Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependency Graph submission init script hard codes the "https://plugins.gradle.org/m2/" URL #933

Closed
yogurtearl opened this issue Oct 10, 2023 · 4 comments
Closed

Dependency Graph submission init script hard codes the "https://plugins.gradle.org/m2/" URL #933

yogurtearl opened this issue Oct 10, 2023 · 4 comments
Assignees
@bigdaz
Labels
enhancement New feature or request
Milestone
2.11.0

Comments

@yogurtearl
Copy link

The init script adds this URL with might not be accessible: "https://plugins.gradle.org/m2/"

gradle-build-action/src/resources/init-scripts/gradle-build-action.github-dependency-graph-gradle-plugin-apply.groovy

Line 3 in 62cce3c

maven { url "https://plugins.gradle.org/m2/" }

I am requesting a way to configure that repo URL.

For example, if I have an internal proxy called https://gradle-plugins-proxy.mycorp.com/ that proxies https://plugins.gradle.org/m2/, I need a way to configure that.

Also, this could pollute the buildscript repos for other plugins, so it should use exclusiveContent to limit the scope.

Instead, would be good to have something like:

    exclusiveContent {
        forRepository {
            providers.environmentVariable("GRADLE_BUILD_ACTION_PLUGINS_REPO").orNull
                ?.let { maven(it) }
                ?: gradlePluginPortal()
        }
        filter {
            includeModule("org.gradle.github-dependency-graph-gradle-plugin", "org.gradle.github-dependency-graph-gradle-plugin.gradle.plugin")
        }
    }
@jb-2020
Copy link

jb-2020 commented Nov 13, 2023

Also bumping into this one, would be great to support more enterprise use cases. I've forked this action with the following:

  repositories {
    maven { 
      url "<private gradle plugin repository>
      credentials {
        username = System.getenv("USERNAME")
        password = System.getenv("PASSWORD")
      }
    }
  }

Unclear if it's user error but I also had trouble configuring the maven credentials. Assuming this is because this is an init script? Using env vars rather than gradle properties seems to be a work around.

@bigdaz bigdaz self-assigned this Dec 12, 2023
@bigdaz bigdaz added the enhancement New feature or request label Dec 12, 2023
@bigdaz bigdaz added this to the 2.11.0 milestone Dec 12, 2023
@bigdaz bigdaz closed this as completed in 8cbcb99 Dec 12, 2023
@jb-2020
Copy link

jb-2020 commented Dec 12, 2023

@bigdaz thanks for the fix, but there may be scenarios where users need maven credentials for this URL. Any suggestions?

@bigdaz
Copy link
Member

bigdaz commented Dec 13, 2023

@bigdaz thanks for the fix, but there may be scenarios where users need maven credentials for this URL. Any suggestions?

No. We have provided similar functionality with all of our Develocity CI integrations, and while PLUGIN_REPOSITORY_URL is part of each, nobody has asked for authentication.

Can you please raise a separate issue for this, with your specific use case?

@jb-2020 jb-2020 mentioned this issue Feb 9, 2024
Closed
@bigdaz
Copy link
Member

bigdaz commented Dec 20, 2023

@yogurtearl I considered adding the exclusiveContent restriction, but from my understanding the buildscript block only applies to the current script, which is applied from an init-script, and won't impact dependency resolution in other scripts.

Have you seen evidence of this sort of repository leakage?

bigdaz added a commit that referenced this issue Dec 23, 2023
@bigdaz
Plugin repository URL is configurable
1afd1d1 
The repository URL used to resolve the `github-dependency-graph-gradle-plugin` is now
configurable, allowing a user to specify an internal proxy if the public portal is not available.

Specify a custom plugin repository using the `GRADLE_PLUGIN_REPOSITORY_URL` env var,
or the `gradle.plugin-repository.url` System property.

Fixes #933
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bigdaz bigdaz

Labels
enhancement New feature or request
Projects
None yet
Milestone
2.11.0
Development

No branches or pull requests
3 participants
@bigdaz @yogurtearl @jb-2020