diff --git a/.github/workflows/e2e-publishing.yml b/.github/workflows/e2e-publishing.yml
index dd7bd435..c22e22bc 100644
--- a/.github/workflows/e2e-publishing.yml
+++ b/.github/workflows/e2e-publishing.yml
@@ -36,6 +36,10 @@ jobs:
server-username: MAVEN_USERNAME
server-password: MAVEN_CENTRAL_TOKEN
gpg-passphrase: MAVEN_GPG_PASSPHRASE
+ env:
+ MAVEN_USERNAME: ${{ vars.MAVEN_USERNAME }}
+ MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }}
+ MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
- name: Validate settings.xml
run: |
$xmlPath = Join-Path $HOME ".m2" "settings.xml"
@@ -77,6 +81,10 @@ jobs:
server-username: MAVEN_USERNAME
server-password: MAVEN_CENTRAL_TOKEN
gpg-passphrase: MAVEN_GPG_PASSPHRASE
+ env:
+ MAVEN_USERNAME: ${{ vars.MAVEN_USERNAME }}
+ MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }}
+ MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
- name: Validate settings.xml is overwritten
run: |
$xmlPath = Join-Path $HOME ".m2" "settings.xml"
@@ -114,6 +122,10 @@ jobs:
server-password: MAVEN_CENTRAL_TOKEN
overwrite-settings: false
gpg-passphrase: MAVEN_GPG_PASSPHRASE
+ env:
+ MAVEN_USERNAME: ${{ vars.MAVEN_USERNAME }}
+ MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }}
+ MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
- name: Validate that settings.xml is not overwritten
run: |
$xmlPath = Join-Path $HOME ".m2" "settings.xml"
@@ -145,6 +157,10 @@ jobs:
server-password: MAVEN_CENTRAL_TOKEN
gpg-passphrase: MAVEN_GPG_PASSPHRASE
settings-path: ${{ runner.temp }}
+ env:
+ MAVEN_USERNAME: ${{ vars.MAVEN_USERNAME }}
+ MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }}
+ MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
- name: Validate settings.xml location
run: |
$path = Join-Path $env:RUNNER_TEMP "settings.xml"
diff --git a/__tests__/auth.test.ts b/__tests__/auth.test.ts
index 06591da7..0d8e6c7e 100644
--- a/__tests__/auth.test.ts
+++ b/__tests__/auth.test.ts
@@ -1,8 +1,8 @@
-import * as io from '@actions/io';
import * as core from '@actions/core';
+import * as io from '@actions/io';
import * as fs from 'fs';
-import * as path from 'path';
import os from 'os';
+import * as path from 'path';
import * as auth from '../src/auth';
import {M2_DIR, MVN_SETTINGS_FILE} from '../src/constants';
@@ -10,6 +10,14 @@ import {M2_DIR, MVN_SETTINGS_FILE} from '../src/constants';
const m2Dir = path.join(__dirname, M2_DIR);
const settingsFile = path.join(m2Dir, MVN_SETTINGS_FILE);
+// escape xml special characters
+function escapeXml(unsafeStr: string) {
+ return unsafeStr
+ .replace(/&/g, '&')
+ .replace(//g, '>');
+}
+
describe('auth tests', () => {
let spyOSHomedir: jest.SpyInstance;
let spyInfo: jest.SpyInstance;
@@ -157,14 +165,17 @@ describe('auth tests', () => {
const username = 'USER';
const password = '&<>"\'\'"><&';
+ process.env['username'] = username;
+ process.env['password'] = password;
+
const expectedSettings = `
- ${id}
- \${env.${username}}
- \${env.&<>"''"><&}
+ ${escapeXml(id)}
+ ${escapeXml(username)}
+ ${escapeXml(password)}
`;
@@ -178,18 +189,22 @@ describe('auth tests', () => {
const password = '&<>"\'\'"><&';
const gpgPassphrase = 'PASSPHRASE';
+ process.env['username'] = username;
+ process.env['password'] = password;
+ process.env['gpgPassphrase'] = gpgPassphrase;
+
const expectedSettings = `
- ${id}
- \${env.${username}}
- \${env.&<>"''"><&}
+ ${escapeXml(id)}
+ ${escapeXml(username)}
+ ${escapeXml(password)}
gpg.passphrase
- \${env.${gpgPassphrase}}
+ ${escapeXml(gpgPassphrase)}
`;
diff --git a/dist/setup/index.js b/dist/setup/index.js
index f8c70dab..3001e296 100644
--- a/dist/setup/index.js
+++ b/dist/setup/index.js
@@ -122463,9 +122463,9 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
};
