Skip to content

Support artifacts upload from Maven/Gradle using basic-http auth

Moaz Khalifa requested to merge 277385-Support-basic-auth-in-maven-upload into master

What does this MR do and why?

In order to upload packages/artifacts to the Maven Repository, the user needs to authenticate against the repository. As documented, three token types can be used to authenticate with:

  • Personal access token
  • Deploy token
  • CI Job token

Deploy token & CI Job token support two authentication methods: custom http header & basic-http auth. Personal access token only supports the custom http header method.

In this MR, we add support for Personal access token basic auth.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

N/A

How to set up and validate locally

  1. We can use gl_pru to publish maven & gradle packages.
  2. After cloning gl_pru, we can change the credentials in the configuration file to test uploading with personal access token basic auth.
  3. First we can test uploading maven artifacts. Replace the contents of this file with the following:
<settings>
  <servers>
    <server>
      <id>gl_pru</id>
      <username><%= options[:user] %></username>
      <password><%= options[:token] %></password>
      <configuration>
        <authenticationInfo>
          <userName><%= options[:user] %></userName>
          <password><%= options[:token] %></password>
        </authenticationInfo>
      </configuration>
    </server>
  </servers>
</settings>
  1. Execute this command to publish the package. Make sure to replace XXX with your PAT in --token=XXX.
  2. The package artifacts should be published successfully.
  3. To test uploading gradle artifacts, replace those credentials lines with the following:
url "<%= options[:url] %>"
credentials(PasswordCredentials) {
  username "<%= options[:user] %>"
  password "<%= options[:token] %>"
}
authentication {
  basic(BasicAuthentication)
}
allowInsecureProtocol = true
  1. Execute this command to publish the package, and make sure to replace XXX with your PAT in --token=XXX.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #277385 (closed)

Edited by Moaz Khalifa

Merge request reports