Added support for configuring multiple maven repositories with separate usernames and passwords

2025-05-19 08:16:32 +00:00 · 2025-05-13 01:08:03 +05:30 · 2025-05-13 01:08:03 +05:30 · bfbdaa62d8
commit bfbdaa62d8
parent f4f1212c88
9 changed files with 4641 additions and 4399 deletions
--- a/.github/workflows/e2e-publishing.yml
+++ b/.github/workflows/e2e-publishing.yml
@ -151,3 +151,45 @@ jobs:
          if (-not (Test-Path $path)) {
            throw "settings.xml file is not found in expected location"
          }
  test-publishing-multiple-repositories-with-gpg-passphrase:
    name: Validate settings.xml
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
      matrix:
        os: [macos-latest, windows-latest, ubuntu-latest]
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: setup-java
        uses: ./
        id: setup-java
        with:
          distribution: 'adopt'
          java-version: '11'
          mvn-repositories-len: 2
          server-id-0: maven-0
          server-username-0: MAVEN_USERNAME-0
          server-password-0: MAVEN_CENTRAL_TOKEN-0
          server-id-1: maven-1
          server-username-1: MAVEN_USERNAME-1
          server-password-1: MAVEN_CENTRAL_TOKEN-1
          gpg-passphrase: MAVEN_GPG_PASSPHRASE
      - name: Validate settings.xml
        run: |
          $xmlPath = Join-Path $HOME ".m2" "settings.xml"
          Get-Content $xmlPath | ForEach-Object { Write-Host $_ }
          [xml]$xml = Get-Content $xmlPath
          $servers = $xml.settings.servers.server
          if (($servers[0].id -ne 'maven-0') -or ($servers[0].username -ne '${env.MAVEN_USERNAME-0}') -or ($servers[0].password -ne '${env.MAVEN_CENTRAL_TOKEN-0}')) {
            throw "Generated XML file is incorrect"
          }
          if (($servers[1].id -ne 'maven-1') -or ($servers[0].username -ne '${env.MAVEN_PASSWORD-1}') -or ($servers[1].password -ne '${env.MAVEN_CENTRAL_TOKEN-1}')) {
            throw "Generated XML file is incorrect"
          }
          if (($servers[1].id -ne 'gpg.passphrase') -or ($servers[1].passphrase -ne '${env.MAVEN_GPG_PASSPHRASE}')) {
            throw "Generated XML file is incorrect"
          }
--- a/tests/auth.test.ts
+++ b/tests/auth.test.ts
@ -43,9 +43,7 @@ describe('auth tests', () => {
    await io.rmRF(altHome); // ensure it doesn't already exist
    await auth.createAuthenticationSettings(
-      id,
+      [{id, username, password}],
      username,
      password,
      altHome,
      true
    );
@ -56,7 +54,7 @@ describe('auth tests', () => {
    expect(fs.existsSync(altHome)).toBe(true);
    expect(fs.existsSync(altSettingsFile)).toBe(true);
    expect(fs.readFileSync(altSettingsFile, 'utf-8')).toEqual(
-      auth.generate(id, username, password)
+      auth.generate([{id, username, password}])
    );
    await io.rmRF(altHome);
@ -68,9 +66,7 @@ describe('auth tests', () => {
    const password = 'TOKEN';
    await auth.createAuthenticationSettings(
-      id,
+      [{id, username, password}],
      username,
      password,
      m2Dir,
      true
    );
@ -78,7 +74,7 @@ describe('auth tests', () => {
    expect(fs.existsSync(m2Dir)).toBe(true);
    expect(fs.existsSync(settingsFile)).toBe(true);
    expect(fs.readFileSync(settingsFile, 'utf-8')).toEqual(
-      auth.generate(id, username, password)
+      auth.generate([{id, username, password}])
    );
  }, 100000);
@ -89,18 +85,15 @@ describe('auth tests', () => {
    const gpgPassphrase = 'GPG';
    await auth.createAuthenticationSettings(
-      id,
+      [{id, username, password, gpgPassphrase}],
      username,
      password,
      m2Dir,
-      true,
+      true
      gpgPassphrase
    );
    expect(fs.existsSync(m2Dir)).toBe(true);
    expect(fs.existsSync(settingsFile)).toBe(true);
    expect(fs.readFileSync(settingsFile, 'utf-8')).toEqual(
-      auth.generate(id, username, password, gpgPassphrase)
+      auth.generate([{id, username, password, gpgPassphrase}])
    );
  }, 100000);
@ -115,9 +108,7 @@ describe('auth tests', () => {
    expect(fs.existsSync(settingsFile)).toBe(true);
    await auth.createAuthenticationSettings(
-      id,
+      [{id, username, password}],
      username,
      password,
      m2Dir,
      true
    );
