GitLab CI secret variables for Gradle publish

Question

How to setup Gradle publish task user credentials with GitLab CI secret variables? I am using gradle maven publish plugin, and here is snippet from build.gradle

repositories {
    maven {
      credentials {
        username artifactUser
        password artifactPass
      }
      url "..."
    }
  }

I've tried to use gradle.properties as below

artifactUser=${env.MAVEN_REPO_USER}
artifactPass=${env.MAVEN_REPO_PASS}

And several ways of accessing secret variables in .gitlab-ci.yml file (because gradle.properties is not picked up from gradle or variables are not transformed correctly, it is in root project dir)

Method 1

'./gradlew publish -x test -PartifactUser=${env.MAVEN_REPO_USER} -PartifactPass=${env.MAVEN_REPO_PASS}'

Error: /bin/bash: line 56: -PartifactUser=${env.MAVEN_REPO_USER}: bad substitution

Method 2

    before_script:
      - chmod +x ./gradlew
      - export REPO_USER=${env.MAVEN_REPO_USER}
      - export REPO_PASS=${env.MAVEN_REPO_PASS}
    ...
    deploy:
  stage: deploy
  script:
    - ./gradlew publish -x test -PartifactUser=$REPO_USER -PartifactPass=$REPO_PASS

I am using openjdk:8-jdk-slim image for build using gradle wrapper. Seems like there are several issues with this kind of variable usage, do we have any workaround?

Answer 1

You don't need env. prefinx in your .gitlab-ci.yml. You don't need to re-export the variables as well.

If you have defined a variables named MAVEN_REPO_USER and MAVEN_REPO_PASS in Gitlab CI/CD settings for the project, you can just use them in Gradle script:

repositories {
    maven {
        credentials {
            username System.getenv("MAVEN_REPO_USER")
            password System.getenv("MAVEN_REPO_PASS")
        }
        url "…"
    }
}

Answer 2

Here is how I resolved it (unfortunately the official GitLab doco is very focused on Maven... :(

apply plugin: 'java'
apply plugin: 'maven-publish'

compileJava.options.encoding = 'UTF-8'
group = 'com.example'
version = '1.0.9'


task zipSource(type: Zip) {
    from file('files/test.zip')
    archiveClassifier = 'testZip'
}

publishing {
    repositories {
        maven {
            name 'GitLab' 
            url 'https://gitlab.my-company.com/api/v4/projects/2302/packages/maven'
            credentials(HttpHeaderCredentials) {
                name = "Job-Token"
                value = System.getenv("CI_JOB_TOKEN")
            }
            authentication {
                header(HttpHeaderAuthentication)
            }
        }
   }
   publications {
        mavenJava(MavenPublication) {
            artifactId = 'project1-sample'
            //deploy jar vom Java
            from components.java
            //deploy arbitrary Zip file
            artifact zipSource
        }
    }
}

Answer 3

you can use environment variables directly to set gradle properties, see full documentation here.

in your case set artifactUser and artifactPass as env variables (best as secrect ones).

Answer 4

As md_rasler mentioned in his comment above, his code worked almost perfectly. I had to modify it slightly and use different name 'Deploy-Token' as the default value for the name. My config lookks like this:

maven {
    url "https://gitlab.com/api/v4/projects/<<project_id>>/packages/maven"
    credentials(HttpHeaderCredentials) {
        name = "${System.getenv("CI_JOB_TOKEN") ? 'a -Token' : 'Deploy-Token'}"
        value = "${System.getenv("CI_JOB_TOKEN") ?: gitlabDeployToken}"
    }
    authentication {
        header(HttpHeaderAuthentication)
    }
}