Build and test Java applications

This page explains how to use Cloud Build to build and test Java-based applications, store built artifacts in a Maven repository in Artifact Registry, and generate build provenance information.

Before you begin

Using the maven image

You can configure Cloud Build to build Java applications using the maven image from Docker Hub.

To execute your tasks in the maven image, specify the URL of the image and the tagged version of the image in the name field of your build config file. If you don't specify the image tag, Cloud Build uses the latest image by default. Cloud Build starts the image specified in name by using the image's default entrypoint. To override the default entrypoint and to invoke maven as an entrypoint, specify mvn in the entrypoint field.

The following build config file specifies the entrypoint for the maven image and prints the build tool version:

          steps:
          - name: maven:3.3-jdk-8
            entrypoint: mvn
            args: ['--version']

Configuring Java builds

  1. In your project root directory, create a build config file named cloudbuild.yaml.

  2. Run tests: maven provides maven test, which downloads dependencies, builds the applications, and runs any tests specified in your source code. The args field of a build step takes a list of arguments and passes them to the image referenced by the name field.

    In your build config file, add test to the args field to invoke test within maven:

         steps:
         - name: maven:3.3-jdk-8
           entrypoint: mvn
           args: ['test']
    
  3. Package application: To package your application into a JAR file for your maven image, specify the package command in the args field. The package command builds a JAR file in /workspace/target/.

    The following build step packages your Java application:

         steps:
         - name: maven:3.3-jdk-8
           entrypoint: mvn
           args: ['package','-Dmaven.test.skip=true']
    
  4. Upload to Artifact Registry:

    Cloud Build generates Supply chain Levels for Software Artifacts (SLSA) build provenance information for standalone Maven packages when you upload artifacts to Artifact Registry using the mavenArtifacts field in your Cloud Build config file.

    In your build config file, use the mavenArtifacts field to specify your application file path and your Maven repository in Artifact Registry:

    artifacts:
      mavenArtifacts:
      - repository: 'https://location-maven.pkg.dev/project-id/repository-name'
        path: 'app-path'
        artifactId: 'build-artifact'
        groupId: 'group-id'
        version: 'version'
    

    Replace the following values:

    • location: the location for your repository in Artifact Registry.
    • project-id: the ID of the Google Cloud project that contains your Artifact Registry repository.
    • repository-name: the name of your Maven repository in Artifact Registry.
    • app-path: the path to your packaged application.
    • build-artifact: the name of your package file created from your build step.
    • group-id: uniquely identifies your project across all Maven projects, in the format com.mycompany.app. For more information, see the Maven guide to naming conventions.
    • version: the version number for your application, formatted in numbers and dots like 1.0.1.
  5. Optional: Enable provenance for regional builds

    If you are using a regional build, add the requestedVerifyOption field in the options in your build config file. Set the value to VERIFIED to enable provenance metadata generation. If you don't add requestedVerifyOption: VERIFIED, Cloud Build generates provenance for global builds only.

    options:
      requestedVerifyOption: VERIFIED
    
  6. Start your build: manually or using build triggers.

    Once your build completes, you can view repository details in Artifact Registry.

    You can also view build provenance metadata and validate provenance to help protect your software supply chain.

What's next