Close and release artifact on maven central using gradle - gradle

I have this gradle script:
def configureUploadArtifacts(groupId, repoUrl, _packaging) {
def gpgKeyId = System.getenv('GPG_KEY_ID')
def gpgPassword = System.getenv('GPG_KEY_PASSWORD')
def gpgFile = System.getenv('PATH_TO_GPG_FILE')
project.group = groupId;
project.archivesBaseName = name
project.version = getVersionNameFromFile()
ext."signing.keyId" = gpgKeyId
ext."signing.password" = gpgPassword
ext."signing.secretKeyRingFile" = gpgFile
uploadArchives {
apply plugin: 'maven'
apply plugin: 'signing'
signing {
sign configurations.archives
}
def userName = System.getenv('OSSRH_USER_NAME');
def password = System.getenv('OSSRH_PASSWORD');
repositories {
mavenDeployer {
beforeDeployment { MavenDeployment deployment -> signing.signPom(deployment) }
repository(url: "https://oss.sonatype.org/service/local/staging/deploy/maven2/") {
authentication(userName: userName, password: password)
}
snapshotRepository(url: "https://oss.sonatype.org/content/repositories/snapshots/") {
authentication(userName: userName, password: password)
}
pom.project {
name "${project.name}"
packaging "${_packaging}"
// optionally artifactId can be defined here
description 'A collection of core tools I use'
url "http://github.com/${repoUrl}"
scm {
connection "scm:git:git://github.com/${repoUrl}.git"
developerConnection "scm:git:ssh://github.com/${repoUrl}.git"
url "http://github.com/${repoUrl}/tree/master"
}
licenses {
license {
name 'The Apache License, Version 2.0'
url 'http://www.apache.org/licenses/LICENSE-2.0.txt'
}
}
developers {
developer {
id 'TacB0sS'
name 'My Name'
email 'My Email'
}
}
}
}
}
}
}
I use it on my Jenkins server and it works wonderfully.
I would like it also to close and release the artifacts...
How do I do that?

Solution was to add the following to the root build.gradle file:
ext."oss-releases.username" = System.getenv('OSSRH_USER_NAME')
ext."oss-releases.password" = System.getenv('OSSRH_PASSWORD')
ext."oss-releases.url" = "https://oss.sonatype.org/index.html#stagingRepositories"
apply plugin: 'nexus-workflow'
And run the following from the command line:
bash gradlew nexusStagingRelease
DONE!

You can use gradle-release on your script. It works similar as maven-release-plugin (removes SNAPSHOT from version, builds, create tags, deploys artifacts and updates to the next development version):
apply plugin: 'net.researchgate.release'
In Jenkins, using release plugin, you will need to configure the unattended release:
gradle release -Prelease.useAutomaticVersion=true \
-Prelease.releaseVersion=$VERSION \
-Prelease.newVersion=$NEXT_VERSION

