Skip to content

Latest commit

 

History

History
79 lines (54 loc) · 1.58 KB

README.md

File metadata and controls

79 lines (54 loc) · 1.58 KB

PacMan

Utility to configure build tools to use security gateway as package repository. Refer to https://safedep.io for more details.

pacman aka. Package Manager inspired by the pacman is a tool for easily configuring various package managers such as Gradle, Maven etc. to use the security gateway for downloading required dependencies.

Setup

Run pacman configuration wizard

./pacman.sh configure

Configure Gradle

./pacman.sh setup-gradle

Configure Maven

./pacman.sh setup-maven

Note: This script overwrite $HOME/.m2/settings.xml

Configuring Project

To configure package managers building a specific project, set environment

GATEWAY_PROJECT_ID=project-id

Cleanup

Remove any configuration file added by pacman

./pacman clean

Using Github Action

Configure gateway credentials using Github secret named

  1. GATEWAY_URL
  2. GATEWAY_USERNAME
  3. GATEWAY_PASSWORD

Use the following Github action step just before invoking application build

jobs:
  build:
    steps:
    [...]
    - name: Configure environment to use SafeDep Gateway
      uses: safedep/pacman@main
      with:
        gateway_url: ${{ secrets.GATEWAY_URL }}
        gateway_username: ${{ secrets.GATEWAY_USERNAME }}
        gateway_password: ${{ secrets.GATEWAY_PASSWORD }}
        package_manager: maven

Github recommends using commit SHA to pin 3rd party actions instead of ref

Supported Package Managers

  • maven
  • gradle
  • pip

Reference