101 lines
2.7 KiB
Groovy
101 lines
2.7 KiB
Groovy
import com.bettercloud.vault.VaultConfig;
|
|
import com.bettercloud.vault.Vault;
|
|
|
|
initscript {
|
|
repositories {
|
|
mavenCentral()
|
|
}
|
|
dependencies {
|
|
classpath 'com.bettercloud:vault-java-driver:4.1.0'
|
|
}
|
|
}
|
|
|
|
['VAULT_ADDR', 'VAULT_ROLE_ID', 'VAULT_SECRET_ID'].each {
|
|
if (System.env."$it" == null) {
|
|
throw new GradleException("$it must be set!")
|
|
|
|
}
|
|
}
|
|
|
|
final String vaultToken = new Vault(
|
|
new VaultConfig()
|
|
.address(System.env.VAULT_ADDR)
|
|
.engineVersion(1)
|
|
.build()
|
|
)
|
|
.withRetries(5, 1000)
|
|
.auth()
|
|
.loginByAppRole("approle", System.env.VAULT_ROLE_ID, System.env.VAULT_SECRET_ID)
|
|
.getAuthClientToken();
|
|
|
|
final Vault vault = new Vault(
|
|
new VaultConfig()
|
|
.address(System.env.VAULT_ADDR)
|
|
.engineVersion(1)
|
|
.token(vaultToken)
|
|
.build()
|
|
)
|
|
.withRetries(5, 1000)
|
|
|
|
final Map<String,String> artifactoryCredentials = vault.logical()
|
|
.read("secret/elasticsearch-ci/artifactory.elstc.co")
|
|
.getData();
|
|
|
|
logger.info("Using elastic artifactory repos")
|
|
Closure configCache = {
|
|
return {
|
|
name "artifactory-gradle-release"
|
|
url "https://artifactory.elstc.co/artifactory/gradle-release"
|
|
credentials {
|
|
username artifactoryCredentials.get("username")
|
|
password artifactoryCredentials.get("token")
|
|
}
|
|
}
|
|
}
|
|
settingsEvaluated { settings ->
|
|
settings.pluginManagement {
|
|
repositories {
|
|
maven configCache()
|
|
}
|
|
}
|
|
}
|
|
projectsLoaded {
|
|
allprojects {
|
|
buildscript {
|
|
repositories {
|
|
maven configCache()
|
|
}
|
|
}
|
|
repositories {
|
|
maven configCache()
|
|
}
|
|
}
|
|
rootProject {
|
|
project.pluginManager.withPlugin('com.gradle.build-scan') {
|
|
buildScan.server = 'https://gradle-enterprise.elastic.co'
|
|
}
|
|
}
|
|
}
|
|
|
|
final String buildCacheUrl = System.getProperty('org.elasticsearch.build.cache.url')
|
|
final boolean buildCachePush = Boolean.valueOf(System.getProperty('org.elasticsearch.build.cache.push', 'false'))
|
|
|
|
if (buildCacheUrl) {
|
|
final Map<String,String> buildCacheCredentials = vault.logical()
|
|
.read("secret/elasticsearch-ci/gradle-build-cache")
|
|
.getData();
|
|
gradle.settingsEvaluated { settings ->
|
|
settings.buildCache {
|
|
remote(HttpBuildCache) {
|
|
url = buildCacheUrl
|
|
push = buildCachePush
|
|
credentials {
|
|
username = buildCacheCredentials.get("username")
|
|
password = buildCacheCredentials.get("password")
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|