rules_jvm_external java_export should not generate publisher script with credentials in it

java_export should not generate publisher script with credentials in it

Open dr-dime opened this issue 2 years ago • 0 comments

credentials should be kept in

files that are read-only to the current user or
in memory.

The current design of _maven_publish_impl will generate a file with credentials in it and the file will be uploaded to the remote cache, thus made available for anyone who has access to it.

All these credentials should be passed at the run time of the script, not the build time, ie. bazel run pkg.publish -- --user=x --password=y and more preferably from a maven config file, eg. .m2/settings.xml.

Relevant topics:

bazelbuild/bazel#498
#80

Apr 13 '22 03:04 dr-dime

rules_jvm_external rules_jvm_external copied to clipboard

java_export should not generate publisher script with credentials in it

rules_jvm_external
rules_jvm_external copied to clipboard