@ -125,7 +116,7 @@ describe('auth tests', () => {
    expect(fs.existsSync(m2Dir)).toBe(true);
    expect(fs.existsSync(settingsFile)).toBe(true);
    expect(fs.readFileSync(settingsFile, 'utf-8')).toEqual(
-      auth.generate(id, username, password)
+      auth.generate([{id, username, password}])
    );
  }, 100000);
@ -140,9 +131,7 @@ describe('auth tests', () => {
    expect(fs.existsSync(settingsFile)).toBe(true);
    await auth.createAuthenticationSettings(
-      id,
+      [{id, username, password}],
      username,
      password,
      m2Dir,
      false
    );
@ -169,7 +158,7 @@ describe('auth tests', () => {
  </servers>
 </settings>`;
-    expect(auth.generate(id, username, password)).toEqual(expectedSettings);
+    expect(auth.generate([{id, username, password}])).toEqual(expectedSettings);
  });
  it('generates valid settings.xml with additional configuration', () => {
@ -194,8 +183,50 @@ describe('auth tests', () => {
  </servers>
 </settings>`;
-    expect(auth.generate(id, username, password, gpgPassphrase)).toEqual(
+    expect(
-      expectedSettings
+      auth.generate([
-    );
+        {id, username, password},
        {id: 'gpg.passphrase', gpgPassphrase: gpgPassphrase}
      ])
    ).toEqual(expectedSettings);
  });
  it('generates valid settings.xml for multiple repositories', () => {
    const id0 = 'packages0';
    const username0 = 'USER0';
    const password0 = '&<>"\'\'"><&0';
    const id1 = 'packages1';
    const username1 = 'USER1';
    const password1 = '&<>"\'\'"><&1';
    const gpgPassphrase = 'PASSPHRASE';
    const expectedSettings = `<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd">
  <servers>
    <server>
      <id>${id0}</id>
      <username>\${env.${username0}}</username>
      <password>\${env.&amp;&lt;&gt;"''"&gt;&lt;&amp;0}</password>
    </server>
    <server>
      <id>${id1}</id>
      <username>\${env.${username1}}</username>
      <password>\${env.&amp;&lt;&gt;"''"&gt;&lt;&amp;1}</password>
    </server>
    <server>
      <id>gpg.passphrase</id>
      <passphrase>\${env.${gpgPassphrase}}</passphrase>
    </server>
  </servers>
 </settings>`;
    expect(
      auth.generate([
        {id: id0, username: username0, password: password0},
        {id: id1, username: username1, password: password1},
        {id: 'gpg.passphrase', gpgPassphrase: gpgPassphrase}
      ])
    ).toEqual(expectedSettings);
  });
 });
--- a/action.yml
+++ b/action.yml
@ -39,6 +39,33 @@ inputs:
       authentication to the Apache Maven repository. Default is $GITHUB_TOKEN'
    required: false
    default: 'GITHUB_TOKEN'
  mvn-repositories-len:
    description: 'Number of Maven repositories being configured - Only applicable if more than one Maven repository is being configured'
    required: false
  server-id-0:
    description: 'ID of the first distributionManagement repository in the pom.xml
       file - Only applicable if more than one Maven repository is being configured'
    required: false
  server-username-0:
    description: 'Environment variable name for the username for authentication
       to the first Maven repository - Only applicable if more than one Maven repository is being configured'
    required: false
  server-password-0:
    description: 'Environment variable name for password or token for
       authentication to the first Maven repository - Only applicable if more than one Maven repository is being configured'
    required: false
  server-id-1:
    description: 'ID of the second distributionManagement repository in the pom.xml
       file - Only applicable if more than one Maven repository is being configured'
    required: false
  server-username-1:
    description: 'Environment variable name for the username for authentication
       to the second Maven repository - Only applicable if more than one Maven repository is being configured'
    required: false
  server-password-1:
    description: 'Environment variable name for password or token for
       authentication to the second Maven repository - Only applicable if more than one Maven repository is being configured'
    required: false
  settings-path:
    description: 'Path to where the settings.xml file will be written. Default is ~/.m2.'
