Hide credentials for all projects in build.gradle - gradle

My private repo which is loaded from bintray used for all projects and needs credentials:
allprojects {
jcenter()
repositories {
maven {
url "http://myurl.bintray.com/sdk"
credentials {
username 'JohnDoe'
password 'somePassword'
}
}
}
}
What's the best way to hide them?
Is it possible without creating new instance of Properties?
Properties properties = new Properties()
properties.load(project.rootProject.file('local.properties').newDataInputStream())

One way to do it is to set properties in the user specific file $HOME/.gradle/gradle.properties:
thePassword=somePassword
and in the build.gradle file:
credentials {
username 'JohnDoe'
password thePassword
}

Repositories{
maven{
name='tomRepo'
url=''
credentials(PasswordCredentials)
}
}
run a command in the console like this
./gradlew build --refresh-dependecies -PtomsRepoUsername=aws -PtomRepoPassword=$TOMS_REPO_PASSWORD

Related

How to provide credentials for global init.gradle pluginManagement for Gradle 5.6.2+?

After the recent security fixes in Gradle 5.6.2+, we're unable to use global plugin management in init.gradle script.
The section, which is described in the Gradle documentation does not provide any help about using Nexus server requiring authentication.
The workaround I've found is following: I had to manually hardcode credentials inside of the script even though the nexusUsername and nexusPassword is already defined in gradle.properties.
allprojects {
repositories {
mavenLocal()
maven {
url "https://nexus-repo-requiring-auth/"
credentials {
username nexusUsername
password nexusPassword
}
}
}
settingsEvaluated { settings ->
settings.pluginManagement.repositories {
//This is a workaround, because the global properties are not available here
def localNexusUsername = "nexusUser1"
def localNexusPassword = "nexusPass1"
maven {
url "https://nexus-repo-requiring-auth/"
credentials {
username localNexusUsername
password localNexusPassword
}
}
}
}
Is there a way, how to read global variables inside of the settingsEvaluated block? Or any other way to define the plugin repository?
It's not a solution, but a different work-around. I found that if I defined my plugin repositories in the settings.gradle file it was able to read the variables:
pluginManagement {
repositories {
maven {
authentication {
basic(BasicAuthentication)
}
url "https://artifactory.redacted.com/gradle-plugins-mirror/"
credentials {
username "$artifactory_user"
password "$artifactory_password"
}
}
}
}
This worked better for me as we add the ~/.gradle/init.gradle file for each user, so everyone uses the same internal mirors.

Gradle - Conditionally add configuration

I have a gradle project with configuration below
apply plugin: 'java'
apply plugin: 'maven'
repositories {
mavenCentral()
maven {
credentials {
username "$System.env.REPOSITORY_USER"
password "$System.env.REPOSITORY_PWD"
}
url "$System.env.REPOSITORY_HOME" + /nexus/content/groups/public/"
}
}
Ideally only the build server should know the repository username and password that has publish rights, everyone else should have read only access (the credentials block should not be applied). Is there a way I could conditionally add the credentials block based on if both REPOSITORY_USER and REPOSITORY_PWD is populated?
I'm open to better solutions if you have any suggestions!
Try to use something like this:
repositories {
mavenCentral()
}
if (System.env.REPOSITORY_USER != null && System.env.REPOSITORY_PWD != null) {
repositories {
maven {
// Setup here what you need
credentials {
}
}
}
}

Can I add a custom repository to gradle.properties?

