在何处放置不应提交的Gradle配置(即凭据)?

我正在尝试将Gradle构建的工件部署到Maven repo,我需要为此指定凭据。这目前工作得很好:

uploadArchives {
repositories {
mavenDeployer {
repository(url: "http://.../nexus/content/repositories/snapshots/") {
authentication(userName: "admin", password: "admin123")
}
}
}
}

但我不喜欢必须将凭据存储在源代码控制中。使用Maven,我将定义一个服务器配置,并在我的~/.m2/settings.xml中分配凭据。如何使用Gradle执行类似操作?

158989 次浏览
小开

You could put the credentials in a properties file and read it using something like this:

Properties props = new Properties()
props.load(new FileInputStream("yourPath/credentials.properties"))
project.setProperty('props', props)

Another approach is to define environment variables at the OS level and read them using:

System.getenv()['YOUR_ENV_VARIABLE']
小开
最佳答案

~/.gradle/gradle.properties:

mavenUser=admin
mavenPassword=admin123

build.gradle:

...
authentication(userName: mavenUser, password: mavenPassword)
小开

You could also supply variables on the command line with -PmavenUser=user -PmavenPassword=password.

This might be useful you can't use a gradle.properties file for some reason. E.g. on a build server we're using Gradle with the -g option so that each build plan has it's own GRADLE_HOME.

小开

If you have user specific credentials ( i.e each developer might have different username/password ) then I would recommend using the gradle-properties-plugin.

  1. Put defaults in gradle.properties
  2. Each developer overrides with gradle-local.properties ( this should be git ignored ).

This is better than overriding using $USER_HOME/.gradle/gradle.properties because different projects might have same property names.

Note that the plugin actually adds gradle-${environment}.properties where the default for ${environment} is local, and has additional features. Read the link before using it.

小开

First answer is still valid, but the API has changed in the past. Since my edit there wasn't accepted I post it as separate answer.

The method authentication() is only used to provide the authentication method (e.g. Basic) but not any credentials.

You also shouldn't use it since it's printing the credentials plain on failure!

This his how it should look like in your build.gradle

    maven {
credentials {
username "$mavenUser"
password "$mavenPassword"
}
url 'https://maven.yourcorp.net/'
}

In gradle.properties in your userhome dir put:

mavenUser=admin
mavenPassword=admin123

Also ensure that the GRADLE_USER_HOME is set to ~/.gradle otherwise the properties file there won't be resolved.

See also:

https://docs.gradle.org/current/userguide/build_environment.html

and

https://docs.gradle.org/current/userguide/dependency_management.html (23.6.4.1)

小开

For those of you who are building on a MacOS, and don't like leaving your password in clear text on your machine, you can use the keychain tool to store the credentials and then inject it into the build. Credits go to Viktor Eriksson. https://pilloxa.gitlab.io/posts/safer-passwords-in-gradle/

小开

build.gradle

apply from: "./build.gradle.local"
...
authentication(userName: project.ext.mavenUserName, password: project.ext.mavenPassword)

build.gradle.local (git ignored)

project.ext.mavenUserName=admin
project.ext.mavenPassword=admin123
小开

As per the 7.1.1 gradle document, we have the syntax for setting repositories with credentials as below, the below code snippet should be in build.gradle file of the project

repositories {
maven {
url "http://repo.mycompany.com"
credentials {
username "user"
password "password"
}
}

The above is to showcase the syntax changes in the gradle 7.x.x This can be altered to make password as a variable as shown in the approved solution above.


提交答案