added blurb about private key file and cleanup for hosted runners

This commit is contained in:
Jared Petersen 2020-07-15 20:16:31 -06:00
parent 7f2382879a
commit 91d166793d
3 changed files with 6 additions and 2 deletions

@ -166,6 +166,8 @@ The two `settings.xml` files created from the above example look like the follow
***NOTE: The `settings.xml` file is created in the Actions $HOME directory. If you have an existing `settings.xml` file at that location, it will be overwritten. See below for using the `settings-path` to change your `settings.xml` file location.*** ***NOTE: The `settings.xml` file is created in the Actions $HOME directory. If you have an existing `settings.xml` file at that location, it will be overwritten. See below for using the `settings-path` to change your `settings.xml` file location.***
If `gpg-private-key` and `gpg-passphrase` inputs are provided, the private key will be written to a file in the runner's temp directory, the private key file will be imported into the GPG keychain, and then the file will be promptly removed before proceeding with the rest of the setup process. A cleanup step will remove the imported private key from the GPG keychain after the job completes regardless of the job status. This ensures that the private key is no longer accessible on self-hosted runners and cannot "leak" between jobs (hosted runners are always clean instances).
See the help docs on [Publishing a Package](https://help.github.com/en/github/managing-packages-with-github-packages/configuring-apache-maven-for-use-with-github-packages#publishing-a-package) for more information on the `pom.xml` file. See the help docs on [Publishing a Package](https://help.github.com/en/github/managing-packages-with-github-packages/configuring-apache-maven-for-use-with-github-packages#publishing-a-package) for more information on the `pom.xml` file.
## Publishing using Gradle ## Publishing using Gradle

@ -4,6 +4,7 @@ import * as path from 'path';
import * as core from '@actions/core'; import * as core from '@actions/core';
import * as io from '@actions/io'; import * as io from '@actions/io';
import {create as xmlCreate} from 'xmlbuilder2'; import {create as xmlCreate} from 'xmlbuilder2';
import * as constants from './constants';
export const M2_DIR = '.m2'; export const M2_DIR = '.m2';
export const SETTINGS_FILE = 'settings.xml'; export const SETTINGS_FILE = 'settings.xml';
@ -24,8 +25,8 @@ export async function configAuthentication(
// when an alternate m2 location is specified use only that location (no .m2 directory) // when an alternate m2 location is specified use only that location (no .m2 directory)
// otherwise use the home/.m2/ path // otherwise use the home/.m2/ path
const settingsDirectory: string = path.join( const settingsDirectory: string = path.join(
core.getInput('settings-path') || os.homedir(), core.getInput(constants.INPUT_SETTINGS_PATH) || os.homedir(),
core.getInput('settings-path') ? '' : M2_DIR core.getInput(constants.INPUT_SETTINGS_PATH) ? '' : M2_DIR
); );
await io.mkdirP(settingsDirectory); await io.mkdirP(settingsDirectory);
core.debug(`created directory ${settingsDirectory}`); core.debug(`created directory ${settingsDirectory}`);

@ -6,6 +6,7 @@ export const INPUT_JDK_FILE = 'jdkFile';
export const INPUT_SERVER_ID = 'server-id'; export const INPUT_SERVER_ID = 'server-id';
export const INPUT_SERVER_USERNAME = 'server-username'; export const INPUT_SERVER_USERNAME = 'server-username';
export const INPUT_SERVER_PASSWORD = 'server-password'; export const INPUT_SERVER_PASSWORD = 'server-password';
export const INPUT_SETTINGS_PATH = 'settings-path';
export const INPUT_GPG_PRIVATE_KEY = 'gpg-private-key'; export const INPUT_GPG_PRIVATE_KEY = 'gpg-private-key';
export const INPUT_GPG_PASSPHRASE = 'gpg-passphrase'; export const INPUT_GPG_PASSPHRASE = 'gpg-passphrase';