feat: add MAVEN_SETTINGS_PATH

Dockerfile

@@ -23,6 +23,9 @@ RUN npm config set fund false && npm config set audit false \
     @semantic-release/exec \
     conventional-changelog-conventionalcommits
 
+COPY entrypoint.sh /usr/local/bin/entrypoint.sh
+RUN chmod +x /usr/local/bin/entrypoint.sh
+
 RUN addgroup -S ci \
  && adduser -S -G ci -h /home/ci -s /bin/bash ci \
  && mkdir -p /workspace /home/ci/.m2 \
@@ -33,6 +36,5 @@ ENV MAVEN_CONFIG=/home/ci/.m2
 WORKDIR /workspace
 
 USER ci
-
-ENTRYPOINT ["/sbin/tini","--"]
+ENTRYPOINT ["/sbin/tini","--","/usr/local/bin/entrypoint.sh"]
 CMD ["/bin/bash","-lc","bash"]

README.md

@@ -0,0 +1,52 @@
+# ci-image: MAVEN settings handling
+
+This image supports injecting a Maven `settings.xml` at container start via environment variables.
+
+Environment variables
+- `MAVEN_SETTINGS_BASE64` (preferred): base64-encoded contents of the `settings.xml`. If present, the entrypoint will decode it and write it to `~/.m2/settings.xml`.
+- `MAVEN_SETTINGS`: raw contents of the `settings.xml`. Used only if `MAVEN_SETTINGS_BASE64` is not set.
+
+- `MAVEN_SETTINGS_PATH`: path to the `settings.xml` inside the container (exported by the entrypoint). Typically `/home/ci/.m2/settings.xml` or `~/.m2/settings.xml` depending on the user; use this variable in scripts to locate the file reliably.
+
+Notes
+- The entrypoint will create `~/.m2` if it does not exist and set the `settings.xml` file to mode `644`.
+- Use `MAVEN_SETTINGS_BASE64` when your CI system has trouble preserving newlines or special characters in environment variables.
+
+Examples
+
+Build the image:
+
+```bash
+docker build -t my-ci-image .
+```
+
+Provide raw settings (works if your CI preserves newlines):
+
+```bash
+docker run --rm -e MAVEN_SETTINGS="$(cat ~/.m2/settings.xml)" my-ci-image bash -lc 'cat ~/.m2/settings.xml'
+```
+
+Provide base64-encoded settings (recommended to avoid newline issues):
+
+```bash
+docker run --rm -e MAVEN_SETTINGS_BASE64="$(base64 -w0 ~/.m2/settings.xml)" my-ci-image bash -lc 'cat ~/.m2/settings.xml'
+```
+
+GitHub Actions (example)
+
+If you store the plain `settings.xml` as a secret, encode it before setting a secret value (locally):
+
+```bash
+# encode locally then paste into GitHub secret value
+base64 -w0 ~/.m2/settings.xml
+```
+
+Then in your workflow use the secret as-is:
+
+```yaml
+env:
+  MAVEN_SETTINGS_BASE64: ${{ secrets.MAVEN_SETTINGS_BASE64 }}
+uses: docker://my-ci-image
+```
+
+If your CI runner can pass multiline env vars safely, you can instead set `MAVEN_SETTINGS` to the raw XML.

entrypoint.sh

@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Entrypoint: write `MAVEN_SETTINGS` or decode `MAVEN_SETTINGS_BASE64`
+# into ~/.m2/settings.xml (MAVEN_SETTINGS_BASE64 takes precedence),
+# then exec the container command.
+
+M2_DIR="${HOME:-/root}/.m2"
+SETTINGS_FILE="$M2_DIR/settings.xml"
+# Export the path to the settings.xml so downstream processes can read it
+export MAVEN_SETTINGS_PATH="$SETTINGS_FILE"
+
+if [[ -n "${MAVEN_SETTINGS_BASE64:-}" ]]; then
+  mkdir -p "$M2_DIR"
+  # Decode base64 content and write it. If decoding fails the script will error.
+  printf '%s' "$MAVEN_SETTINGS_BASE64" | base64 -d > "$M2_DIR/settings.xml"
+  chmod 644 "$M2_DIR/settings.xml" || true
+elif [[ -n "${MAVEN_SETTINGS:-}" ]]; then
+  mkdir -p "$M2_DIR"
+  # Write the variable contents exactly as provided
+  printf '%s' "$MAVEN_SETTINGS" > "$M2_DIR/settings.xml"
+  chmod 644 "$M2_DIR/settings.xml" || true
+fi
+
+if [[ "$#" -eq 0 ]]; then
+  exec "$SHELL" || exec /bin/sh
+fi
+
+exec "$@"