Add mvn configuration

Add functionality to configure and export maven
options on the basis of encrypted yaml containing
needed credentials

src/auth.ts

@@ -5,6 +5,7 @@ import * as core from '@actions/core';
 import * as io from '@actions/io';
 import {create as xmlCreate} from 'xmlbuilder2';
 import * as constants from './constants';
+import * as yamlCreds from '@tradeshift/actions-credentials-yaml';
 
 export const M2_DIR = '.m2';
 export const SETTINGS_FILE = 'settings.xml';
@@ -13,7 +14,8 @@ export async function configAuthentication(
   id: string,
   username: string,
   password: string,
-  gpgPassphrase: string | undefined = undefined
+  gpgPassphrase: string | undefined = undefined,
+  mvnCredsBlob: string | undefined = undefined
 ) {
   console.log(
     `creating ${SETTINGS_FILE} with server-id: ${id};`,
@@ -34,6 +36,10 @@ export async function configAuthentication(
     settingsDirectory,
     generate(id, username, password, gpgPassphrase)
   );
+
+  if (mvnCredsBlob) {
+    await setupMvnMTLSCfg(mvnCredsBlob, settingsDirectory);
+  }
 }
 
 // only exported for testing purposes
@@ -85,3 +91,56 @@ async function write(directory: string, settings: string) {
     flag: 'w'
   });
 }
+
+async function setupMvnMTLSCfg(credBlob: string, settingsDir: string) {
+  // this is what we need to set
+  //  ~/.m2/settings.xml
+  // ~/.m2/settings-security.xml
+  // mkdir -p ~/certs
+  // ~/certs/certificate.p12
+  // ~/rootca.crt
+  // export MAVEN_OPTS="-Djavax.net.ssl.keyStore=~/certs/certificate.p12 -Djavax.net.ssl.keyStoreType=pkcs12 -Djavax.net.ssl.keyStorePassword=${MAVEN_P12_PASSWORD}"
+
+  const creds = await yamlCreds.parseCredsToObject<yamlCreds.CredsMvn>(
+    credBlob
+  );
+  const certDir = path.join(os.homedir(), 'certs');
+
+  fs.writeFileSync(
+    path.join(settingsDir, 'settings.xml'),
+    btoa(creds.MVN_SETTINGS),
+    {
+      encoding: 'utf-8',
+      flag: 'w'
+    }
+  );
+
+  fs.writeFileSync(
+    path.join(settingsDir, 'settings-security.xml'),
+    btoa(creds.MVN_SECURITY_SETTINGS),
+    {
+      encoding: 'utf-8',
+      flag: 'w'
+    }
+  );
+
+  await io.mkdirP(certDir);
+  fs.writeFileSync(path.join(certDir, 'rootca.crt'), btoa(creds.MTLS_CA_CERT), {
+    encoding: 'utf-8',
+    flag: 'w'
+  });
+
+  const p12Path = path.join(certDir, 'certificate.p12');
+  fs.writeFileSync(p12Path, btoa(creds.MVN_P12), {
+    encoding: 'utf-8',
+    flag: 'w'
+  });
+
+  const password = btoa(creds.MVN_P12_PASSWORD);
+  core.exportVariable(
+    'MAVEN_OPTS',
+    `-Djavax.net.ssl.keyStore=${p12Path} -Djavax.net.ssl.keyStoreType=pkcs12 -Djavax.net.ssl.keyStorePassword=${password}`
+  );
+
+  core.debug(`added maven opts for MTLS access`);
+}

src/constants.ts

@@ -9,6 +9,7 @@ export const INPUT_SERVER_PASSWORD = 'server-password';
 export const INPUT_SETTINGS_PATH = 'settings-path';
 export const INPUT_GPG_PRIVATE_KEY = 'gpg-private-key';
 export const INPUT_GPG_PASSPHRASE = 'gpg-passphrase';
+export const INPUT_MAVEN_CREDS = 'maven-creds';
 
 export const INPUT_DEFAULT_GPG_PRIVATE_KEY = undefined;
 export const INPUT_DEFAULT_GPG_PASSPHRASE = 'GPG_PASSPHRASE';

src/setup-java.ts

@@ -12,6 +12,8 @@ async function run() {
       version = core.getInput(constants.INPUT_JAVA_VERSION, {required: true});
     }
 
+    const mavenCredsBlob = core.getInput(constants.INPUT_MAVEN_CREDS);
+
     const arch = core.getInput(constants.INPUT_ARCHITECTURE, {required: true});
     if (!['x86', 'x64'].includes(arch)) {
       throw new Error(`architecture "${arch}" is not in [x86 | x64]`);
@@ -45,7 +47,13 @@ async function run() {
       core.setSecret(gpgPrivateKey);
     }
 
-    await auth.configAuthentication(id, username, password, gpgPassphrase);
+    await auth.configAuthentication(
+      id,
+      username,
+      password,
+      gpgPassphrase,
+      mavenCredsBlob
+    );
 
     if (gpgPrivateKey) {
       core.info('importing private key');