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.generate = exports.createAuthenticationSettings = exports.configureAuthentication = void 0;
-const path = __importStar(__nccwpck_require__(71017));
const core = __importStar(__nccwpck_require__(42186));
const io = __importStar(__nccwpck_require__(47351));
+const path = __importStar(__nccwpck_require__(71017));
const fs = __importStar(__nccwpck_require__(57147));
const os = __importStar(__nccwpck_require__(22037));
const xmlbuilder2_1 = __nccwpck_require__(70151);
@@ -122507,7 +122507,19 @@ function createAuthenticationSettings(id, username, password, settingsDirectory,
}
exports.createAuthenticationSettings = createAuthenticationSettings;
// only exported for testing purposes
+function escapeXml(unsafeStr) {
+ return unsafeStr
+ .replace(//g, '>')
+ .replace(/"/g, '"')
+ .replace(/'/g, ''');
+}
function generate(id, username, password, gpgPassphrase) {
+ const escapedUsername = escapeXml(username);
+ const escapedPassword = escapeXml(password);
+ let escapedGpgPassphrase = gpgPassphrase
+ ? escapeXml(gpgPassphrase)
+ : undefined;
const xmlObj = {
settings: {
'@xmlns': 'http://maven.apache.org/SETTINGS/1.0.0',
@@ -122517,8 +122529,8 @@ function generate(id, username, password, gpgPassphrase) {
server: [
{
id: id,
- username: `\${env.${username}}`,
- password: `\${env.${password}}`
+ username: escapedUsername,
+ password: escapedPassword
}
]
}
@@ -122527,7 +122539,7 @@ function generate(id, username, password, gpgPassphrase) {
if (gpgPassphrase) {
const gpgServer = {
id: 'gpg.passphrase',
- passphrase: `\${env.${gpgPassphrase}}`
+ passphrase: escapedGpgPassphrase
};
xmlObj.settings.servers.server.push(gpgServer);
}
diff --git a/docs/advanced-usage.md b/docs/advanced-usage.md
index ede356f9..8686a2fa 100644
--- a/docs/advanced-usage.md
+++ b/docs/advanced-usage.md
@@ -182,7 +182,7 @@ steps:
jdkFile: ${{ runner.temp }}/java_package.tar.gz
java-version: '11.0.0'
architecture: x64
-
+
- run: java -cp java HelloWorldApp
```
@@ -285,7 +285,10 @@ jobs:
server-password: MAVEN_CENTRAL_TOKEN # env variable for token in deploy
gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
-
+ env:
+ MAVEN_USERNAME: ${{ vars.MAVEN_USERNAME }} # set the env variable for username
+ MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }} # set the env variable for token
+ MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} # set the env variable for GPG private key passphrase
- name: Publish to Apache Maven Central
run: mvn deploy
env:
@@ -527,7 +530,7 @@ steps:
## Java-version file
If the `java-version-file` input is specified, the action will try to extract the version from the file and install it.
-Action is able to recognize all variants of the version description according to [jenv](https://github.com/jenv/jenv).
+Action is able to recognize all variants of the version description according to [jenv](https://github.com/jenv/jenv).
Valid entry options:
```
major versions: 8, 11, 16, 17, 21
diff --git a/src/auth.ts b/src/auth.ts
index c8ea6291..7356e9ee 100644
--- a/src/auth.ts
+++ b/src/auth.ts
@@ -1,6 +1,6 @@
-import * as path from 'path';
import * as core from '@actions/core';
import * as io from '@actions/io';
+import * as path from 'path';
import * as fs from 'fs';
import * as os from 'os';
@@ -84,8 +84,8 @@ export function generate(
server: [
{
id: id,
- username: `\${env.${username}}`,
- password: `\${env.${password}}`
+ username: process.env['username'],
+ password: process.env['password']
}
]
}
@@ -95,7 +95,7 @@ export function generate(
if (gpgPassphrase) {
const gpgServer = {
id: 'gpg.passphrase',
- passphrase: `\${env.${gpgPassphrase}}`
+ passphrase: process.env['gpgPassphrase']
};
xmlObj.settings.servers.server.push(gpgServer);
}