    required: false
--- a/dist/cleanup/index.js
+++ b/dist/cleanup/index.js
@ -93365,7 +93365,7 @@ else {
 "use strict";
 Object.defineProperty(exports, "__esModule", ({ value: true }));
-exports.DISTRIBUTIONS_ONLY_MAJOR_VERSION = exports.INPUT_MVN_TOOLCHAIN_VENDOR = exports.INPUT_MVN_TOOLCHAIN_ID = exports.MVN_TOOLCHAINS_FILE = exports.MVN_SETTINGS_FILE = exports.M2_DIR = exports.STATE_GPG_PRIVATE_KEY_FINGERPRINT = exports.INPUT_JOB_STATUS = exports.INPUT_CACHE_DEPENDENCY_PATH = exports.INPUT_CACHE = exports.INPUT_DEFAULT_GPG_PASSPHRASE = exports.INPUT_DEFAULT_GPG_PRIVATE_KEY = exports.INPUT_GPG_PASSPHRASE = exports.INPUT_GPG_PRIVATE_KEY = exports.INPUT_OVERWRITE_SETTINGS = exports.INPUT_SETTINGS_PATH = exports.INPUT_SERVER_PASSWORD = exports.INPUT_SERVER_USERNAME = exports.INPUT_SERVER_ID = exports.INPUT_CHECK_LATEST = exports.INPUT_JDK_FILE = exports.INPUT_DISTRIBUTION = exports.INPUT_JAVA_PACKAGE = exports.INPUT_ARCHITECTURE = exports.INPUT_JAVA_VERSION_FILE = exports.INPUT_JAVA_VERSION = exports.MACOS_JAVA_CONTENT_POSTFIX = void 0;
+exports.DISTRIBUTIONS_ONLY_MAJOR_VERSION = exports.INPUT_MVN_TOOLCHAIN_VENDOR = exports.INPUT_MVN_TOOLCHAIN_ID = exports.MVN_TOOLCHAINS_FILE = exports.MVN_SETTINGS_FILE = exports.M2_DIR = exports.STATE_GPG_PRIVATE_KEY_FINGERPRINT = exports.INPUT_JOB_STATUS = exports.INPUT_CACHE_DEPENDENCY_PATH = exports.INPUT_CACHE = exports.INPUT_DEFAULT_GPG_PASSPHRASE = exports.INPUT_DEFAULT_GPG_PRIVATE_KEY = exports.INPUT_GPG_PASSPHRASE = exports.INPUT_GPG_PRIVATE_KEY = exports.INPUT_OVERWRITE_SETTINGS = exports.INPUT_SETTINGS_PATH = exports.INPUT_SERVER_PASSWORD = exports.INPUT_SERVER_USERNAME = exports.INPUT_SERVER_ID = exports.INPUT_NUM_MVN_REPOS = exports.INPUT_CHECK_LATEST = exports.INPUT_JDK_FILE = exports.INPUT_DISTRIBUTION = exports.INPUT_JAVA_PACKAGE = exports.INPUT_ARCHITECTURE = exports.INPUT_JAVA_VERSION_FILE = exports.INPUT_JAVA_VERSION = exports.MACOS_JAVA_CONTENT_POSTFIX = void 0;
 exports.MACOS_JAVA_CONTENT_POSTFIX = 'Contents/Home';
 exports.INPUT_JAVA_VERSION = 'java-version';
 exports.INPUT_JAVA_VERSION_FILE = 'java-version-file';
@ -93374,6 +93374,7 @@ exports.INPUT_JAVA_PACKAGE = 'java-package';
 exports.INPUT_DISTRIBUTION = 'distribution';
 exports.INPUT_JDK_FILE = 'jdkFile';
 exports.INPUT_CHECK_LATEST = 'check-latest';
 exports.INPUT_NUM_MVN_REPOS = 'mvn-repositories-len';
 exports.INPUT_SERVER_ID = 'server-id';
 exports.INPUT_SERVER_USERNAME = 'server-username';
 exports.INPUT_SERVER_PASSWORD = 'server-password';
--- a/dist/setup/index.js
+++ b/dist/setup/index.js
--- a/docs/advanced-usage.md
+++ b/docs/advanced-usage.md
