File tree Expand file tree Collapse file tree
conventions/src/main/kotlin Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -17,9 +17,8 @@ Secrets:
1717- ` GPG_PRIVATE_KEY ` - stored in OpenTelemetry-Java 1Password
1818- ` GRADLE_PUBLISH_KEY ` - owned by [ @trask ] ( https://github.com/trask )
1919- ` GRADLE_PUBLISH_SECRET ` - owned by [ @trask ] ( https://github.com/trask )
20+ - ` SONATYPE_GUIDE_PAT ` - owned by [ @trask ] ( https://github.com/trask )
2021- ` SONATYPE_KEY ` - owned by [ @trask ] ( https://github.com/trask )
21- - ` SONATYPE_OSS_INDEX_PASSWORD ` - owned by [ @trask ] ( https://github.com/trask )
22- - ` SONATYPE_OSS_INDEX_USER ` - owned by [ @trask ] ( https://github.com/trask )
2322- ` SONATYPE_USER ` - owned by [ @trask ] ( https://github.com/trask )
2423
2524## Secrets and variables > Actions
Original file line number Diff line number Diff line change 3232 id : audit
3333 continue-on-error : true
3434 env :
35- SONATYPE_OSS_INDEX_USER : ${{ secrets.SONATYPE_OSS_INDEX_USER }}
36- SONATYPE_OSS_INDEX_PASSWORD : ${{ secrets.SONATYPE_OSS_INDEX_PASSWORD }}
35+ SONATYPE_GUIDE_PAT : ${{ secrets.SONATYPE_GUIDE_PAT }}
3736
3837 - name : Print vulnerability report
3938 if : steps.audit.outcome == 'failure'
Original file line number Diff line number Diff line change @@ -428,8 +428,9 @@ tasks.withType<Checkstyle> {
428428}
429429
430430ossIndexAudit {
431- username = System .getenv(" SONATYPE_OSS_INDEX_USER" ) ? : " "
432- password = System .getenv(" SONATYPE_OSS_INDEX_PASSWORD" ) ? : " "
431+ // Guide PAT authentication ignores this, but the scan plugin requires it.
432+ username = " unused"
433+ password = System .getenv(" SONATYPE_GUIDE_PAT" ) ? : " "
433434 outputFormat = org.sonatype.gradle.plugins.scan.ossindex.OutputFormat .JSON_CYCLONE_DX_1_4
434435}
435436
You can’t perform that action at this time.
0 commit comments