplicates toggle.
- Optional. To allow some duplicate packages, in the Exceptions box, enter a regex pattern that matches the names and/or versions of packages you want to allow.
Your changes are automatically saved.
Request forwarding to Maven Central
maven_central_request_forwarding.
This feature is not available for SaaS users.When a Maven package is not found in the Package Registry, the request is forwarded to Maven Central.
When the feature flag is enabled, administrators can disable this behavior in the Continuous Integration settings.
There are many ways to configure your Maven project to request packages in Maven Central from GitLab. Maven repositories are queried in a specific order. By default, maven-central is usually checked first through the Super POM, so GitLab needs to be configured to be queried before maven-central.
Using GitLab as a mirror of the central proxy is one way to force GitLab to be queried in place of maven-central.
Maven forwarding is restricted to only the project level and group level endpoints. The instance-level endpoint has naming restrictions that prevent it from being used for packages that don’t follow that convention and also introduces too much security risk for supply-chain style attacks.