actions · ParryQiu · Mar 1, 2024 · Mar 21, 2024
@@ -36,18 +36,22 @@ jobs:
           server-username: MAVEN_USERNAME
           server-password: MAVEN_CENTRAL_TOKEN
           gpg-passphrase: MAVEN_GPG_PASSPHRASE
+        env:
+          MAVEN_USERNAME: MAVEN_USERNAME
+          MAVEN_CENTRAL_TOKEN: MAVEN_CENTRAL_TOKEN
+          MAVEN_GPG_PASSPHRASE: MAVEN_GPG_PASSPHRASE
       - name: Validate settings.xml
         run: |
           $xmlPath = Join-Path $HOME ".m2" "settings.xml"
           Get-Content $xmlPath | ForEach-Object { Write-Host $_ }
 
           [xml]$xml = Get-Content $xmlPath
           $servers = $xml.settings.servers.server
-          if (($servers[0].id -ne 'maven') -or ($servers[0].username -ne '${env.MAVEN_USERNAME}') -or ($servers[0].password -ne '${env.MAVEN_CENTRAL_TOKEN}')) {
+          if (($servers[0].id -ne 'maven') -or ($servers[0].username -ne 'MAVEN_USERNAME') -or ($servers[0].password -ne 'MAVEN_CENTRAL_TOKEN')) {
             throw "Generated XML file is incorrect"
           }
 
-          if (($servers[1].id -ne 'gpg.passphrase') -or ($servers[1].passphrase -ne '${env.MAVEN_GPG_PASSPHRASE}')) {
+          if (($servers[1].id -ne 'gpg.passphrase') -or ($servers[1].passphrase -ne 'MAVEN_GPG_PASSPHRASE')) {
             throw "Generated XML file is incorrect"
           }
 
@@ -77,6 +81,10 @@ jobs:
           server-username: MAVEN_USERNAME
           server-password: MAVEN_CENTRAL_TOKEN
           gpg-passphrase: MAVEN_GPG_PASSPHRASE
+        env:
+          MAVEN_USERNAME: MAVEN_USERNAME
+          MAVEN_CENTRAL_TOKEN: MAVEN_CENTRAL_TOKEN
+          MAVEN_GPG_PASSPHRASE: MAVEN_GPG_PASSPHRASE
       - name: Validate settings.xml is overwritten
         run: |
           $xmlPath = Join-Path $HOME ".m2" "settings.xml"
@@ -114,6 +122,10 @@ jobs:
           server-password: MAVEN_CENTRAL_TOKEN
           overwrite-settings: false
           gpg-passphrase: MAVEN_GPG_PASSPHRASE
+        env:
+          MAVEN_USERNAME: MAVEN_USERNAME
+          MAVEN_CENTRAL_TOKEN: MAVEN_CENTRAL_TOKEN
+          MAVEN_GPG_PASSPHRASE: MAVEN_GPG_PASSPHRASE
       - name: Validate that settings.xml is not overwritten
         run: |
           $xmlPath = Join-Path $HOME ".m2" "settings.xml"
@@ -145,6 +157,10 @@ jobs:
           server-password: MAVEN_CENTRAL_TOKEN
           gpg-passphrase: MAVEN_GPG_PASSPHRASE
           settings-path: ${{ runner.temp }}
+        env:
+          MAVEN_USERNAME: MAVEN_USERNAME
+          MAVEN_CENTRAL_TOKEN: MAVEN_CENTRAL_TOKEN
+          MAVEN_GPG_PASSPHRASE: MAVEN_GPG_PASSPHRASE
       - name: Validate settings.xml location
         run: |
           $path = Join-Path $env:RUNNER_TEMP "settings.xml"

@@ -1,15 +1,23 @@
-import * as io from '@actions/io';
 import * as core from '@actions/core';
+import * as io from '@actions/io';
 import * as fs from 'fs';
-import * as path from 'path';
 import os from 'os';
+import * as path from 'path';
 
 import * as auth from '../src/auth';
 import {M2_DIR, MVN_SETTINGS_FILE} from '../src/constants';
 
 const m2Dir = path.join(__dirname, M2_DIR);
 const settingsFile = path.join(m2Dir, MVN_SETTINGS_FILE);
 
+// escape xml special characters
+function escapeXml(unsafeStr: string) {
+  return unsafeStr
+    .replace(/&/g, '&amp;')
+    .replace(/</g, '&lt;')
+    .replace(/>/g, '&gt;');
+}
+
 describe('auth tests', () => {
   let spyOSHomedir: jest.SpyInstance;
   let spyInfo: jest.SpyInstance;
@@ -157,19 +165,22 @@ describe('auth tests', () => {
     const username = 'USER';
     const password = '&<>"\'\'"><&';
 