@ -411,6 +411,85 @@ The two `settings.xml` files created from the above example look like the follow
 If you don't want to overwrite the `settings.xml` file, you can set `overwrite-settings: false`
 ### Multiple repositories
 There might be instances where you will need to change the version to/from release/snapshot. That will require specifying two maven repositories - one for release versions, one for snapshot versions.
 #### Yaml example
 ```yaml
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - name: Set up JDK 11
      uses: actions/setup-java@v4
      with:
        distribution: '<distribution>'
        java-version: '11'
    - name: Build with Maven
      run: mvn -B package --file pom.xml
    - name: Publish to GitHub Packages Apache Maven
      run: mvn deploy
      env:
        GITHUB_TOKEN: ${{ github.token }} # GITHUB_TOKEN is the default env for the password
    - name: Set up Apache Maven Central
      uses: actions/setup-java@v4
      with: # running setup-java again overwrites the settings.xml
        distribution: 'temurin'
        java-version: '11'
        mvn-repositories-len: 2
        server-id-0: artifactory # Value of the distributionManagement/repository/id field of the pom.xml
        server-username-0: ARTIFACTORY_USERNAME # env variable for username in deploy
        server-password-0: ARTIFACTORY_TOKEN # env variable for token in deploy
        server-id-1: snapshot-artifactory # Value of the distributionManagement/repository/id field of the pom.xml
        server-username-1: SNAPSHOT_ARTIFACTORY_USERNAME # env variable for username in deploy
        server-password-1: SNAPSHOT_ARTIFACTORY_TOKEN # env variable for token in deploy
        gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
        gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
    - name: Publish to Apache Maven Central
      run: mvn deploy
      env:
        ARTIFACTORY_USERNAME: maven_username123
        ARTIFACTORY_TOKEN: ${{ secrets.ARTIFACTORY_USERNAME }}
        SNAPSHOT_ARTIFACTORY_USERNAME: snapshot_maven_username123
        SNAPSHOT_ARTIFACTORY_TOKEN: ${{ secrets.SNAPSHOT_ARTIFACTORY_TOKEN }}
        MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
 ```
 Here `mvn-repositories-len` specifies how many artifactories we're configuring here. In this example, the value is 2. In this case, the action will look for `server-id-0`, `server-username-0`, `server-password-0`, `server-id-1`, `server-username-1` and `server-password-1`.
 Depending on the value of `mvn-repositories-len`, the number of entries that will be looked for will vary. But it is looking for 0 based indexing with the max value less than the value of `mvn-repositories-len`.
