I'm trying to use a property in my Maven POM file to specify the URL / username / password to a private repository. I would like to get the value for this property from a settings.xml file (from either the global, user or project settings file) but use the value from a specific environment variable to override any of that if it is set.
I've searched a bunch and I've found some references to using build profiles which doesn't seem to be quite what I need, but then again I'm not very fluent in Maven so I might just be missing something there. I feel like an idiot because I would think this is a pretty common use case.
In general I'm not too keen on defining secrets (passwords or API keys) in environment variables but for now we need to do that to avoid having to change the whole CI pipeline.
Related
Where can I put my credentials in gradle without making them public?
I would like to know some best pratics, and to understand well the difference between inserting them in gradle.properties or as environment variable.
It's important to me know how call them in build script, too.
Thanks in advance
You can put credentials in local.properties if you want to have it locally. You can retrieve them like this:
Properties properties = new Properties()
properties.load(project.rootProject.file('local.properties').newDataInputStream())
def local = properties.getProperty('localVar')
and having local variable in local.properties:
localVar=helloWorld
The best practice would be putting it in an environment variable, in this way, you are able to run your gradle scripts anywhere even in a CI environment.
In build.gradle you can get environment variables by using
System.getenv("ENVIRONMENT_VARIABLE")
I see an edit variable permission that is scoped to the environment. However, it seems like who ever is responsible for setting up the project, would be responsible for creating the variables, where some other security entity would be responsible for only modifying the values, specifically the secure ones. Is this possible?
Edit:
Adding a little more, I suppose I'm asking for permissions based on the project variable set. Only those with the "EditProjectVariableSet" permission would be able to add or remove variables from the project.
Edit:
Added uservoice:
https://octopusdeploy.uservoice.com/forums/170787-general/suggestions/18022360-separate-permission-for-editing-variable-values-wi
In the Configuration->Teams there is a link to Roles.
You could create a new role, for ex: Variable Editor and only assign VariableEdit, VariableEditUnscoped, VariableView, VariableViewUnscoped.
However I don't think you can restrict to a modification only.
I am trying to access the settings object from the root project's build script.
The reason is I want to define a list in the settings.gradle file which will be a list of subprojects, kind of:
settings.gradle
projectNames = ['prjA', 'prjB']
Would like to do something like:
build.gradle (root project)
projectNames = settings.projectNames
// Use projectName in tasks
And then access it in build.gradle for various tasks, such as resolving those names into URLs to git-clone them. However I can't seem to find a way to declare some arbitrary groovy object which is visible between these two scripts. Note I may potentially like that list to be related but not equal to the project names. I guess the question sums up to sharing POGOs between those two files and accessing the settings object.
I'm pretty new to Gradle.
There isn't a way to get to the settings object from a build script. However, both scripts share a gradle object, which you could use to set an extra property in the settings script (e.g. gradle.ext.foo = "bar"), and read it in the build script (e.g. println gradle.foo).
If you need access to the Settings instance from your build.gradle file after the
settings have been loaded and evaluated, you can register a lifecycle closure or listener.
A great place to start is the method Gradle#settingsEvaluated(Closure)
that provides the Settings object as a closure parameter.
with maven you can easily specify settings.xml location, e.g:
mvn -s custom/dir/settings.xml package
Is there a similiar way to specify custom security-settings.xml?
The reasoning behind this is simple: to easily distribute it via a local repository. Now, security is NOT a concern - it's all on the intranet.
This was requested as MNG-4853. Although not implemented directly, a workaround is suggested:
I've verified that -Dsettings.security=path/to/security-settings.xml works
As detailed in the announcement blog post, you can also use the master password relocation feature. Write an ~/.m2/security-settings.xml file with a redirection in it:
<settingsSecurity>
<relocation>/Volumes/mySecureUsb/secret/settings-security.xml</relocation>
</settingsSecurity>
I would like to define a variable on a TC configuration and would like to get its value on a different TC configuration that has a trigger dependency on the first one.
Is it possible to do this?
If both configurations are in the same project, you can define a build configuration template that contains the shared parameter (i.e. variable). Both active configurations must then reference that template -- use the 'Associate with Template' action to accomplish this. The value of the shared parameter must be set in the template in order for the same value to be known to both configurations.
If you're trying to share build numbers (or other system-level parameters) between the configurations, there is a special method for that.
I have to use something like this to actually dynamically change the configuration parameters.
Invoke-WebRequest -Uri "http://build/guestAuth/action.html?add2Queue=bt876&name=env&value=test&name=env.number&value=%target.env.number%" -Method "Get" -Verbose