New Gradle Mirrors on Bitrise to Help Avoid Maven Central Rate Limits - We’ve added a Bitrise-hosted proxy for Maven Central and the Gradle Plugin Portal to help protect your Gradle builds from upstream rate limiting issues.
This post is about the
Could not GET '...'. Received status code 429 from server: Too Many Requeststype errors, where the dependency is hosted on Maven Central.
Highlights:
- Protection Against 429 Errors: To reduce the impact of Maven Central rate limits on Bitrise builds, Gradle dependency and plugin downloads can now be routed through a Bitrise proxy cache.
- Automatic Proxy Usage: Starting April 30, 2026, Bitrise CI builds on all stacks (macOS and Linux) are set up to automatically use the Bitrise proxy cache.
Why This Matters
External dependency infrastructure can become a bottleneck for CI reliability, especially when shared services like Maven Central enforce rate limits. By routing artifact requests through a Bitrise proxy cache, we can help reduce failures caused by upstream throttling and make Gradle builds more resilient.
The Bitrise proxy cache is located in the same data centers as your CI runners, so you can also expect faster dependency downloads.
How To Use The Proxy Cache - Bitrise CI
Starting April 30, 2026, all Bitrise hosted builds are automatically set up to use the Bitrise Proxy Cache.
The previous method for using the proxy cache, adding the Install Android SDK Components step (3.4.6+) or the new Activate Gradle Mirrors step to your workflow will continue to work as well.
How To Use The Proxy Cache - Build Hub
For developers using Bitrise Build Hub, add the following script to your job definition prior to dependency resolution:
curl --retry 5 -sSfL 'https://raw.githubusercontent.com/bitrise-io/bitrise-build-cache-cli/main/install/installer.sh' | sh -s -- -b /tmp/bin -d \
&& BITRISE_MAVENCENTRAL_PROXY_ENABLED=true /tmp/bin/bitrise-build-cache activate gradle-mirrors -d \
|| true
FAQ
- Why use the proxy?
- Maven Central recently introduced tighter rate limits, which resulted in 429 errors for Gradle builds attempting to fetch dependencies. We have introduced this proxy to reduce load on Maven Central so that customer builds complete without error. A convenient side effect is that dependency downloads will complete faster.
- Do I need to do anything if I’m using self-hosted Bitrise Runners?
- No. These recommendations apply only to builds running in Bitrise hosted infrastructure.
- My org has a private or dedicated environment. Does this apply to us?
- Yes, this applies to all Bitrise-hosted builds.
- My build is still failing with a 429 error from Maven Central! What should I do?
- Check the note below on dependency verification, and if that does not solve it, please open a support ticket at support.bitrise.io.
How can I opt out / disable the proxy (short term, to quickly unblock a build)?
If you hit an acute issue (e.g. timeouts) and need to unblock your builds quickly, you can opt out of the proxy.
Update: we now introduced an easier way to opt out, which can be used even on a per build basis: New Env Var to Disable the Bitrise Maven Central Proxy
Note: This is intended only to quickly unblock if you have an acute issue. Long term we encourage the use of our proxy. It reduces load on Maven Central and gives faster dependency downloads, since the proxy is housed in the same data centers as the CI runners.
If you continue to see issues after opting out, please open a support ticket at support.bitrise.io.
Note for projects using Gradle Dependency Verification
The Bitrise Maven Central mirror is now auto-enabled in the Android build VM at boot, so it’s active even if your workflow doesn’t run any of the steps above. If your project uses Gradle Dependency Verification, this can cause your build to fail with an error like:
FAILURE: Build failed with an exception.
* What went wrong:
A problem occurred configuring root project '<your-project>'.
> Dependency verification failed for configuration 'classpath'
N artifacts failed verification:
- <artifact>.jar (<group>:<name>:<version>) from repository MavenRepo
- <artifact>.pom (<group>:<name>:<version>) from repository BitriseMirrorApacheCentral
This can indicate that a dependency has been compromised. Please carefully verify the checksums.
Open this report for more details: file:///bitrise/src/build/reports/dependency-verification/at-<id>/dependency-verification-report.html
The signal that this is the mirror-specific case (and not a generic checksum mismatch) is the from repository BitriseMirrorApacheCentral line.
If you see this, follow the steps in Gradle Dependency Verification fails on Bitrise. What should I do? to update your verification-metadata.xml so it matches the checksums the mirror serves.
