actions/setup-java
2
0
Fork 0
mirror of https://github.com/actions/setup-java.git synced 2025-03-13 17:47:03 +00:00
Code Issues Projects Releases Packages Wiki Activity

Add MTLS credentials setup for maven

Browse source 
Add MTLS setup credentials incldufing GHA parameters
to be able to use maven for accessing MTLS protected
maven repo
This commit is contained in:
Pavel Gonchukov 2021-02-18 15:04:27 +01:00
parent ff0054dfbf
commit aed95a356a
No known key found for this signature in database
GPG key ID: AA78DD4317B862F7
14 changed files with 23078 additions and 11818 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
.github/ISSUE_TEMPLATE/bug_report.md vendored
View file

@ -1,32 +0,0 @@
---
name: Bug report
about: Create a bug report
title: ''
labels: bug, needs triage
assignees: ''
---
**Description:**
A clear and concise description of what the bug is.
**Task version:**
Specify the task version
**Platform:**
- [ ] Ubuntu
- [ ] macOS
- [ ] Windows
**Runner type:**
- [ ] Hosted
- [ ] Self-hosted
**Repro steps:**
A description with steps to reproduce the issue. If your have a public example or repo to share, please provide the link.
**Expected behavior:**
A description of what you expected to happen.
**Actual behavior:**
A description of what is actually happening.

1
.github/ISSUE_TEMPLATE/config.yml vendored
View file

@ -1 +0,0 @@
blank_issues_enabled: false

16
.github/ISSUE_TEMPLATE/feature_request.md vendored
View file

@ -1,16 +0,0 @@
---
name: Feature request
about: Suggest an idea for this project
title: ''
labels: feature request, needs triage
assignees: ''
---
**Description:**
Describe your proposal.
**Justification:**
Justification or a use case for your proposal.
**Are you willing to submit a PR?**
<!--- We accept contributions! -->

20
.github/workflows/licensed.yml vendored
View file

@ -1,20 +0,0 @@
name: Licensed
on:
push: {branches: main}
pull_request: {branches: main}
jobs:
test:
runs-on: ubuntu-latest
name: Check licenses
steps:
- uses: actions/checkout@v2
- run: npm ci
- name: Install licensed
run: |
cd $RUNNER_TEMP
curl -Lfs -o licensed.tar.gz https://github.com/github/licensed/releases/download/2.12.2/licensed-2.12.2-linux-x64.tar.gz
sudo tar -xzf licensed.tar.gz
sudo mv licensed /usr/local/bin/licensed
- run: licensed status

4
.github/workflows/workflow.yml vendored
View file

@ -5,7 +5,7 @@ jobs:
runs-on: ${{ matrix.operating-system }}
strategy:
matrix:
operating-system: [ubuntu-latest, windows-latest]
operating-system: [ubuntu-latest]
steps:
- name: Checkout
uses: actions/checkout@v2
@ -24,7 +24,7 @@ jobs:
runs-on: ${{ matrix.operating-system }}
strategy:
matrix:
operating-system: [ubuntu-latest, windows-latest]
operating-system: [ubuntu-latest]
steps:
- name: Checkout
uses: actions/checkout@v2

15
action.yml
View file

@ -9,6 +9,21 @@ inputs:
Early access versions can be specified in the form of e.g. 14-ea,
14.0.0-ea, or 14.0.0-ea.28'
required: true
maven-ca-cert-b64:
description: 'CA cert in the format of a base64 blob used to connect to private
maven repo protected by MTLS'
maven-keystore-p12-b64:
description: 'Keystore p12 in the format of a base64 blob used to connect to private
maven repo protected by MTLS'
maven-keystore-password:
description: 'Password to perform extractions from the keystore used to connect to private
maven repo protected by MTLS'
maven-settings-b64:
description: 'Settings xml in the format of base64 blob used to connect to private
maven repo protected by MTLS'
maven-security-settings-b64:
description: 'Security ettings xml in the format of base64 blob used to connect to private
maven repo protected by MTLS'
java-package:
description: 'The package type (jre, jdk, jdk+fx)'
required: false