 `settings.xml` file created for the deployment to the Maven Artifactory
 ```xml
 <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd">
  <servers>
    <server>
      <id>artifactory</id>
      <username>${env.ARTIFACTORY_USERNAME}</username>
      <password>${env.ARTIFACTORY_TOKEN}</password>
    </server>
    <server>
      <id>snapshot-artifactory</id>
      <username>${env.SNAPSHOT_ARTIFACTORY_USERNAME}</username>
      <password>${env.SNAPSHOT_ARTIFACTORY_TOKEN}</password>
    </server>
    <server>
      <id>gpg.passphrase</id>
      <passphrase>${env.MAVEN_GPG_PASSPHRASE}</passphrase>
    </server>
  </servers>
 </settings>
 ```
 ### Extra setup for pom.xml:
 The Maven GPG Plugin configuration in the pom.xml file should contain the following structure to avoid possible issues like `Inappropriate ioctl for device` or `gpg: signing failed: No such file or directory`:
--- a/src/auth.ts
+++ b/src/auth.ts
@ -9,11 +9,11 @@ import {create as xmlCreate} from 'xmlbuilder2';
 import * as constants from './constants';
 import * as gpg from './gpg';
 import {getBooleanInput} from './util';
 import {MvnSettingDefinition} from './mvn.setting.definition';
 export async function configureAuthentication() {
-  const id = core.getInput(constants.INPUT_SERVER_ID);
+  const numMvnRepos = core.getInput(constants.INPUT_NUM_MVN_REPOS);
-  const username = core.getInput(constants.INPUT_SERVER_USERNAME);
+  const mvnSettings: Array<MvnSettingDefinition> = [];
  const password = core.getInput(constants.INPUT_SERVER_PASSWORD);
  const settingsDirectory =
    core.getInput(constants.INPUT_SETTINGS_PATH) ||
    path.join(os.homedir(), constants.M2_DIR);
@ -21,24 +21,19 @@ export async function configureAuthentication() {
    constants.INPUT_OVERWRITE_SETTINGS,
    true
  );
-  const gpgPrivateKey =
+  let gpgPrivateKey;
-    core.getInput(constants.INPUT_GPG_PRIVATE_KEY) ||
+  if (numMvnRepos === '' || core.getInput(constants.INPUT_GPG_PRIVATE_KEY)) {
-    constants.INPUT_DEFAULT_GPG_PRIVATE_KEY;
+    gpgPrivateKey = populateMvnSettings(mvnSettings);
-  const gpgPassphrase =
+  } else {
-    core.getInput(constants.INPUT_GPG_PASSPHRASE) ||
+    for (let i = 0; i < parseInt(numMvnRepos); i++) {
-    (gpgPrivateKey ? constants.INPUT_DEFAULT_GPG_PASSPHRASE : undefined);
+      populateMvnSettings(mvnSettings, i);
-
+    }
  if (gpgPrivateKey) {
    core.setSecret(gpgPrivateKey);
  }
  await createAuthenticationSettings(
-    id,
+    mvnSettings,
    username,
    password,
    settingsDirectory,
-    overwriteSettings,
+    overwriteSettings
    gpgPassphrase
  );
  if (gpgPrivateKey) {
@ -48,32 +43,61 @@ export async function configureAuthentication() {
  }
 }
 function populateMvnSettings(
  mvnSettings: Array<MvnSettingDefinition>,
  idx = -1
 ): string | undefined {
  const id = core.getInput(getIndexedInputName(constants.INPUT_SERVER_ID, idx));
  const username = core.getInput(
    getIndexedInputName(constants.INPUT_SERVER_USERNAME, idx)
  );
  const password = core.getInput(
    getIndexedInputName(constants.INPUT_SERVER_PASSWORD, idx)
  );
  if (username !== '' && password !== '') {
    mvnSettings.push({id: id, username: username, password: password});
  }
  if (idx === -1) {
    const gpgPrivateKey =
      core.getInput(
        getIndexedInputName(constants.INPUT_GPG_PRIVATE_KEY, idx)
      ) || constants.INPUT_DEFAULT_GPG_PRIVATE_KEY;
    const gpgPassphrase =
