-
-
Notifications
You must be signed in to change notification settings - Fork 180
Repository Credentials and Deploying
Boot comes with a built-in push task that allows you to deploy artifacts
to Maven repositories. Noteworthy are the repo
option, which is an alias
to the deployment target, and the gpg-sign
option, a boolean switch that
enables artifact signing.
The simplest case is when you define your Maven repositories in the
:repositories
env key, in your build.boot
file, like this:
(set-env! :repositories [["clojars" {:url "https://clojars.org/repo/"
:username "foo"
:password "bar"}]])
With this configuration you can then do:
boot push --repo clojars
or you can configure the option in your build.boot
:
(task-options! push {:repo "clojars"})
Then you can just do
boot push
When you are adding additional repositories like datomic, instead of modifying default repository list, you should update the list so that the default repositories are left as is. This can be achieved by providing an update function to set-env!
call:
(set-env! :repositories #(conj % ["datomic" {:url "https://my.datomic.com/repo"}]))
When value provided to set-env!
is a function, it works like update
and calls the function with the current value to create the new value.
The basic example is usually not satisfactory because you don't want to
commit your build.boot
file with your username and password in it!
The simplest alternative is to use environment variables, like this:
(set-env! :repositories [["clojars" {:url "https://clojars.org/repo/"
:username (System/getenv "CLOJARS_USER")
:password (System/getenv "CLOJARS_PASS")}]])
That accomplishes the goal, but it's not the best because it forces
others to populate their environment with the variables you hardcode
into your build.boot
if they want to deploy the project.
A better way is to omit the :username
and :password
fields from
the repo configuration in your build.boot
like this:
(set-env! :repositories [["clojars" {:url "https://clojars.org/repo/"}]])
Then you can use built-in configure-repositories!
function to set a callback
that will configure the repository credentials. The callback is a function
that accepts a repository map argument and returns a new repository map
with any extra configuration (eg. credentials) added to it.
For example, you can add this to your BOOT_HOME/profile.boot
file:
;; Get credentials for Clojars from the environment.
(configure-repositories!
(fn [{:keys [url] :as repo-map}]
(->> (condp re-find url
#"^https://clojars\.org/repo"
{:username (get-sys-env "CLOJARS_USER" :required)
:password (get-sys-env "CLOJARS_PASS" :required)}
#".*" nil)
(merge repo-map))))
You could make a BOOT_HOME/credentials.gpg
file with the following
contents (encrypted of course):
{"https://clojars.org/repo/" {:username "foo" :password "bar"}}
and in your BOOT_HOME/profile.boot
:
(import java.io.File)
;; Get credentials from a GPG encrypted file.
(configure-repositories!
(let [creds-file (File. (boot.App/bootdir) "credentials.gpg")
creds-data (gpg-decrypt creds-file :as :edn)]
(fn [{:keys [url] :as repo-map}]
(merge repo-map (creds-data url)))))
You can, of course do anything you want in your callback, so any combination of environment, encrypted file, or anything else you can think of is posible.
You could also read the credentials from Leiningen credentials.clj.gpg. In this case the file contains map of regex to map with credentials. You can use a function to match repository to matching regex and value:
(configure-repositories!
(fn [m]
(merge m (some (fn [[regex cred]] (if (re-find regex (:url m)) cred))
(gpg-decrypt
(clojure.java.io/file
(System/getProperty "user.home") ".lein/credentials.clj.gpg")
:as :edn)))))
Sometimes you want to deploy to a repository that you don't want to pull
artifacts from; you just want to push to it. You can't add this repository
via (set-env! :repositories ...)
because then it would be used to fetch
as well as push.
The push
task provides the repo-map
option for this situation. This
option takes a repository configuration map and can be used to override
the repositories in :repositories
.
For example:
(task-options! push {:repo-map {:url "https://repos.com/repo/"}})
Your configure-repositories!
callback will be applied to the repo-map
the same a if you had specified it in :repositories
.
-
Check
push
task help for complete options. -
Leiningen documentation about repository authentication, including documentation for creating the GPG encrypted credentials file: https://github.com/technomancy/leiningen/blob/master/doc/DEPLOY.md#authentication
Boot will use system GPG binary ($BOOT_GPG_COMAND
) to sign the artifacts
and to read encrypted credentials file. This means that Boot will use your
existing GPG configuration.
If you need to specify specific signing key or to provide passphrase for
key from Boot, check push
task documentation.
You can find other developers and users in the #hoplon
channel on freenode IRC or the boot slack channel.
If you have questions or need help, please visit the Discourse site.
- Environments
- Boot environment
- Java environment
- Tasks
- Built-ins
- Third-party
- Tasks Options
- Filesets
- Target Directory
- Pods
- Boot Exceptions
- Configuring Boot
- Updating Boot
- Setting Clojure version
- JVM Options
- S3 Repositories
- Scripts
- Task Writer's Guide
- Require inside Tasks
- Boot for Leiningen Users
- Boot in Leiningen Projects
- Repl reloading
- Repository Credentials and Deploying
- Snippets
- Troubleshooting
- FAQ
- API docs
- Core
- Pod
- Util