forked from elastic/elasticsearch
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinit.gradle
114 lines (101 loc) · 2.97 KB
/
init.gradle
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
import com.bettercloud.vault.VaultConfig
import com.bettercloud.vault.Vault
initscript {
repositories {
mavenCentral()
}
dependencies {
classpath 'com.bettercloud:vault-java-driver:4.1.0'
}
}
boolean USE_ARTIFACTORY = false
if (System.getenv('VAULT_ADDR') == null) {
throw new GradleException("You must set the VAULT_ADDR environment variable to use this init script.")
}
if (System.getenv('VAULT_ROLE_ID') == null && System.getenv('VAULT_SECRET_ID') == null && System.getenv('VAULT_TOKEN') == null) {
throw new GradleException("You must set either the VAULT_ROLE_ID and VAULT_SECRET_ID environment variables, " +
"or the VAULT_TOKEN environment variable to use this init script.")
}
final String vaultToken = System.getenv('VAULT_TOKEN') ?: new Vault(
new VaultConfig()
.address(System.env.VAULT_ADDR)
.engineVersion(1)
.build()
)
.withRetries(5, 1000)
.auth()
.loginByAppRole("approle", System.env.VAULT_ROLE_ID, System.env.VAULT_SECRET_ID)
.getAuthClientToken()
final Vault vault = new Vault(
new VaultConfig()
.address(System.env.VAULT_ADDR)
.engineVersion(1)
.token(vaultToken)
.build()
)
.withRetries(5, 1000)
if (USE_ARTIFACTORY) {
final Map<String, String> artifactoryCredentials = vault.logical()
.read("secret/elasticsearch-ci/artifactory.elstc.co")
.getData()
logger.info("Using elastic artifactory repos")
Closure configCache = {
return {
name "artifactory-gradle-release"
url "https://artifactory.elstc.co/artifactory/gradle-release"
credentials {
username artifactoryCredentials.get("username")
password artifactoryCredentials.get("token")
}
}
}
settingsEvaluated { settings ->
settings.pluginManagement {
repositories {
maven configCache()
}
}
}
projectsLoaded {
allprojects {
buildscript {
repositories {
maven configCache()
}
}
repositories {
maven configCache()
}
}
}
}
projectsLoaded {
rootProject {
project.pluginManager.withPlugin('com.gradle.build-scan') {
buildScan.server = 'https://gradle-enterprise.elastic.co'
}
}
}
final String buildCacheUrl = System.getProperty('org.elasticsearch.build.cache.url')
final boolean buildCachePush = Boolean.valueOf(System.getProperty('org.elasticsearch.build.cache.push', 'false'))
if (buildCacheUrl) {
final Map<String, String> buildCacheCredentials = vault.logical()
.read("secret/elasticsearch-ci/gradle-build-cache")
.getData()
gradle.settingsEvaluated { settings ->
settings.buildCache {
local {
// Disable the local build cache in CI since we use ephemeral workers and it incurs an IO penalty
enabled = false
}
remote(HttpBuildCache) {
url = buildCacheUrl
push = buildCachePush
credentials {
username = buildCacheCredentials.get("username")
password = buildCacheCredentials.get("password")
}
}
}
}
}