sbt Repository

Cloudsmith provides public & private repositories for sbt packages (Scala)

sbt is an open-source build tool for Scala and Java projects. Its main features are
native support for compiling Scala code and integrating with many Scala test frameworks.

For more information on sbt, please see:

• scala-sbt: The official sbt website

Contextual Documentation

The examples in this document are generic. Cloudsmith provides contextual setup instructions within each repository, complete with copy and paste snippets (with your namespace/repo/rsa-key pre-configured).

In the following examples:

Upload a Package

Upload via sbt Publish

The endpoint for the native Maven API is:

https://maven.cloudsmith.io/OWNER/REPOSITORY/

By default, Sbt 1.x uses Maven-style publishing and no other plugins are required to publish to Cloudsmith. If you're using Sbt 0.x then you'll need to use the Maven Wagon integration approach (see the integrations tab within the repository on the Cloudsmith website for further details).

Include a publishTo stanza in your publish.sbt file as follows:

publishTo := { Some("Cloudsmith API" at "https://maven.cloudsmith.io/OWNER/REPOSITORY/") }
pomIncludeRepository := { x => false }

You then configure a ~/.sbt/.credentials file with the authentication details of the uploading user as follows:

realm=Cloudsmith API
host=maven.cloudsmith.io
user=OWNER
password=API-KEY

Then refer to the above in your publish.sbt file with:

credentials += Credentials(Path.userHome / ".sbt" / ".credentials")

Note

You can also encode your credentials directly (and use an environment variable to pull in the API key).

You can now publish to the native API with:

sbt publish

You can find out additional information about Sbt publishing in the official Sbt documentation.

Publishing an sbt plugin

Cloudsmith supports publishing sbt plugins via the Maven publish style. To publish an sbt plugin you need to add the following to your build.sbt:

lazy val root = (project in file("."))
    .enablePlugins(SbtPlugin)
    .settings(
        name := "PLUGIN_NAME",
        sbtPlugin := true,
        publishMavenStyle := true,
    )

Upload via the Cloudsmith CLI

For full details of how to install and setup the Cloudsmith CLI, see Command Line Interface.

The command to upload via the Cloudsmith CLI is:

cloudsmith push maven OWNER/REPOSITORY ARTIFACT_ID-PACKAGE_VERSION.jar --pom-file=ARTIFACT_ID-PACKAGE_VERSION.pom

Example:

cloudsmith push maven org/repo validation-api-1.0.0.GA.jar --pom-file=validation-api-1.0.0.GA.pom

Upload via Cloudsmith web app

Please see Upload a Package for details of how to upload via the Cloudsmith web app.

Download / Install a Package

Setup

Public Repositories

To enable the retrieval of packages from a public Cloudsmith repository via sbt, add your repository your build.sbt file as follows:

resolvers += "NAME" at "https://dl.cloudsmith.io/public/OWNER/REPOSITORY/maven/"

Private Repositories

Private Repositories

Private Cloudsmith repositories require authentication. You can choose between two types of authentication, Entitlement Token Authentication or HTTP Basic Authentication. The setup method will differ depending on what authentication type you choose to use.

Warning

Entitlement Tokens, User Credentials and API-Keys should be treated as secrets, and you should ensure that you do not commit them in configurations files along with source code, or expose them in any logs.

To enable the retrieval of packages from a private Cloudsmith repository via sbt, add your repository your build.sbt file as follows:

resolvers += "NAME" at "https://dl.cloudsmith.io/TOKEN/OWNER/REPOSITORY/maven/"

resolvers += "NAME" at "https://dl.cloudsmith.io/basic/OWNER/REPOSITIORY/maven/"

When using Entitlement Token Authentication, no further setup is required.
If using HTTP Basic Authentication, you can provide one following three types of credentials:

• Cloudsmith Username and Password
• Cloudsmith API Key
• An Entitlement Token

You should keep these credentials separately in your ~/.sbt/.credentials file instead of within the build.sbt file. When you have your credentials ready, setup your ~/.sbt/.credentials file as follows:

realm=Private Repository
host=
user=USERNAME
password=PASSWORD

realm=Private Repository
host=
user=USERNAME
password=API-KEY

realm=Private Repository
host=
user=token
password=TOKEN

Then add the following to your build.sbt file:

credentials += Credentials(Path.userHome / ".sbt" / ".credentials")

Specifying Dependencies

After the repository is added to the build.sbt file, and your credentials are added to the /.sbt/.credentials file (required for private repositories if using HTTP Basic Authentication), all that is left is to specify the dependency in the dependencies section of the project build.sbt file.

libraryDependencies += "GROUP_ID" % "ARTIFACT_ID" % "PACKAGE_VERSION"

Note

In sbt 0.13.x (not sbt 1.x or above) an extension point in the dependency resolution to use Maven-style resolvers is required. To enable this plugin add the following to project/maven.sbt (or project/plugin.sbt):

scala

addMavenResolverPlugin

Upstream Proxying / Caching

Configurable Proxying Caching
You can configure upstream repositories that you wish to use for packages that are not available in your Cloudsmith repository. In addition, you can also choose to cache any requested packages for future use.

Please see our Upstream Proxying documentation for further instructions.

Key Signing Support

Troubleshooting

Q. sbt maintains plain text passwords in settings.xml and credential files. How do we prevent exposure of such passwords?

The underlying Maven toolchain supports encrypted credentials. You can also use interpolation from environment variables instead so that you don't store them in configuration files. We also support authentication by de-privileged entitlement tokens (i.e. read-only specific access) to minimize exposure.

Still Need Help?

Contact us here. We're always happy to help!