Related

Unable to publish a gradle Jar artifact to a sonatype repository

I am following instructions in the Sonatype documentation for publishing a gradle project.
I have the following gradle version.
$ ./gradlew --version
------------------------------------------------------------
Gradle 7.6
------------------------------------------------------------
Build time: 2022-11-25 13:35:10 UTC
Revision: daece9dbc5b79370cc8e4fd6fe4b2cd400e150a8
Kotlin: 1.7.10
Groovy: 3.0.13
Ant: Apache Ant(TM) version 1.10.11 compiled on July 10 2021
JVM: 1.8.0_181 (Oracle Corporation 25.181-b13)
OS: Mac OS X 10.16 x86_64
When I try to use the uploadArchives task as given in their example, I get the following error:
$ ./gradlew uploadArchives
FAILURE: Build failed with an exception.
* Where:
Build file '/Users/ferozed/stash/libs/mask-json-field-transform/build.gradle' line: 167
* What went wrong:
A problem occurred evaluating root project 'mask-json-field-transform'.
> Could not find method uploadArchives() for arguments [build_6yphclnk6m8p3rtmq5h7m56li$_run_closure12#19fbeecd] on root project 'mask-json-field-transform' of type org.gradle.api.Project.
This is my build.gradle file
buildscript {
repositories {
gradlePluginPortal()
}
dependencies {
classpath 'gradle.plugin.com.github.johnrengelman:shadow:7.1.2'
}
}
plugins {
id 'java' // so that we can use 'implementation', 'testImplementation' for dependencies
id 'maven-publish'
id 'signing'
}
apply plugin: 'maven-publish'
apply plugin: 'signing'
apply plugin: 'com.github.johnrengelman.shadow'
repositories {
jcenter()
mavenCentral()
maven {
url = "https://packages.confluent.io/maven"
}
maven {
url = "https://jitpack.io"
}
}
group = 'io.github.ferozed.kafka.connect'
version = '0.1'
dependencies {
// Kafka
implementation group: 'org.apache.kafka', name: 'connect-api', version: '3.3.1'
implementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.14.1'
implementation 'com.github.jcustenborder.kafka.connect:connect-utils:0.7.173'
implementation 'com.github.jcustenborder.kafka.connect:kafka-connect-transform-common:0.1.0.14'
//test
testImplementation(platform('org.junit:junit-bom:5.9.0'))
testImplementation('org.junit.jupiter:junit-jupiter')
testImplementation("io.mockk:mockk:1.9.2")
}
sourceSets {
main {
java {
srcDirs = ["src/main/java"]
}
resources {
srcDirs = ["src/main/avro", "src/main/resources"]
}
}
test {
java {
srcDirs = ["src/test/java"]
}
}
}
test {
useJUnitPlatform()
testLogging {
events "passed", "skipped", "failed"
}
}
task javadocJar(type: Jar) {
classifier = 'javadoc'
from javadoc
}
task sourcesJar(type: Jar) {
classifier = 'sources'
from sourceSets.main.allSource
}
tasks.withType(AbstractArchiveTask).configureEach {
preserveFileTimestamps = false
reproducibleFileOrder = true
}
plugins.withId("com.github.johnrengelman.shadow"){
//this block requires the java plugin to be applied first.
plugins.withId("java"){
shadowJar {
//We are overriding the default jar to be the shadow jar
classifier = null
exclude 'META-INF'
exclude 'META-INF/*.INF'
exclude 'META-INF/license/*'
}
jar {
manifest {
attributes(
'Built-By' : System.properties['user.name'],
'Build-Timestamp': new java.text.SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSSZ").format(new Date()),
'Created-By' : "Gradle ${gradle.gradleVersion}",
'Build-Jdk' : "${System.properties['java.version']} (${System.properties['java.vendor']} ${System.properties['java.vm.version']})",
'Build-OS' : "${System.properties['os.name']} ${System.properties['os.arch']} ${System.properties['os.version']}"
)
}
}
tasks.build.dependsOn tasks.shadowJar
tasks.shadowJar.mustRunAfter tasks.jar
tasks.shadowJar.mustRunAfter tasks.javadocJar
tasks.shadowJar.mustRunAfter tasks.sourcesJar
}
}
publishing {
publications {
mavenJava(MavenPublication) {
pom {
name = 'Mask Json Field Transform'
description = 'A kafka connect transform to remove the value of a sensitive field in a json document.'
url = 'https://github.com/ferozed/mask-json-field-transform'
properties = [
myProp: "value",
"prop.with.dots": "anotherValue"
]
licenses {
license {
name = 'The Apache License, Version 2.0'
url = 'http://www.apache.org/licenses/LICENSE-2.0.txt'
}
}
developers {
developer {
id = 'ferozes'
name = 'Feroze Daud'
email = 'ferozed.oss#gmail.com'
}
}
scm {
connection = 'scm:git:git#github.com:ferozed/mask-json-field-transform.git'
developerConnection = 'scm:git:git#github.com:ferozed/mask-json-field-transform.git'
url = 'https://github.com/ferozed/mask-json-field-transform'
}
}
}
}
}
signing {
sign configurations.archives
sign publishing.publications.mavenJava
}
tasks.signArchives.dependsOn tasks.shadowJar
artifacts {
archives javadocJar, sourcesJar
}
uploadArchives {
repositories {
mavenDeployer {
beforeDeployment { deployment -> signing.signPom(deployment) }
repository(url: "https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/") {
authentication(userName: ossrhUsername, password: ossrhPassword)
}
snapshotRepository(url: "https://s01.oss.sonatype.org/content/repositories/snapshots/") {
authentication(userName: ossrhUsername, password: ossrhPassword)
}
pom.project {
name 'Example Application'
packaging 'jar'
// optionally artifactId can be defined here
description 'A kafka connect transform to remove the value of a sensitive field in a json document.'
url 'https://github.com/ferozed/mask-json-field-transform'
scm {
connection 'scm:svn:http://foo.googlecode.com/svn/trunk/'
developerConnection 'scm:svn:https://foo.googlecode.com/svn/trunk/'
url 'https://github.com/ferozed/mask-json-field-transform'
}
licenses {
license {
name 'The Apache License, Version 2.0'
url 'http://www.apache.org/licenses/LICENSE-2.0.txt'
}
}
developers {
developer {
id 'ferozed'
name 'Feroze Daud'
email 'feroz#gmail.com'
}
}
}
}
}
}
What am I doing wrong?
First and foremost, you may not need to 'fix the error' so to speak, in that it appears the problematic code MAY be able to be outright deleted. However...
To fix the error...
Could not find method uploadArchives() for arguments [build_6yphclnk6m8p3rtmq5h7m56li$_run_closure12#19fbeecd] on root project 'mask-json-field-transform' of type org.gradle.api.Project.
This is telling us that uploadArchives is not valid. See immediately below.
I believe you may need to use the maven plugin to access this functionality.
https://github.com/siddeshbg/gradle-uploadArchives/blob/master/README.md
to do this, add:
id 'maven'
to your plugins{}
block.
The above example explains that the maven plugin is responsible for doing this
The Maven plugin adds support for deploying artifacts to Maven repositories
It is worth considering also that the author of the above repository claims:
This is the legacy publishing mechanism, should not be used in newer
builds
Now... on to the better solution, forgetting the maven plugin, in favor of the maven-publish plugin you're already using...
I do not personally work with Maven often enough to know what other mechanisms one should use, but Google suggests that perhaps the maven-publish plugin you're using might do this WITHOUT the 'uploadArchives{}' portion of your code that is causing the error.
See:
https://docs.gradle.org/current/userguide/publishing_maven.html
Per this page, it would seem the entire uploadArchives block is unnecessary