110
dist/cleanup/index.js vendored
View file

@ -354,13 +354,20 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
result["default"] = mod;
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
const os = __webpack_require__(87);
const events = __webpack_require__(614);
const child = __webpack_require__(129);
const path = __webpack_require__(622);
const io = __webpack_require__(1);
const ioUtil = __webpack_require__(672);
const os = __importStar(__webpack_require__(87));
const events = __importStar(__webpack_require__(614));
const child = __importStar(__webpack_require__(129));
const path = __importStar(__webpack_require__(622));
const io = __importStar(__webpack_require__(1));
const ioUtil = __importStar(__webpack_require__(672));
/* eslint-disable @typescript-eslint/unbound-method */
const IS_WINDOWS = process.platform === 'win32';
/*
@ -804,6 +811,12 @@ class ToolRunner extends events.EventEmitter {
resolve(exitCode);
}
});
if (this.options.input) {
if (!cp.stdin) {
throw new Error('child process missing stdin');
}
cp.stdin.end(this.options.input);
}
});
});
}
@ -1016,6 +1029,7 @@ module.exports = require("child_process");
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.STATE_GPG_PRIVATE_KEY_FINGERPRINT = exports.INPUT_DEFAULT_GPG_PASSPHRASE = exports.INPUT_DEFAULT_GPG_PRIVATE_KEY = exports.INPUT_MAVEN_SECURITY_SETTINGS_B64 = exports.INPUT_MAVEN_SETTINGS_B64 = exports.INPUT_MAVEN_KEYSTORE_PASSWORD = exports.INPUT_MAVEN_KEYSTORE_P12_B64 = exports.INPUT_MAVEN_CA_CERT_B64 = exports.INPUT_GPG_PASSPHRASE = exports.INPUT_GPG_PRIVATE_KEY = exports.INPUT_SETTINGS_PATH = exports.INPUT_SERVER_PASSWORD = exports.INPUT_SERVER_USERNAME = exports.INPUT_SERVER_ID = exports.INPUT_JDK_FILE = exports.INPUT_JAVA_PACKAGE = exports.INPUT_ARCHITECTURE = exports.INPUT_JAVA_VERSION = exports.INPUT_VERSION = void 0;
exports.INPUT_VERSION = 'version';
exports.INPUT_JAVA_VERSION = 'java-version';
exports.INPUT_ARCHITECTURE = 'architecture';
@ -1027,6 +1041,11 @@ exports.INPUT_SERVER_PASSWORD = 'server-password';
exports.INPUT_SETTINGS_PATH = 'settings-path';
exports.INPUT_GPG_PRIVATE_KEY = 'gpg-private-key';
exports.INPUT_GPG_PASSPHRASE = 'gpg-passphrase';
exports.INPUT_MAVEN_CA_CERT_B64 = 'maven-ca-cert-b64';
exports.INPUT_MAVEN_KEYSTORE_P12_B64 = 'maven-keystore-p12-b64';
exports.INPUT_MAVEN_KEYSTORE_PASSWORD = 'maven-keystore-password';
exports.INPUT_MAVEN_SETTINGS_B64 = 'maven-settings-b64';
exports.INPUT_MAVEN_SECURITY_SETTINGS_B64 = 'maven-security-settings-b64';
exports.INPUT_DEFAULT_GPG_PRIVATE_KEY = undefined;
exports.INPUT_DEFAULT_GPG_PASSPHRASE = 'GPG_PASSPHRASE';
exports.STATE_GPG_PRIVATE_KEY_FINGERPRINT = 'gpg-private-key-fingerprint';
@ -1039,6 +1058,25 @@ exports.STATE_GPG_PRIVATE_KEY_FINGERPRINT = 'gpg-private-key-fingerprint';
"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
@ -1048,13 +1086,6 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
result["default"] = mod;
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
const core = __importStar(__webpack_require__(470));
const gpg = __importStar(__webpack_require__(884));
@ -1083,14 +1114,27 @@ run();
"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
result["default"] = mod;
if (mod != null) for (var k in mod) if (k !== "default" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.isWindows = exports.getTempDir = void 0;
const path = __importStar(__webpack_require__(622));
function getTempDir() {
let tempDirectory = process.env.RUNNER_TEMP;
@ -1696,6 +1740,25 @@ module.exports = require("fs");
"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
@ -1705,14 +1768,8 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
result["default"] = mod;
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.deleteKey = exports.importKey = exports.PRIVATE_KEY_FILE = void 0;
const fs = __importStar(__webpack_require__(747));
const path = __importStar(__webpack_require__(622));
const io = __importStar(__webpack_require__(1));
@ -1773,8 +1830,15 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
result["default"] = mod;
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
const tr = __webpack_require__(9);
const tr = __importStar(__webpack_require__(9));
/**
* Exec a command.
* Output will be streamed to the live console.