+    process.env['username'] = username;
+    process.env['password'] = password;
+
     const expectedSettings = `<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd">
   <servers>
     <server>
-      <id>${id}</id>
-      <username>\${env.${username}}</username>
-      <password>\${env.&amp;&lt;&gt;"''"&gt;&lt;&amp;}</password>
+      <id>${escapeXml(id)}</id>
+      <username>${escapeXml(username)}</username>
+      <password>${escapeXml(password)}</password>
     </server>
   </servers>
 </settings>`;
 
-    expect(auth.generate(id, username, password)).toEqual(expectedSettings);
+    expect(auth.generate(id, 'username', 'password')).toEqual(expectedSettings);
   });
 
   it('generates valid settings.xml with additional configuration', () => {
@@ -178,23 +189,27 @@ describe('auth tests', () => {
     const password = '&<>"\'\'"><&';
     const gpgPassphrase = 'PASSPHRASE';
 
+    process.env['username'] = username;
+    process.env['password'] = password;
+    process.env['gpgPassphrase'] = gpgPassphrase;
+
     const expectedSettings = `<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd">
   <servers>
     <server>
-      <id>${id}</id>
-      <username>\${env.${username}}</username>
-      <password>\${env.&amp;&lt;&gt;"''"&gt;&lt;&amp;}</password>
+      <id>${escapeXml(id)}</id>
+      <username>${escapeXml(username)}</username>
+      <password>${escapeXml(password)}</password>
     </server>
     <server>
       <id>gpg.passphrase</id>
-      <passphrase>\${env.${gpgPassphrase}}</passphrase>
+      <passphrase>${escapeXml(gpgPassphrase)}</passphrase>
     </server>
   </servers>
 </settings>`;
 
-    expect(auth.generate(id, username, password, gpgPassphrase)).toEqual(
+    expect(auth.generate(id, 'username', 'password', 'gpgPassphrase')).toEqual(
       expectedSettings
     );
   });

@@ -122928,9 +122928,9 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
 };
 Object.defineProperty(exports, "__esModule", ({ value: true }));
 exports.generate = exports.createAuthenticationSettings = exports.configureAuthentication = void 0;
-const path = __importStar(__nccwpck_require__(71017));
 const core = __importStar(__nccwpck_require__(42186));
 const io = __importStar(__nccwpck_require__(47351));
+const path = __importStar(__nccwpck_require__(71017));
 const fs = __importStar(__nccwpck_require__(57147));
 const os = __importStar(__nccwpck_require__(22037));
 const xmlbuilder2_1 = __nccwpck_require__(70151);
@@ -122982,8 +122982,8 @@ function generate(id, username, password, gpgPassphrase) {
                 server: [
                     {
                         id: id,
-                        username: `\${env.${username}}`,
-                        password: `\${env.${password}}`
+                        username: process.env[username],
+                        password: process.env[password]
                     }
                 ]
             }
@@ -122992,7 +122992,7 @@ function generate(id, username, password, gpgPassphrase) {
     if (gpgPassphrase) {
         const gpgServer = {
             id: 'gpg.passphrase',
-            passphrase: `\${env.${gpgPassphrase}}`
+            passphrase: process.env[gpgPassphrase]
         };
         xmlObj.settings.servers.server.push(gpgServer);
     }

@@ -182,7 +182,7 @@ steps:
     jdkFile: ${{ runner.temp }}/java_package.tar.gz
     java-version: '11.0.0'
     architecture: x64
-    
+
 - run: java -cp java HelloWorldApp
 ```
 
@@ -285,7 +285,10 @@ jobs:
         server-password: MAVEN_CENTRAL_TOKEN # env variable for token in deploy
         gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
         gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
-
+      env:
+        MAVEN_USERNAME: ${{ vars.MAVEN_USERNAME }} # set the env variable for username
+        MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }} # set the env variable for token
+        MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} # set the env variable for GPG private key passphrase
     - name: Publish to Apache Maven Central
       run: mvn deploy
       env:

@@ -1,6 +1,6 @@
-import * as path from 'path';
 import * as core from '@actions/core';
 import * as io from '@actions/io';
+import * as path from 'path';
 
 import * as fs from 'fs';
 import * as os from 'os';
@@ -84,8 +84,8 @@ export function generate(
         server: [
           {
             id: id,
-            username: `\${env.${username}}`,
-            password: `\${env.${password}}`
+            username: process.env[username],
+            password: process.env[password]
           }
         ]
       }
@@ -95,7 +95,7 @@ export function generate(
   if (gpgPassphrase) {
     const gpgServer = {
       id: 'gpg.passphrase',
-      passphrase: `\${env.${gpgPassphrase}}`
+      passphrase: process.env[gpgPassphrase]
     };
     xmlObj.settings.servers.server.push(gpgServer);
   }