Gradle signArchives unable to read Secret Key

I am trying to publish my Java Library to Maven Central. A part of this involves using the signing gradle plugin to sign the artifacts. I need to sign it without using the keyring file as document here as I cant provide my CI secure access to the key ring file.
However when I do this my build fails with:
FAILURE: Build failed with an exception.
* What went wrong:
Could not evaluate onlyIf predicate for task ':signArchives'.
> Could not read PGP secret key
What am I doing wrong? I presume it is related to my GPG_SIGNING_KEY.
I used the full private key from the response of gpg --list-secret-keys --keyid-format LONG. Is this not correct?
My build.gradle
apply plugin: 'java'
apply plugin: 'signing'
apply plugin: 'maven'
apply from: 'publish.gradle'
sourceCompatibility = 1.8
repositories {
mavenCentral()
}
dependencies {
compile group: 'org.apache.httpcomponents', name: 'httpclient', version: '4.5.3'
testCompile 'junit:junit:4.11'
}
task Wrapper(type: Wrapper) {
gradleVersion = '5.6.2'
}
My publish.gradle
apply plugin: 'maven'
apply plugin: 'signing'
def isReleaseBuild() {
return !VERSION.contains("SNAPSHOT")
}
def getReleaseRepositoryUrl() {
return 'https://oss.sonatype.org/service/local/staging/deploy/maven2/'
}
def getSnapshotRepositoryUrl() {
return 'https://oss.sonatype.org/content/repositories/snapshots/'
}
afterEvaluate { project ->
uploadArchives {
repositories {
mavenDeployer {
beforeDeployment { MavenDeployment deployment -> signing.signPom(deployment) }
repository(url: getReleaseRepositoryUrl()) {
def ossrhUsername = OSSRH_USERNAME
def ossrhPassword = OSSRH_PASSWORD
authentication(userName: ossrhUsername, password: ossrhPassword)
}
snapshotRepository(url: getSnapshotRepositoryUrl()) {
def ossrhUsername = OSSRH_USERNAME
def ossrhPassword = OSSRH_PASSWORD
authentication(userName: ossrhUsername, password: ossrhPassword)
}
pom.groupId = GROUP_ID
pom.artifactId = ARTIFACT_ID
pom.version = VERSION
pom.project {
name ARTIFACT_ID
packaging PROJECT_PACKAGING
description PROJECT_DESCRIPTION
url PROJECT_URL
scm {
url SCM_URL
connection SCM_CONNECTION
}
licenses {
license {
name LICENSE_NAME
url LICENSE_URL
}
}
organization {
name = ORGANIZATION_NAME
url = ORGANIZATION_URL
}
developers {
developer {
id DEVELOPER_ID
name DEVELOPER_NAME
email DEVELOPER_EMAIL
}
}
}
}
}
signing {
required { isReleaseBuild() && gradle.taskGraph.hasTask("uploadArchives") }
def signingKey = GPG_SIGNING_KEY
def signingPassword = GPG_SIGNING_PASSWORD
useInMemoryPgpKeys(signingKey, signingPassword)
sign configurations.archives
}
task javadocJar(type: Jar) {
classifier = 'javadoc'
from javadoc
}
task sourcesJar(type: Jar) {
classifier = 'sources'
from sourceSets.main.allSource
}
artifacts {
archives javadocJar, sourcesJar
}
}
}
And with gradle.properties
RELEASE_REPOSITORY_URL='https://oss.sonatype.org/service/local/staging/deploy/maven2/'
SNAPSHOT_REPOSITORY_URL='https://oss.sonatype.org/content/repositories/snapshots/'
GPG_SIGNING_KEY=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
GPG_SIGNING_PASSWORD=the password used to encrypt the key
OSSRH_USERNAME=my ossrh username
OSSRH_PASSWORD=my ossrh password
VERSION=1.0.0
GROUP_ID=com.example
ARTIFACT_ID=project-name
PROJECT_PACKAGING=...
PROJECT_DESCRIPTION=...
PROJECT_URL=...
SCM_URL=...
SCM_CONNECTION=...
LICENSE_NAME=Apache License, Version 2.0
LICENSE_URL=...
ORGANIZATION_NAME=...
ORGANIZATION_URL=...
DEVELOPER_ID=...
DEVELOPER_NAME=...
DEVELOPER_EMAIL=...
As you suspected, it’s the format of the secret PGP key that is wrong here. The useInMemoryPgpKeys method expects an “ascii-armored in-memory PGP secret key”. gpg --list-secret-keys is only meant for human consumption and doesn’t even show the ‘content’ of the secret key.
You can get the key in the correct format using gpg --armor --export-secret-keys foobar#example.com instead. Use your own key ID (as returned by gpg --list-secret-keys) or email address instead of foobar#example.com.
To make use of the exported key in the gradle.properties file, you need to escape the newline characters. For example, you could append a new, working line for your GPG_SIGNING_KEY property like so:
gpg --armor --export-secret-keys foobar#example.com \
| awk 'NR == 1 { print "GPG_SIGNING_KEY=" } 1' ORS='\\n' \
>> gradle.properties
(See this answer for an explanation of the main awk magic that is used here.)
With your gradle.properties file updated as described (and using your build scripts), I could successfully sign my dummy JAR files with ./gradlew signArchives.

