Gradle build fails - missing globally set gradle properties
cmplank opened this issue · comments
Which Renovate are you using?
Renovate Open Source CLI - Docker Image
Which platform are you using?
Bitbucket Server
Have you checked the logs? Don't forget to include them if relevant
Yes.
What would you like to do?
I want to get renovate to scan my gradle projects for updates. I'm using the renovate/renovate image from dockerhub. When scanning my projects, I get this error:
INFO: Repository started (repository=cr/common-renovate-test)
"renovateVersion": "23.89.3"
(node:8) DeprecationWarning: Instance method `debug.destroy()` is deprecated and no longer does anything. It will be removed in the next major version of `debug`.
(Use `node --trace-deprecation ...` to show where the warning was created)
WARN: Gradle extraction failed (repository=cr/common-renovate-test)
"errMessage": "Command failed: ./gradlew --init-script renovate-plugin.gradle renovate\n\nFAILURE: Build failed with an exception.\n\n* Where:\nBuild file '/tmp/renovate/repos/bitbucket-server/cr/common-renovate-test/build.gradle' line: 6\n\n* What went wrong:\nA problem occurred evaluating root project 'common-renovate-test'.\n> Could not get unknown property 'nexusUsername' for Credentials [username: null] of type org.gradle.internal.credentials.DefaultPasswordCredentials_Decorated.\n\n* Try:\nRun with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.\n\n* Get more help at https://help.gradle.org\n\nBUILD FAILED in 12s\n"
INFO: DRY-RUN: Would commit files to onboarding branch (repository=cr/common-renovate-test)
WARN: Gradle extraction failed (repository=cr/common-renovate-test)
"errMessage": "Command failed: ./gradlew --init-script renovate-plugin.gradle renovate\n\nFAILURE: Build failed with an exception.\n\n* Where:\nBuild file '/tmp/renovate/repos/bitbucket-server/cr/common-renovate-test/build.gradle' line: 6\n\n* What went wrong:\nA problem occurred evaluating root project 'common-renovate-test'.\n> Could not get unknown property 'nexusUsername' for Credentials [username: null] of type org.gradle.internal.credentials.DefaultPasswordCredentials_Decorated.\n\n* Try:\nRun with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.\n\n* Get more help at https://help.gradle.org\n\nBUILD FAILED in 4s\n"
INFO: Dependency extraction complete (repository=cr/common-renovate-test)
"baseBranch": "master",
"stats": {
"managers": {"gradle-wrapper": {"fileCount": 1, "depCount": 1}},
"total": {"fileCount": 1, "depCount": 1}
}
WARN: No github.com token has been configured. Skipping release notes retrieval (repository=cr/common-renovate-test)
"manager": "gradle-wrapper",
"depName": "gradle",
"sourceUrl": "https://github.com/gradle/gradle"
WARN: No github.com token has been configured. Skipping release notes retrieval (repository=cr/common-renovate-test)
"manager": "gradle-wrapper",
"depName": "gradle",
"sourceUrl": "https://github.com/gradle/gradle"
INFO: DRY-RUN: Would check branch renovate/configure (repository=cr/common-renovate-test)
INFO: DRY-RUN: Would create onboarding PR (repository=cr/common-renovate-test)
INFO: Repository finished (repository=cr/common-renovate-test)
"durationMs": 23898
This is caused by a variable in my gradle build's repository block. My build.gradle file looks like this:
repositories {
mavenLocal()
maven {
url "https://nexus.mycompany.org/repository/maven-public/"
credentials {
username nexusUsername
password nexusPassword
}
}
mavenCentral()
jcenter()
}So far, this makes sense because Renovate doesn't have these gradle properties. On my local system, following gradle's guidelines, I have a gradle.properties file in /home/myusername/.gradle/ with these credentials. This works fine locally so I tried to implement the same in the Renovate container by mounting my gradle.properties file as a volume. Here is the gradle.properties file for reference:
nexusUsername=my_user
nexusPassword=MyP@$$W0RDI mounted the file to /home/ubuntu/.gradle/gradle.properties and inspected to make sure it's going in, but I get the same error when running renovate. I thought maybe the HOME env var is messed up so following https://docs.gradle.org/current/userguide/build_environment.html#sec:gradle_environment_variables I explicitly set GRADLE_USER_HOME=/home/ubuntu/.gradle/ but I still get the same error. I tried setting HOME=/home/ubuntu also just in case but it didn't help.
Then I found out gradle can bypass the gradle.properties and just accept environment variables in the format ORG_GRADLE_PROJECT_myVar=myVal. https://docs.gradle.org/current/userguide/build_environment.html#sec:project_properties. So I tried this by creating ORG_GRADLE_PROJECT_nexusUsername=my_user and ORG_GRADLE_PROJECT_nexusPassword=MyP@$$W0RD. This also has no effect. I've double checked all my settings and inspected the container to make sure my env and files are coming in correctly and they are.
At this point, I'm wondering if the renovate gradle plugin that runs is what is causing the problem (when it runs ./gradlew --init-script renovate-plugin.gradle renovate). Or maybe I'm just doing something wrong. I would appreciate any guidance I could get.
Strange, HOME should already point to /home/ubuntu and be passed to renovate child processes.
How do you run / execute renovate? (eg jenkins, kubernetes cron job, other ...) Please be detailed.
try trustLevel=high, so renovate will pass full env to gradle
I think renovatebot/renovate#3608 would solve this too
I have run renovate in okd (a kubernetes wrapper) and then started running directly in docker to eliminate differences. Both have the same problem. Locally, I run
docker run -ti --network=host \
-e RENOVATE_PASSWORD="my_bitbucket_token" \
-e RENOVATE_TOKEN="my_bitbucket_token" \
-e RENOVATE_CONFIG_FILE=/opt/renovate/config.json \
-e ORG_GRADLE_PROJECT_nexusUsername=my_nexus_user \
-e ORG_GRADLE_PROJECT_nexusPassword=my_nexus_password \
-e GRADLE_USER_HOME=/home/ubuntu \
-v ${PWD}/config.json:/opt/renovate/config.json \
-v ${PWD}/gradle.properties:/home/ubuntu/gradle.properties \
renovate/renovate
My gradle.properties is as mentioned in my first post. My config.json is:
{
"logLevel" : "info",
"platform": "bitbucket-server",
"endpoint": "https://bitbucket.os.liberty.edu",
"gitAuthor": "Renovate Bot <renovatebot@liberty.edu>",
"username": "my_bitbucket_user",
"repositories": [
"cr/common-renovate-test"
],
"autodiscover": false,
"dryRun" : true
}Hey! Setting trustLevel to high worked! That must have been the issue.
As an aside, I don't think renovatebot/renovate#3608 would help. In fact, it would probably make things worse unless the js parsing of the various gradle files would include grabbing gradle properties from the system, interpreting the repositories block with a private nexus url and substituting variables for the matching credentials. And these credentials could be specified in different ways in the repositories block (e.g. username project.getProperty('nexusUsername') or username "${nexusUsername}" for lazy loading).
I think that would be a nightmare for Renovate to try to maintain. Part of the problem is gradle itself. The other part of the problem is the groovy language which supports so many syntax variants as equally valid.
I'll go put a comment on that issue to try to give the team a heads up about customized repository blocks in case they go forward with that effort.
For the registry auth you would always need to explicit add a hostRule, renovate won't use the credentials from Gradle file to lookup updates.
The credentials defined in Gradle files are only used to extract deps, all other stuff is done by renovate in javascript.
Now that I've worked through setting up my hostRules, I get what you mean. Thanks for all the help! I'm going to close this issue now.