leiningen icon indicating copy to clipboard operation
leiningen copied to clipboard
verified publisher icon technomancy

Read repo auth profile credentials from project-dir/profiles.clj

Open cap10morgan opened this issue 11 years ago • 4 comments

I'm not sure if this is by design or not, but before working on a PR to change it, I thought I'd check.

I'd like to have a [project-dir]/profiles.clj file that defines an :auth profile with repository-auth credentials in it. The reason I need it here is that I'm using Docker, so I can only put files into the container that live in the project-dir (or a subdirectory thereof), so ~/.lein/profiles.clj won't work. But I also want to .gitignore this file so I don't have credentials in my source code repo, so putting the :auth profile in project.clj won't work either. I also can't use env vars because I can't easily set any during docker build and I can't use GPG encrypted credentials because those also live in $HOME and I'd rather not bake my private GPG key into my Docker images. So maybe there's another way to do this, but I haven't found it.

It looks like profile-auth credentials are only loaded from leiningen-core/src/leiningen/core/user.clj:profile-auth. This fn only looks at profiles defined in ~/.lein/profiles.clj and ~/.lein/profiles.d/*, not project profiles. However, it appears that profiles defined in project.clj are already in effect, so that if I do put the :auth profile directly into project.clj, everything works.

So currently there's an inconsistency (at least) in that leiningen is happy to load project-specific repo credentials from project.clj, but not from [project-dir]/profiles.clj. My first thought was to fix that by having it read them from [project-dir]/profiles.clj, but if there's a better way to approach this, I can work in that direction instead.

cap10morgan avatar Dec 14 '14 17:12 cap10morgan

I have exactly the same use case as @cap10morgan.

alexanderkiel avatar Oct 22 '15 06:10 alexanderkiel

This seems to still be a problem.

orb avatar Oct 15 '16 06:10 orb

From reading the code, I believe this is by design. ~/.lein/profiles.clj (and ~/.lein/profiles.d/*.clj) contain ‘user-wide’ profiles (see doc/PROFILES.md); only :auth settings from these user-wide profiles are applied. It is not true that you can put the :auth profile in project.clj directly.

What you can easily do is fully specify the repository including credentials in the project profiles.clj:

{:dev {:repositories [["myrepo" {:url "https://my.repo.org/"
                                 :username "me"
                                 :password "secret"}]]}}

glts avatar May 25 '19 19:05 glts

This was intentional, but the situation has changed; we can't assume deploys always happen in an attended session. The suggested fix in the original issue description is reasonable.

technomancy avatar Jun 20 '19 16:06 technomancy