1
0

Clarify credential environment variable inputs (#1134)

* Clarify credential environment variable inputs

Rename credential-related inputs to make their environment-variable semantics explicit while preserving deprecated aliases with migration warnings.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

Copilot-Session: 70a3daa8-dbc9-4eb0-a57b-df198a459315

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
This commit is contained in:
Bruno Borges
2026-07-17 20:10:58 -04:00
committed by GitHub
parent 46f6294045
commit c3d7ccbf81
9 changed files with 184 additions and 75 deletions
+28 -16
View File
@@ -73287,12 +73287,17 @@ const INPUT_PROBLEM_MATCHER = 'problem-matcher';
const INPUT_VERIFY_SIGNATURE = 'verify-signature';
const INPUT_VERIFY_SIGNATURE_PUBLIC_KEY = 'verify-signature-public-key';
const INPUT_SERVER_ID = 'server-id';
const INPUT_SERVER_USERNAME = 'server-username';
const INPUT_SERVER_PASSWORD = 'server-password';
const INPUT_SERVER_USERNAME_ENV_VAR = 'server-username-env-var';
const INPUT_SERVER_PASSWORD_ENV_VAR = 'server-password-env-var';
const INPUT_SERVER_USERNAME_DEPRECATED = 'server-username';
const INPUT_SERVER_PASSWORD_DEPRECATED = 'server-password';
const INPUT_SETTINGS_PATH = 'settings-path';
const INPUT_OVERWRITE_SETTINGS = 'overwrite-settings';
const INPUT_GPG_PRIVATE_KEY = 'gpg-private-key';
const INPUT_GPG_PASSPHRASE = 'gpg-passphrase';
const INPUT_GPG_PASSPHRASE_ENV_VAR = 'gpg-passphrase-env-var';
const INPUT_GPG_PASSPHRASE_DEPRECATED = 'gpg-passphrase';
const INPUT_DEFAULT_SERVER_USERNAME = 'GITHUB_ACTOR';
const INPUT_DEFAULT_SERVER_PASSWORD = 'GITHUB_TOKEN';
const INPUT_DEFAULT_GPG_PRIVATE_KEY = undefined;
const INPUT_DEFAULT_GPG_PASSPHRASE = 'GPG_PASSPHRASE';
// The default name of the environment variable the maven-gpg-plugin reads the
@@ -127359,34 +127364,41 @@ async function verifyPackageSignature(archivePath, signatureUrl, publicKeyConten
async function configureAuthentication() {
const id = getInput(INPUT_SERVER_ID);
const username = getInput(INPUT_SERVER_USERNAME);
const password = getInput(INPUT_SERVER_PASSWORD);
const usernameEnvVar = getInputWithDeprecatedAlias(INPUT_SERVER_USERNAME_ENV_VAR, INPUT_SERVER_USERNAME_DEPRECATED, INPUT_DEFAULT_SERVER_USERNAME);
const passwordEnvVar = getInputWithDeprecatedAlias(INPUT_SERVER_PASSWORD_ENV_VAR, INPUT_SERVER_PASSWORD_DEPRECATED, INPUT_DEFAULT_SERVER_PASSWORD);
const settingsDirectory = getInput(INPUT_SETTINGS_PATH) ||
external_path_.join(external_os_.homedir(), M2_DIR);
const overwriteSettings = util_getBooleanInput(INPUT_OVERWRITE_SETTINGS, true);
const gpgPrivateKey = getInput(INPUT_GPG_PRIVATE_KEY) ||
INPUT_DEFAULT_GPG_PRIVATE_KEY;
const gpgPassphrase = getInput(INPUT_GPG_PASSPHRASE) ||
(gpgPrivateKey ? INPUT_DEFAULT_GPG_PASSPHRASE : undefined);
const gpgPassphraseEnvVar = getInputWithDeprecatedAlias(INPUT_GPG_PASSPHRASE_ENV_VAR, INPUT_GPG_PASSPHRASE_DEPRECATED, gpgPrivateKey ? INPUT_DEFAULT_GPG_PASSPHRASE : undefined);
if (gpgPrivateKey) {
core_setSecret(gpgPrivateKey);
}
await createAuthenticationSettings(id, username, password, settingsDirectory, overwriteSettings, gpgPassphrase);
await createAuthenticationSettings(id, usernameEnvVar, passwordEnvVar, settingsDirectory, overwriteSettings, gpgPassphraseEnvVar);
if (gpgPrivateKey) {
info('Importing private gpg key');
const keyFingerprint = (await importKey(gpgPrivateKey)) || '';
saveState(STATE_GPG_PRIVATE_KEY_FINGERPRINT, keyFingerprint);
}
}
async function createAuthenticationSettings(id, username, password, settingsDirectory, overwriteSettings, gpgPassphrase = undefined) {
function getInputWithDeprecatedAlias(inputName, deprecatedInputName, defaultValue) {
const value = getInput(inputName);
const deprecatedValue = getInput(deprecatedInputName);
if (deprecatedValue) {
warning(`The '${deprecatedInputName}' input is deprecated and may be removed in a future release. Please use '${inputName}' instead.`);
}
return value || deprecatedValue || defaultValue || '';
}
async function createAuthenticationSettings(id, usernameEnvVar, passwordEnvVar, settingsDirectory, overwriteSettings, gpgPassphraseEnvVar = undefined) {
info(`Creating ${MVN_SETTINGS_FILE} with server-id: ${id}`);
// when an alternate m2 location is specified use only that location (no .m2 directory)
// otherwise use the home/.m2/ path
await mkdirP(settingsDirectory);
await write(settingsDirectory, generate(id, username, password, gpgPassphrase), overwriteSettings);
await write(settingsDirectory, generate(id, usernameEnvVar, passwordEnvVar, gpgPassphraseEnvVar), overwriteSettings);
}
// only exported for testing purposes
function generate(id, username, password, gpgPassphrase) {
function generate(id, usernameEnvVar, passwordEnvVar, gpgPassphraseEnvVar) {
const xmlObj = {
settings: {
'@xmlns': 'http://maven.apache.org/SETTINGS/1.0.0',
@@ -127397,8 +127409,8 @@ function generate(id, username, password, gpgPassphrase) {
server: [
{
id: id,
username: `\${env.${username}}`,
password: `\${env.${password}}`
username: `\${env.${usernameEnvVar}}`,
password: `\${env.${passwordEnvVar}}`
}
]
}
@@ -127410,13 +127422,13 @@ function generate(id, username, password, gpgPassphrase) {
// otherwise the plugin already reads the right variable and no extra settings
// are needed. Writing `gpg.passphrase` to settings.xml is deprecated and fails
// when the plugin's `bestPractices` mode is enabled.
if (gpgPassphrase &&
gpgPassphrase !== MAVEN_GPG_PASSPHRASE_DEFAULT_ENV) {
if (gpgPassphraseEnvVar &&
gpgPassphraseEnvVar !== MAVEN_GPG_PASSPHRASE_DEFAULT_ENV) {
xmlObj.settings.profiles = {
profile: {
id: GPG_PASSPHRASE_PROFILE_ID,
properties: {
'gpg.passphraseEnvName': gpgPassphrase
'gpg.passphraseEnvName': gpgPassphraseEnvVar
}
}
};