ci-image/README.md

ci-image: MAVEN settings handling

This image supports injecting a Maven settings.xml at container start via environment variables.

Environment variables

• MAVEN_SETTINGS_BASE64 (preferred): base64-encoded contents of the settings.xml. If present, the entrypoint will decode it and write it to ~/.m2/settings.xml.

• MAVEN_SETTINGS: raw contents of the settings.xml. Used only if MAVEN_SETTINGS_BASE64 is not set.

• MAVEN_SETTINGS_PATH: path to the settings.xml inside the container (exported by the entrypoint). Typically /home/ci/.m2/settings.xml or ~/.m2/settings.xml depending on the user; use this variable in scripts to locate the file reliably.

Notes

• The entrypoint will create ~/.m2 if it does not exist and set the settings.xml file to mode 644.
• Use MAVEN_SETTINGS_BASE64 when your CI system has trouble preserving newlines or special characters in environment variables.

Examples

Build the image:

docker build -t my-ci-image .

Provide raw settings (works if your CI preserves newlines):

docker run --rm -e MAVEN_SETTINGS="$(cat ~/.m2/settings.xml)" my-ci-image bash -lc 'cat ~/.m2/settings.xml'

Provide base64-encoded settings (recommended to avoid newline issues):

docker run --rm -e MAVEN_SETTINGS_BASE64="$(base64 -w0 ~/.m2/settings.xml)" my-ci-image bash -lc 'cat ~/.m2/settings.xml'

GitHub Actions (example)

If you store the plain settings.xml as a secret, encode it before setting a secret value (locally):

# encode locally then paste into GitHub secret value
base64 -w0 ~/.m2/settings.xml

Then in your workflow use the secret as-is:

env:
  MAVEN_SETTINGS_BASE64: ${{ secrets.MAVEN_SETTINGS_BASE64 }}
uses: docker://my-ci-image

If your CI runner can pass multiline env vars safely, you can instead set MAVEN_SETTINGS to the raw XML.