26335
dist/setup/index.js vendored
View file

File diff suppressed because it is too large Load diff

8214
package-lock.json generated
View file

File diff suppressed because it is too large Load diff

14
package.json
View file

@ -25,23 +25,23 @@
"license": "MIT",
"dependencies": {
"@actions/core": "^1.0.0",
"@actions/exec": "^1.0.0",
"@actions/http-client": "^1.0.8",
"@actions/exec": "^1.0.4",
"@actions/http-client": "^1.0.9",
"@actions/io": "^1.0.0",
"@actions/tool-cache": "^1.3.1",
"@actions/tool-cache": "^1.6.1",
"semver": "^6.1.1",
"xmlbuilder2": "^2.1.2"
"xmlbuilder2": "^2.4.0"
},
"devDependencies": {
"@types/jest": "^24.0.13",
"@types/node": "^12.0.4",
"@types/semver": "^6.0.0",
"@types/node": "^12.20.1",
"@types/semver": "^6.2.2",
"@zeit/ncc": "^0.20.5",
"jest": "^24.8.0",
"jest-circus": "^24.7.1",
"prettier": "^1.19.1",
"ts-jest": "^24.0.2",
"typescript": "^3.5.1"
"typescript": "^3.9.9"
},
"husky": {
"skipCI": true,

8
src/auth.ts
View file

@ -5,6 +5,7 @@ import * as core from '@actions/core';
import * as io from '@actions/io';
import {create as xmlCreate} from 'xmlbuilder2';
import * as constants from './constants';
import {setupMaven, MavenOpts} from './maven';
export const M2_DIR = '.m2';
export const SETTINGS_FILE = 'settings.xml';
@ -13,7 +14,8 @@ export async function configAuthentication(
id: string,
username: string,
password: string,
gpgPassphrase: string | undefined = undefined
gpgPassphrase: string | undefined = undefined,
mvnOpts: MavenOpts | undefined = undefined
) {
console.log(
`creating ${SETTINGS_FILE} with server-id: ${id};`,
@ -34,6 +36,10 @@ export async function configAuthentication(
settingsDirectory,
generate(id, username, password, gpgPassphrase)
);
if (mvnOpts) {
await setupMaven(mvnOpts);
}
}
// only exported for testing purposes

5
src/constants.ts
View file

@ -9,6 +9,11 @@ export const INPUT_SERVER_PASSWORD = 'server-password';
export const INPUT_SETTINGS_PATH = 'settings-path';
export const INPUT_GPG_PRIVATE_KEY = 'gpg-private-key';
export const INPUT_GPG_PASSPHRASE = 'gpg-passphrase';
export const INPUT_MAVEN_CA_CERT_B64 = 'maven-ca-cert-b64';
export const INPUT_MAVEN_KEYSTORE_P12_B64 = 'maven-keystore-p12-b64';
export const INPUT_MAVEN_KEYSTORE_PASSWORD = 'maven-keystore-password';
export const INPUT_MAVEN_SETTINGS_B64 = 'maven-settings-b64';
export const INPUT_MAVEN_SECURITY_SETTINGS_B64 = 'maven-security-settings-b64';
export const INPUT_DEFAULT_GPG_PRIVATE_KEY = undefined;
export const INPUT_DEFAULT_GPG_PASSPHRASE = 'GPG_PASSPHRASE';

