Skip to content

Commit 87ec23c

Browse files
authored
Use Sonatype Guide PAT for OSS Index audit (#18515)
1 parent 4a86720 commit 87ec23c

3 files changed

Lines changed: 5 additions & 6 deletions

File tree

.github/repository-settings.md

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,9 +17,8 @@ Secrets:
1717
- `GPG_PRIVATE_KEY` - stored in OpenTelemetry-Java 1Password
1818
- `GRADLE_PUBLISH_KEY` - owned by [@trask](https://github.com/trask)
1919
- `GRADLE_PUBLISH_SECRET` - owned by [@trask](https://github.com/trask)
20+
- `SONATYPE_GUIDE_PAT` - owned by [@trask](https://github.com/trask)
2021
- `SONATYPE_KEY` - owned by [@trask](https://github.com/trask)
21-
- `SONATYPE_OSS_INDEX_PASSWORD` - owned by [@trask](https://github.com/trask)
22-
- `SONATYPE_OSS_INDEX_USER` - owned by [@trask](https://github.com/trask)
2322
- `SONATYPE_USER` - owned by [@trask](https://github.com/trask)
2423

2524
## Secrets and variables > Actions

.github/workflows/owasp-dependency-check-daily.yml

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -32,8 +32,7 @@ jobs:
3232
id: audit
3333
continue-on-error: true
3434
env:
35-
SONATYPE_OSS_INDEX_USER: ${{ secrets.SONATYPE_OSS_INDEX_USER }}
36-
SONATYPE_OSS_INDEX_PASSWORD: ${{ secrets.SONATYPE_OSS_INDEX_PASSWORD }}
35+
SONATYPE_GUIDE_PAT: ${{ secrets.SONATYPE_GUIDE_PAT }}
3736

3837
- name: Print vulnerability report
3938
if: steps.audit.outcome == 'failure'

conventions/src/main/kotlin/otel.java-conventions.gradle.kts

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -428,8 +428,9 @@ tasks.withType<Checkstyle> {
428428
}
429429

430430
ossIndexAudit {
431-
username = System.getenv("SONATYPE_OSS_INDEX_USER") ?: ""
432-
password = System.getenv("SONATYPE_OSS_INDEX_PASSWORD") ?: ""
431+
// Guide PAT authentication ignores this, but the scan plugin requires it.
432+
username = "unused"
433+
password = System.getenv("SONATYPE_GUIDE_PAT") ?: ""
433434
outputFormat = org.sonatype.gradle.plugins.scan.ossindex.OutputFormat.JSON_CYCLONE_DX_1_4
434435
}
435436

0 commit comments

Comments
 (0)