From 1765316b39473e6ef4b6618862fef0251ba465c4 Mon Sep 17 00:00:00 2001 From: Jacek Poreda Date: Thu, 25 Jan 2024 17:44:51 +0100 Subject: [PATCH] SONAR-21476 Enable JFrog authentication explicitly (cherry picked from commit 931fa6aceb18d2ee06f8389325ab8c37e61e2d40) --- .cirrus.yml | 1 + build.gradle | 42 +++++++++++++++++++++++++++++++----------- 2 files changed, 32 insertions(+), 11 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index ff697d440a5..0c02ff81bc6 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -1,6 +1,7 @@ env: GRADLE_OPTS: -Dorg.gradle.jvmargs="-XX:+PrintFlagsFinal -XshowSettings:vm -XX:+HeapDumpOnOutOfMemoryError -XX:+UnlockExperimentalVMOptions -Djava.security.egd=file:/dev/./urandom -Dfile.encoding=UTF8 -Duser.language=en -Duser.country=US" # to be replaced by other credentials + ARTIFACTORY_URL: VAULT[development/kv/data/repox data.url] ARTIFACTORY_PRIVATE_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader ARTIFACTORY_PRIVATE_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token] ARTIFACTORY_DEPLOY_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer diff --git a/build.gradle b/build.gradle index 7ecd7e2ba1d..431cb948799 100644 --- a/build.gradle +++ b/build.gradle @@ -63,22 +63,42 @@ allprojects { repositories { def repository = project.hasProperty('qa') ? 'sonarsource-qa' : 'sonarsource' + // The environment variables ARTIFACTORY_PRIVATE_USERNAME and ARTIFACTORY_PRIVATE_PASSWORD are used on QA env (Jenkins) + // On local box, please add artifactoryUsername and artifactoryPassword to ~/.gradle/gradle.properties + def artifactoryUsername = System.env.'ARTIFACTORY_PRIVATE_USERNAME' ?: (project.hasProperty('artifactoryUsername') ? project.getProperty('artifactoryUsername') : '') + def artifactoryPassword = System.env.'ARTIFACTORY_PRIVATE_PASSWORD' ?: (project.hasProperty('artifactoryPassword') ? project.getProperty('artifactoryPassword') : '') + def artifactoryUrl = System.getenv('ARTIFACTORY_URL') ?: (project.hasProperty('artifactoryUrl') ? project.getProperty('artifactoryUrl') : '') + + if (artifactoryUrl == '') { + throw new GradleException('Invalid artifactoryUrl') + } + maven { - // The environment variables ARTIFACTORY_PRIVATE_USERNAME and ARTIFACTORY_PRIVATE_PASSWORD are used on QA env (Jenkins) - // On local box, please add artifactoryUsername and artifactoryPassword to ~/.gradle/gradle.properties - def artifactoryUsername = System.env.'ARTIFACTORY_PRIVATE_USERNAME' ?: (project.hasProperty('artifactoryUsername') ? project.getProperty('artifactoryUsername') : '') - def artifactoryPassword = System.env.'ARTIFACTORY_PRIVATE_PASSWORD' ?: (project.hasProperty('artifactoryPassword') ? project.getProperty('artifactoryPassword') : '') - if (!artifactoryUsername || ! artifactoryPassword) { - - // Workaround for artifactory - // https://www.jfrog.com/jira/browse/RTFACT-13797 - repository = 'public' - } - url "https://repox.jfrog.io/repox/${repository}" + if (artifactoryPassword) { + authentication { + header(HttpHeaderAuthentication) + } + credentials(HttpHeaderCredentials) { + name = "Authorization" + value = "Bearer $artifactoryPassword" + } + } else { + // Workaround for artifactory + // https://www.jfrog.com/jira/browse/RTFACT-13797 + repository = 'public' + } + url "${artifactoryUrl}/${repository}" } ivy { if (artifactoryUsername && artifactoryPassword) { url "${artifactoryUrl}/sonarsource-bucket" + authentication { + header(HttpHeaderAuthentication) + } + credentials(HttpHeaderCredentials) { + name = "Authorization" + value = "Bearer $artifactoryPassword" + } patternLayout { artifact '/[organisation]/[module]/[module]-[revision].[ext]' -- 2.39.5