JAVA-2348: Use ORG_GRADLE_PROJECT-prefixed environment variable to pass project properties to Gradle

jyemin · jyemin · commit dc90603d16d8 · 2017-01-24T08:24:14.000-05:00
diff --git a/.evergreen/.evg.yml b/.evergreen/.evg.yml
@@ -229,9 +229,11 @@ functions:
     - command: shell.exec
       type: test
       params:
+        silent: true
         working_dir: "src"
         script: |
-          PROJECT_DIRECTORY=${PROJECT_DIRECTORY} NEXUS_USER=${sonatype_username} NEXUS_PWD=${sonatype_password} SIGNING_PWD=${signing_password} SIGNING_KEY_ID=${signing_keyId} RING_FILE_GPG_BASE64=${ring_file_gpg_base64} .evergreen/publish.sh
+          # DO NOT ECHO WITH XTRACE (which PREPARE_SHELL does)
+          PROJECT_DIRECTORY=${PROJECT_DIRECTORY} NEXUS_USERNAME=${nexus_username} NEXUS_PASSWORD=${nexus_password} SIGNING_PASSWORD=${signing_password} SIGNING_KEY_ID=${signing_keyId} RING_FILE_GPG_BASE64=${ring_file_gpg_base64} .evergreen/publish.sh
 
   "cleanup":
     - command: shell.exec
diff --git a/.evergreen/publish.sh b/.evergreen/publish.sh
@@ -13,5 +13,12 @@ echo ${RING_FILE_GPG_BASE64} | base64 -d > ${PROJECT_DIRECTORY}/secring.gpg
 echo "Publishing snapshot with jdk8"
 
 export JAVA_HOME="/opt/java/jdk8"
+
+export ORG_GRADLE_PROJECT_nexusUsername=${NEXUS_USERNAME}
+export ORG_GRADLE_PROJECT_nexusPassword=${NEXUS_PASSWORD}
+export ORG_GRADLE_PROJECT_signing_keyId=${SIGNING_KEY_ID}
+export ORG_GRADLE_PROJECT_signing_password=${SIGNING_PASSWORD}
+export ORG_GRADLE_PROJECT_signing_secretKeyRingFile=${PROJECT_DIRECTORY}/secring.gpg
+
 ./gradlew -version
-./gradlew -PnexusUsername=${NEXUS_USER} -PnexusPassword=${NEXUS_PWD} -Psigning.secretKeyRingFile=${PROJECT_DIRECTORY}/secring.gpg -Psigning.password=${SIGNING_PWD} -Psigning.keyId=${SIGNING_KEY_ID} uploadSnapshotArchives --info
+./gradlew uploadSnapshotArchives
diff --git a/build.gradle b/build.gradle
@@ -73,6 +73,26 @@ configure(subprojects.findAll { it.name != 'util' }) {
         project.hasProperty(propertyName) && project.property(propertyName).toBoolean()
     }
 
+    /*
+        For security we allow the signing-related project properties to be passed in as environment variables, which
+        Gradle enables if they are prefixed with "ORG_GRADLE_PROJECT_".  But since environment variables can not contain
+        the '.' character and the signing-related properties contain '.', here we map signing-related project properties with '_'
+        to ones with '.' that are expected by the signing plugin.
+     */
+    gradle.taskGraph.whenReady { taskGraph ->
+        if (taskGraph.allTasks.any { it instanceof Sign }) {
+            if (project.hasProperty("signing_keyId")) {
+                allprojects { ext."signing.keyId" = project.property("signing_keyId") }
+            }
+            if (project.hasProperty("signing_secretKeyRingFile")) {
+                allprojects { ext."signing.secretKeyRingFile" = project.property("signing_secretKeyRingFile") }
+            }
+            if (project.hasProperty("signing_password")) {
+                allprojects { ext."signing.password" = project.property("signing_password") }
+            }
+        }
+    }
+
     javadoc {
         exclude "**/com/mongodb/**/internal/**"
 