I'd like to be able to define a repository in settings (ideally user gradle.properties)
The end goal is something like this:
repositories {
mavenCentral() // Can't/don't want to use this
nexusCentral() // Can use these - on network Nexus server
nexusSnapshot()
}
How would I go about doing this? Again, this would go in the user-level gradle.properties file ideally, so we don't have to reference it in every single module.
This is just a plain maven style artifact repository provided by Maven, the manual way would be:
maven {
url "http://path/to/nexus"
}
One other requirement is the use of the "publish" task, which has credentials defined for a repository (that Jenkins uses to publish the module):
publishing {
...
maven {
url "http://path/to/nexus"
// Jenkins provides these as -P Gradle parameters.
credentials {
username = "${uploaderUser}"
password = "${uploaderPassword}"
}
}
These credentials would not be known to regular users, but would ideally be configured in Jenkin's gradle.properties. We wouldn't want users builds to fail because they can't resolve the credentials - they would never even use the "publish" task.
You can use somenthing like this:
maven {
credentials {
username getCredentialsMavenUsername()
password getCredentialsMavenPassword()
}
url 'xxxxx'
}
/**
* Returns the credential username used by Maven repository
* Set this value in your ~/.gradle/gradle.properties with CREDENTIALS_USERNAME key
* #return
*/
def getCredentialsMavenUsername() {
return hasProperty('CREDENTIALS_USERNAME') ? CREDENTIALS_USERNAME : ""
}
/**
* Returns the credential password used by Maven repository
* Set this value in your ~/.gradle/gradle.properties with CREDENTIALS_PASSWORD key
* #return
*/
def getCredentialsMavenPassword() {
return hasProperty('CREDENTIALS_PASSWORD') ? CREDENTIALS_PASSWORD : ""
}
If the user hasn't the credentials the script doesn't fail.
Not sure if that answers your question, but you can put this in the gradle.properties file:
nexusUrl=http://path/to/nexus
and do this in the build.gradle:
maven {
url project.property(nexusUrl)
}
EDIT:
regarding your credentials, all you should need is something like
if (project.hasProperty('uploaderUser') && project.hasProperty('uploaderPassword')) {
credentials {
username = project.property('uploaderUser')
password = project.property('uploaderPassword')
}
}
Solved this issue by replacing jcenter() in Project/andoird/build.gradle with maven { url 'http://nexusUrl' } under buildscript and allprojects:
buildscript {
repositories {
google()
maven { url 'http://nexusUrl' }
}
dependencies {
classpath 'com.android.tools.build:gradle:3.2.1'
}
}
allprojects {
repositories {
google()
maven { url 'http://nexusUrl' }
}
}
and in fluttersdk/packages/flutter_tools/gradle/flutter.gradle replaced jcenter with maven { url 'http://nexusUrl' } under buildscript:
buildscript {
repositories {
google()
maven { url 'nexusUrl' }
}
dependencies {
classpath 'com.android.tools.build:gradle:3.2.1'
}
}

Unable to reference gradle.properties in script plugin

I am creating a script plugin to reference the ivy repository holding my orgs gradle plugins. My code right now is:
repository.gradle
repositories {
ivy {
credentials {
username = artifactory_user
password = artifactory_password
}
url 'https://ourUrl/artifactory/repoName'
layout "pattern", {
ivy '[organization]/[module]/[revision]/ivy-[revision].xml'
artifact '[organisation]/[module]/[revision]/[artifact]-[revision].[ext]'
}
}
}
Then, in the build.gradle file,
build.gradle
buildscript {
apply from: https://ourUrl/assets/repository.gradle, to: buildscript
dependencies { classpath group: 'ourGrp', name: 'artifactName', version: '1.0.0' }
}
In my gradle.properties file:
gradle.properties
artifactory_user=username
artifactory_password=password
The error message I recieve is this:
What went wrong:
A problem occurred evaluating script.
Could not find property 'artifactory_user' on Credentials [username: null].
Any suggestions for how I can resolve this? I would like to avoid any further impact to the build.gradle file if possible.
This exact question was asked in the gradle forums. I'll paste the working workaround so it won't get lost during relinking or something:
repository.gradle:
repositories {
ivy {
credentials {
username = artifactory_user
password = artifactory_password
}
url 'https://ourUrl/artifactory/repoName'
layout "pattern", {
ivy '[organization]/[module]/[revision]/ivy-[revision].xml'
artifact '[organisation]/[module]/[revision]/[artifact]-[revision].[ext]'
}
}
}
ext.extRepo = repositories
build.gradle:
buildscript {scriptHandler->
apply from: 'https://ourUrl/assets/repository.gradle'
repositories.addAll(extRepo)

repository in grandle.properties instead in build.gradle

is it possible put the repositories configuration in {gradle_home_user}/gradle.properties instead in {project}/build.gradle?
Something like this:
build.gradle
repositories {
maven {
url "maven_url"
credentials {
username = "user"
password = "password"
}
}
}
gradle.properties
repositories.maven.url=maven_url
repositories.maven.credentials.username=user
repositories.maven.credentials.password =password
Yes it is possible. But the property names with dots will need to be accessed using the following notation ${project["my.prop.name"]}. Instead I would recommend using underscores for property separators instead. These can be accessed simply by using ${my_prop_name}.
build.gradle
repositories {
maven {
url "${repositories_maven_url}"
credentials {
username = "${repositories_maven_credentials_username}"
password = "${repositories_maven_credentials_password}"
}
}
}
gradle.properties
repositories_maven_url=maven_url
repositories_maven_credentials_username=user
repositories_maven_credentials_password=password

Resources