Clarify credential environment variable inputs (#1134)
* Clarify credential environment variable inputs Rename credential-related inputs to make their environment-variable semantics explicit while preserving deprecated aliases with migration warnings. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com> Copilot-Session: 70a3daa8-dbc9-4eb0-a57b-df198a459315 * Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
This commit is contained in:
Vendored
+28
-16
@@ -73287,12 +73287,17 @@ const INPUT_PROBLEM_MATCHER = 'problem-matcher';
|
||||
const INPUT_VERIFY_SIGNATURE = 'verify-signature';
|
||||
const INPUT_VERIFY_SIGNATURE_PUBLIC_KEY = 'verify-signature-public-key';
|
||||
const INPUT_SERVER_ID = 'server-id';
|
||||
const INPUT_SERVER_USERNAME = 'server-username';
|
||||
const INPUT_SERVER_PASSWORD = 'server-password';
|
||||
const INPUT_SERVER_USERNAME_ENV_VAR = 'server-username-env-var';
|
||||
const INPUT_SERVER_PASSWORD_ENV_VAR = 'server-password-env-var';
|
||||
const INPUT_SERVER_USERNAME_DEPRECATED = 'server-username';
|
||||
const INPUT_SERVER_PASSWORD_DEPRECATED = 'server-password';
|
||||
const INPUT_SETTINGS_PATH = 'settings-path';
|
||||
const INPUT_OVERWRITE_SETTINGS = 'overwrite-settings';
|
||||
const INPUT_GPG_PRIVATE_KEY = 'gpg-private-key';
|
||||
const INPUT_GPG_PASSPHRASE = 'gpg-passphrase';
|
||||
const INPUT_GPG_PASSPHRASE_ENV_VAR = 'gpg-passphrase-env-var';
|
||||
const INPUT_GPG_PASSPHRASE_DEPRECATED = 'gpg-passphrase';
|
||||
const INPUT_DEFAULT_SERVER_USERNAME = 'GITHUB_ACTOR';
|
||||
const INPUT_DEFAULT_SERVER_PASSWORD = 'GITHUB_TOKEN';
|
||||
const INPUT_DEFAULT_GPG_PRIVATE_KEY = undefined;
|
||||
const INPUT_DEFAULT_GPG_PASSPHRASE = 'GPG_PASSPHRASE';
|
||||
// The default name of the environment variable the maven-gpg-plugin reads the
|
||||
@@ -127359,34 +127364,41 @@ async function verifyPackageSignature(archivePath, signatureUrl, publicKeyConten
|
||||
|
||||
async function configureAuthentication() {
|
||||
const id = getInput(INPUT_SERVER_ID);
|
||||
const username = getInput(INPUT_SERVER_USERNAME);
|
||||
const password = getInput(INPUT_SERVER_PASSWORD);
|
||||
const usernameEnvVar = getInputWithDeprecatedAlias(INPUT_SERVER_USERNAME_ENV_VAR, INPUT_SERVER_USERNAME_DEPRECATED, INPUT_DEFAULT_SERVER_USERNAME);
|
||||
const passwordEnvVar = getInputWithDeprecatedAlias(INPUT_SERVER_PASSWORD_ENV_VAR, INPUT_SERVER_PASSWORD_DEPRECATED, INPUT_DEFAULT_SERVER_PASSWORD);
|
||||
const settingsDirectory = getInput(INPUT_SETTINGS_PATH) ||
|
||||
external_path_.join(external_os_.homedir(), M2_DIR);
|
||||
const overwriteSettings = util_getBooleanInput(INPUT_OVERWRITE_SETTINGS, true);
|
||||
const gpgPrivateKey = getInput(INPUT_GPG_PRIVATE_KEY) ||
|
||||
INPUT_DEFAULT_GPG_PRIVATE_KEY;
|
||||
const gpgPassphrase = getInput(INPUT_GPG_PASSPHRASE) ||
|
||||
(gpgPrivateKey ? INPUT_DEFAULT_GPG_PASSPHRASE : undefined);
|
||||
const gpgPassphraseEnvVar = getInputWithDeprecatedAlias(INPUT_GPG_PASSPHRASE_ENV_VAR, INPUT_GPG_PASSPHRASE_DEPRECATED, gpgPrivateKey ? INPUT_DEFAULT_GPG_PASSPHRASE : undefined);
|
||||
if (gpgPrivateKey) {
|
||||
core_setSecret(gpgPrivateKey);
|
||||