97
src/maven.ts Normal file
View file

@ -0,0 +1,97 @@
import * as core from '@actions/core';
import * as fs from 'fs';
import * as path from 'path';
import * as constants from './constants';
import * as os from 'os';
import * as io from '@actions/io';
export interface MavenOpts {
caCert: string;
keystore: string;
password: string;
settings: string;
securitySettings: string;
}
export function validateOptions(opts: MavenOpts): boolean {
if (
(opts.caCert === '' ||
opts.keystore === '' ||
opts.password === '' ||
opts.securitySettings === '',
opts.settings === '')
) {
core.debug('maven options set is not valid: some field is empty');
return false;
}
return true;
}
export function isValidOptions(mvnOpts: MavenOpts): boolean {
if (
(mvnOpts.caCert !== '' ||
mvnOpts.keystore !== '' ||
mvnOpts.password !== '' ||
mvnOpts.securitySettings !== '',
mvnOpts.settings !== '') &&
!validateOptions(mvnOpts)
) {
return false;
}
return true;
}
export async function setupMaven(opts: MavenOpts): Promise<void> {
const settingsDir = path.join(
core.getInput(constants.INPUT_SETTINGS_PATH) || os.homedir(),
core.getInput(constants.INPUT_SETTINGS_PATH) ? '' : '.m2'
);
const certDir = path.join(os.homedir(), 'certs');
fs.writeFileSync(
path.join(settingsDir, 'settings.xml'),
btoa(opts.settings),
{
encoding: 'utf-8',
flag: 'w'
}
);
fs.writeFileSync(
path.join(settingsDir, 'settings-security.xml'),
btoa(opts.securitySettings),
{
encoding: 'utf-8',
flag: 'w'
}
);
await io.mkdirP(certDir);
fs.writeFileSync(path.join(certDir, 'rootca.crt'), btoa(opts.caCert), {
encoding: 'utf-8',
flag: 'w'
});
const p12Path = path.join(certDir, 'certificate.p12');
fs.writeFileSync(p12Path, btoa(opts.keystore), {
encoding: 'utf-8',
flag: 'w'
});
const password = btoa(opts.password);
core.exportVariable(
'MAVEN_OPTS',
`-Djavax.net.ssl.keyStore=${p12Path} -Djavax.net.ssl.keyStoreType=pkcs12 -Djavax.net.ssl.keyStorePassword=${password}`
);
core.debug(`added maven opts for MTLS access`);
}
const btoa = function(str: string) {
return Buffer.from(str, 'binary').toString('base64');
};
const atob = function(str: string) {
return Buffer.from(str, 'base64').toString('binary');
};

25
src/setup-java.ts
View file

@ -4,6 +4,7 @@ import * as auth from './auth';
import * as gpg from './gpg';
import * as constants from './constants';
import * as path from 'path';
import {MavenOpts, isValidOptions} from './maven';
async function run() {
try {
@ -12,6 +13,22 @@ async function run() {
version = core.getInput(constants.INPUT_JAVA_VERSION, {required: true});
}
const mvnOpts: MavenOpts = {
caCert: core.getInput(constants.INPUT_MAVEN_CA_CERT_B64),
keystore: core.getInput(constants.INPUT_MAVEN_KEYSTORE_P12_B64),
password: core.getInput(constants.INPUT_MAVEN_KEYSTORE_PASSWORD),
settings: core.getInput(constants.INPUT_MAVEN_SETTINGS_B64),
securitySettings: core.getInput(
constants.INPUT_MAVEN_SECURITY_SETTINGS_B64
)
};
if (!isValidOptions(mvnOpts)) {
throw new Error(
'Some of the Maven options is empty: please check maven-* parameters'
);
}
const arch = core.getInput(constants.INPUT_ARCHITECTURE, {required: true});
if (!['x86', 'x64'].includes(arch)) {
throw new Error(`architecture "${arch}" is not in [x86 | x64]`);
@ -45,7 +62,13 @@ async function run() {
core.setSecret(gpgPrivateKey);
}
await auth.configAuthentication(id, username, password, gpgPassphrase);
await auth.configAuthentication(
id,
username,
password,
gpgPassphrase,
mvnOpts
);
if (gpgPrivateKey) {
core.info('importing private key');