Gradle Artifactory deploy fails when using generated gradle.properties

I have the following build.gradle file:
plugins {
id 'java-gradle-plugin'
id 'com.gradle.plugin-publish' version '0.10.1'
id 'groovy'
id 'maven-publish'
id "com.jfrog.artifactory" version "4.9.1"
}
group = 'de.gafertp'
version = '2.0.0'
repositories {
mavenCentral()
}
dependencies {
compile 'net.sourceforge.plantuml:plantuml:1.2019.1'
testCompile 'org.junit.jupiter:junit-jupiter-api:5.4.0'
testCompile 'org.junit-pioneer:junit-pioneer:0.3.0'
testRuntime 'org.junit.jupiter:junit-jupiter-engine:5.4.0'
}
gradlePlugin {
plugins {
plantUmlPlugin {
id = 'de.gafertp.plantuml'
displayName = 'Gradle PlantUML Plugin'
description = 'A very simple plugin to render PlantUML files. ' +
'Takes a set of diagram files together with desired output files / formats ' +
'and renders them with PlantUML (http://plantuml.com/).'
implementationClass = 'de.gafertp.PlantUmlPlugin'
}
}
}
pluginBundle {
website = 'https://github.com/codecholeric/gradle-plantuml-plugin'
vcsUrl = 'https://github.com/codecholeric/gradle-plantuml-plugin'
tags = ['plantuml']
}
publishing {
publications {
plantUmlPluginJar(MavenPublication) {
from components.java
}
}
}
artifactory {
contextUrl = "${artifactory_contextUrl}"
publish {
repository {
repoKey = 'gradle-dev-local'
username = "${artifactory_user}"
password = "${artifactory_password}"
println "username=${artifactory_user}"
println "password=${artifactory_password}"
maven = true
}
defaults {
publications('plantUmlPluginJar')
}
}
resolve {
repository {
repoKey = 'gradle-dev'
username = "${artifactory_user}"
password = "${artifactory_password}"
maven = true
}
}
}
test {
useJUnitPlatform()
}
And this gradle.properties file:
artifactory_user=${security.getCurrentUsername()}
artifactory_password=${security.getEncryptedPassword()!"blahblah"}
artifactory_contextUrl=http://localhost:8081/artifactory
The build fails with the following error:
Execution failed for task ':artifactoryDeploy'.
> java.io.IOException: Failed to deploy file. Status code: 401 Response message: Artifactory returned the following errors:
Unauthorized Status code: 401
If we take a look at the printed username and password, we see this:
username=${security.getCurrentUsername()}
password=${security.getEncryptedPassword()!"blahblah"}
Gradle takes the properties values as literal strings instead of evaluating them. So the issue seems to be that the security object cannot be found, because if I replace the properties in build.gradle file with their values directly, the following error occurs:
A problem occurred evaluating root project 'gradle-plantuml-plugin'.
> Could not get unknown property 'security' for object of type org.jfrog.gradle.plugin.artifactory.dsl.DoubleDelegateWrapper.
What am I doing wrong? The deploy works fine when using plaintext username and password, but I would like to use the auto-generated way of logging in (using an encrypted password).
It seems that gradle.properties should look like this:
username=your_username
password=blahblah
We suppose that blahblah is your encrypted password.