}
|
||||
await createAuthenticationSettings(id, username, password, settingsDirectory, overwriteSettings, gpgPassphrase);
|
||||
await createAuthenticationSettings(id, usernameEnvVar, passwordEnvVar, settingsDirectory, overwriteSettings, gpgPassphraseEnvVar);
|
||||
if (gpgPrivateKey) {
|
||||
info('Importing private gpg key');
|
||||
const keyFingerprint = (await importKey(gpgPrivateKey)) || '';
|
||||
saveState(STATE_GPG_PRIVATE_KEY_FINGERPRINT, keyFingerprint);
|
||||
}
|
||||
}
|
||||
async function createAuthenticationSettings(id, username, password, settingsDirectory, overwriteSettings, gpgPassphrase = undefined) {
|
||||
function getInputWithDeprecatedAlias(inputName, deprecatedInputName, defaultValue) {
|
||||
const value = getInput(inputName);
|
||||
const deprecatedValue = getInput(deprecatedInputName);
|
||||
if (deprecatedValue) {
|
||||
warning(`The '${deprecatedInputName}' input is deprecated and may be removed in a future release. Please use '${inputName}' instead.`);
|
||||
}
|
||||
return value || deprecatedValue || defaultValue || '';
|
||||
}
|
||||
async function createAuthenticationSettings(id, usernameEnvVar, passwordEnvVar, settingsDirectory, overwriteSettings, gpgPassphraseEnvVar = undefined) {
|
||||
info(`Creating ${MVN_SETTINGS_FILE} with server-id: ${id}`);
|
||||
// when an alternate m2 location is specified use only that location (no .m2 directory)
|
||||
// otherwise use the home/.m2/ path
|
||||
await mkdirP(settingsDirectory);
|
||||
await write(settingsDirectory, generate(id, username, password, gpgPassphrase), overwriteSettings);
|
||||
await write(settingsDirectory, generate(id, usernameEnvVar, passwordEnvVar, gpgPassphraseEnvVar), overwriteSettings);
|
||||
}
|
||||
// only exported for testing purposes
|
||||
function generate(id, username, password, gpgPassphrase) {
|
||||
function generate(id, usernameEnvVar, passwordEnvVar, gpgPassphraseEnvVar) {
|
||||
const xmlObj = {
|
||||
settings: {
|
||||
'@xmlns': 'http://maven.apache.org/SETTINGS/1.0.0',
|
||||
@@ -127397,8 +127409,8 @@ function generate(id, username, password, gpgPassphrase) {
|
||||
server: [
|
||||
{
|
||||
id: id,
|
||||
username: `\${env.${username}}`,
|
||||
password: `\${env.${password}}`
|
||||
username: `\${env.${usernameEnvVar}}`,
|
||||
password: `\${env.${passwordEnvVar}}`
|
||||
}
|
||||
]
|
||||
}
|
||||
@@ -127410,13 +127422,13 @@ function generate(id, username, password, gpgPassphrase) {
|
||||
// otherwise the plugin already reads the right variable and no extra settings
|
||||
// are needed. Writing `gpg.passphrase` to settings.xml is deprecated and fails
|
||||
// when the plugin's `bestPractices` mode is enabled.
|
||||
if (gpgPassphrase &&
|
||||
gpgPassphrase !== MAVEN_GPG_PASSPHRASE_DEFAULT_ENV) {
|
||||
if (gpgPassphraseEnvVar &&
|
||||
gpgPassphraseEnvVar !== MAVEN_GPG_PASSPHRASE_DEFAULT_ENV) {
|
||||
xmlObj.settings.profiles = {
|
||||
profile: {
|
||||
id: GPG_PASSPHRASE_PROFILE_ID,
|
||||
properties: {
|
||||
'gpg.passphraseEnvName': gpgPassphrase
|
||||
'gpg.passphraseEnvName': gpgPassphraseEnvVar
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user