Implement TLS (https) for repo.ohdsi.org connections

[leeevans]

Expected behavior

As reported by @actualben the repo.ohdsi.org should use TLS (https) in order to prevent a man-in-the-middle attack.

Actual behavior

repo.ohdsi.org uses http with an anonymous user

Steps to reproduce behavior

see OHDSI github WebAPI pom.xml

@anthonysena I'ld appreciate it if we could discuss the approach and do some testing prior to enabling TLS, so we can have a smooth transition.

[anthonysena]

Happy to discuss @leeevans as this will have a large impact across all of our repos that use Java.

[actualben]

It appears that as of Maven 3.8.1 (released yesterday) non-TLS repos are now blocked by default: https://maven.apache.org/docs/3.8.1/release-notes.html

The error looks like:

#15 20.63 [ERROR] Failed to execute goal on project WebAPI: Could not resolve dependencies for project org.ohdsi:WebAPI:war:2.8.1-SNAPSHOT: Failed to collect dependencies at org.ohdsi.sql:SqlRender:jar:1.6.8: Failed to read artifact descriptor for org.ohdsi.sql:SqlRender:jar:1.6.8: Could not transfer artifact org.ohdsi.sql:SqlRender:pom:1.6.8 from/to maven-default-http-blocker (http://0.0.0.0/): Blocked mirror for repositories: [ohdsi (http://repo.ohdsi.org:8085/nexus/content/groups/public, default, releases+snapshots)] -> [Help 1]

[leeevans]

@actualben @anthonysena @chrisknoll

TLS access to the OHDSI repo is now available at https://repo.ohdsi.org/nexus
Non-TLS access remains available at the existing URL http://repo.ohdsi.org:8085/nexus

The non-TLS access will be removed after the OHDSI pom.xml file references are updated to use TLS access.