      core.getInput(getIndexedInputName(constants.INPUT_GPG_PASSPHRASE, idx)) ||
      (gpgPrivateKey ? constants.INPUT_DEFAULT_GPG_PASSPHRASE : undefined);
    if (gpgPrivateKey) {
      core.setSecret(gpgPrivateKey);
    }
    if (gpgPassphrase) {
      mvnSettings.push({id: 'gpg.passphrase', gpgPassphrase: gpgPassphrase});
      return gpgPrivateKey;
    }
  }
  return undefined;
 }
 function getIndexedInputName(inputName: string, idx: number): string {
  return inputName + (idx >= 0 ? '-' + idx : '');
 }
 export async function createAuthenticationSettings(
-  id: string,
+  mvnSettings: Array<MvnSettingDefinition>,
  username: string,
  password: string,
  settingsDirectory: string,
-  overwriteSettings: boolean,
+  overwriteSettings: boolean
  gpgPassphrase: string | undefined = undefined
 ) {
-  core.info(`Creating ${constants.MVN_SETTINGS_FILE} with server-id: ${id}`);
+  core.info(`Creating ${constants.MVN_SETTINGS_FILE}`);
  // when an alternate m2 location is specified use only that location (no .m2 directory)
  // otherwise use the home/.m2/ path
  await io.mkdirP(settingsDirectory);
-  await write(
+  await write(settingsDirectory, generate(mvnSettings), overwriteSettings);
    settingsDirectory,
    generate(id, username, password, gpgPassphrase),
    overwriteSettings
  );
 }
 // only exported for testing purposes
-export function generate(
+export function generate(mvnSettings: Array<MvnSettingDefinition>) {
  id: string,
  username: string,
  password: string,
  gpgPassphrase?: string | undefined
 ) {
  const xmlObj: {[key: string]: any} = {
    settings: {
      '@xmlns': 'http://maven.apache.org/SETTINGS/1.0.0',
@ -81,24 +105,27 @@ export function generate(
      '@xsi:schemaLocation':
        'http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd',
      servers: {
-        server: [
+        server: []
          {
            id: id,
            username: `\${env.${username}}`,
            password: `\${env.${password}}`
          }
        ]
      }
    }
  };
-  if (gpgPassphrase) {
+  mvnSettings.forEach(mvnSetting => {
-    const gpgServer = {
+    if (mvnSetting.username && mvnSetting.password) {
-      id: 'gpg.passphrase',
+      xmlObj.settings.servers.server.push({
-      passphrase: `\${env.${gpgPassphrase}}`
+        id: mvnSetting.id,
-    };
+        username: `\${env.${mvnSetting.username}}`,
-    xmlObj.settings.servers.server.push(gpgServer);
+        password: `\${env.${mvnSetting.password}}`
-  }
+      });
    }
    if (mvnSetting.gpgPassphrase) {
      xmlObj.settings.servers.server.push({
        id: mvnSetting.id,
        passphrase: `\${env.${mvnSetting.gpgPassphrase}}`
      });
    }
  });
  return xmlCreate(xmlObj).end({
    headless: true,
--- a/src/constants.ts
+++ b/src/constants.ts
@ -6,6 +6,7 @@ export const INPUT_JAVA_PACKAGE = 'java-package';
 export const INPUT_DISTRIBUTION = 'distribution';
 export const INPUT_JDK_FILE = 'jdkFile';
 export const INPUT_CHECK_LATEST = 'check-latest';
 export const INPUT_NUM_MVN_REPOS = 'mvn-repositories-len';
 export const INPUT_SERVER_ID = 'server-id';
 export const INPUT_SERVER_USERNAME = 'server-username';
 export const INPUT_SERVER_PASSWORD = 'server-password';
--- a/src/mvn.setting.definition.ts
+++ b/src/mvn.setting.definition.ts
@ -0,0 +1,6 @@
 export interface MvnSettingDefinition {
  id: string;
  username?: string;
  password?: string;
  gpgPassphrase?: string;
 }