Confused about process to publish snapshots to BinTray

I want to investigate publishing Hibernate ORM jars to Bintray. However one requirement we have is to be able to publish snapshots, which I see Bintray now supports through this OJO repository. However, I am quite confused about how this is supposed to work after reading the documentation.
First, the documentation mentions that I should be able to request publishing to JCenter and at the same time be able to request to be able to publish snapshots. However, I see no such options: https://bintray.com/hibernate/artifacts/hibernate-orm
Secondly, after I get the account on OJO set up, what, if anything, do I need to do special with the Bintray/Gradle plugin?
After many trial and errors I've ended up with the following setup.
We use 2 different plugins for publishing:
snapshots and release publishing (using com.jfrog.artifactory) and
bintray-related activities (using com.jfrog.bintray) in gradle (in the project p6spy).
Relevant parts from the build.gradle file follow, please note the specifics of the project :
plugins {
...
// to publish !SNAPSHOTs to bintray and sync it to maven-central
// ./gradlew bintrayUpload
id 'com.jfrog.bintray' version '1.7.3'
// to publish SNAPSHOTs and !SNAPSHOTs to oss.jfrog.org
// ./gradlew artifactoryPublish
id 'com.jfrog.artifactory' version '4.5.2'
}
publishing {
publications {
maven(MavenPublication) {
from components.java
groupId project.group
artifactId project.archivesBaseName
version project.version
...
pom {
packaging 'jar'
withXml {
asNode().children().last() + {
def builder = delegate
// maven central publishing mandatories
builder.name project.name
builder.description description
builder.url 'https://github.com/p6spy/p6spy'
builder.licenses {
builder.license {
builder.name 'The Apache Software License, Version 2.0'
builder.url 'http://www.apache.org/licenses/LICENSE-2.0.txt'
builder.distribution 'repo'
}
}
builder.scm {
builder.url 'http://github.com/p6spy/p6spy'
builder.connection 'scm:git:git://github.com/p6spy/p6spy.git'
builder.developerConnection 'scm:git:ssh://github.com:p6spy/p6spy.git'
}
builder.developers {
builder.developer {
builder.name 'Quinton McCombs'
builder.email 'quinton.mccombs#gmail.com'
}
builder.developer {
builder.name 'Peter Butkovic'
builder.email 'butkovic#gmail.com'
}
builder.developer {
builder.name 'Felix Barnsteiner'
builder.email 'felix.barnsteiner#isys-software.de'
}
}
// maven central publishing optionals
builder.issueManagement {
builder.system 'github'
builder.url 'https://github.com/p6spy/p6spy/issues'
}
builder.ciManagement {
builder.system 'Travis CI'
builder.url 'https://travis-ci.org/p6spy/p6spy'
}
}
}
}
}
}
}
// to publish SNAPSHOTs to http://oss.jfrog.org/oss-snapshot-local/
// and !SNAPSHOTs to http://oss.jfrog.org/oss-release-local/
artifactory {
contextUrl = 'https://oss.jfrog.org'
resolve {
repository {
repoKey = 'libs-release'
}
}
publish {
repository {
// The Artifactory repository key to publish to
// when using oss.jfrog.org the credentials are from Bintray.
if (project.version.endsWith("-SNAPSHOT")) {
repoKey = 'oss-snapshot-local'
} else {
repoKey = 'oss-release-local'
}
username = System.getenv('BINTRAY_USER')
password = System.getenv('BINTRAY_API_KEY')
}
defaults {
publications 'maven'
properties = [ 'bintray.repo': 'p6spy/maven', 'bintray.package': 'p6spy:p6spy', 'bintray.version': project.version.toString() ]
}
}
}
// to publish to bintray and later sync to maven-central
bintray {
user = System.getenv('BINTRAY_USER')
key = System.getenv('BINTRAY_API_KEY')
publications = ['maven']
// dryRun = true
// publish = true
pkg {
repo = 'maven'
name = 'p6spy:p6spy'
userOrg = group
desc = description
websiteUrl = 'https://github.com/p6spy/p6spy'
issueTrackerUrl = 'https://github.com/p6spy/p6spy/issues'
vcsUrl = 'https://github.com/p6spy/p6spy.git'
licenses = ['Apache-2.0']
publicDownloadNumbers = true
githubRepo = 'p6spy/p6spy'
githubReleaseNotesFile = 'docs/releasenotes.md'
version {
released = new Date()
name = project.version
vcsTag = "p6spy-${project.version}"
// Optional configuration for Maven Central sync of the version
mavenCentralSync {
sync = true //[Default: true] Determines whether to sync the version to Maven Central.
close = '1' //Optional property. By default the staging repository is closed and artifacts are released to Maven Central. You can optionally turn this behaviour off (by puting 0 as value) and release the version manually.
user = System.getenv('SONATYPE_USERNAME') //OSS user token: mandatory
password = System.getenv('SONATYPE_PASSWORD') //OSS user password: mandatory
}
}
}
}
UPDATE
Published:
snapshots are in: http://oss.jfrog.org/oss-snapshot-local/p6spy/p6spy/ (I just followed official docs: https://www.jfrog.com/confluence/display/RTF/Deploying+Snapshots+to+oss.jfrog.org)
releases end up in: http://oss.jfrog.org/oss-release-local/p6spy/p6spy/ and are later auto-synced to maven central: http://repo1.maven.org/maven2/p6spy/p6spy/

How to publish to Nexus the artifact generated by a Gradle project in Jenkins

I have a Gradle project with the following uploadArchives configuration to publish its artifact to Nexus:
uploadArchives {
repositories {
mavenDeployer {
repository(url: 'http://releasesrepo')
snapshotRepository(url: 'http://snapshotsrepo')
}
}
}
As you see there are no credentials in this configuration.
This build will be run from Jenkins as a Freestyle project so I will just have to specify in Build - Invoke Gradle Script - Tasks -> build upload
What's the right way to configure the Nexus credentials from Jenkins and pass them to the Gradle taks (I don't want them in the Git repo with the source code)?
There are three different ways:
1.Using environmental variables
def nexusUser = hasProperty('nexusUsername') ? nexusUsername : System.getenv('nexusUsername')
def nexusPassword = hasProperty('nexusPassword') ? nexusPassword : System.getenv('nexusPassword')
def nexusReleaseUrl = hasProperty('nexusReleaseUrl') ? nexusReleaseUrl : System.getenv('nexusReleaseUrl')
def nexusSnapshotUrl = hasProperty('nexusSnapshotUrl') ? nexusSnapshotUrl : System.getenv('nexusSnapshotUrl')
repositories {
mavenDeployer {
repository(url: nexusReleaseUrl) {
authentication(userName: nexusUser, password: nexusPassword);
}
snapshotRepository(url: nexusSnapshotUrl) {
authentication(userName: nexusUser, password: nexusPassword);
}
}
}
2.Using ~/.gradle/gradle.properties (remember is under the user jenkins)
nexusUser=user
nexusPass=password
uploadArchives {
def nexusUser = "${nexusUsername}"
def nexusPassword = "${nexusPassword}"
repositories {
mavenDeployer {
repository(url: 'your nexus releases') {
authentication(userName: nexusUser, password: nexusPassword);
}
snapshotRepository(url: 'your nexus snapshot') {
authentication(userName: nexusUser, password: nexusPassword);
}
}
}
}
3.Using the global credentials
You have an example here (it is for Travis) if you want to have a look

Resources