我希望有一个设置,开发人员可以从 URL Resolver(托管我们的存储库的远程内部服务器)解析/检索依赖项,但无法发布到它(出于安全和代码完整性原因) )。
然而,为了让他们的 Ivy 客户端“看到”远程存储库,以便他们可以从中提取依赖项,我需要在 Ant 构建中的解析/检索模式中公开 URL。这包括用户名和密码!
我如何给他们“读取”(解析)访问权限,而不是“写入”(发布)访问权限?!?!
I'd like to have a setup where developers can resolve/retrieve dependencies from a URL Resolver (a remote, in-house server hosting our repo) but cannot publish to it (for security and code integrity reasons).
However, for their Ivy clients to "see" the remote repo so they can pull dependencies down off of it, I need to expose the URL in the resolve/retrieve patterns inside our Ant builds. This includes the username & password!
How do I give them "read" (resolution) access, but not "write" (publishing) access?!?!
发布评论
评论(2)
使用存储库管理器,例如 Nexus、Archiva 或 Artifactory 具有以下安全模型:存储库访问。它将允许您为提供给开发人员的存储库创建只读用户。
Use a repository manager like Nexus, Archiva or Artifactory that has a security model for the repository access. It will allow you to create a read only user for the repository that you give to the developers.
大概允许发布的 ant 构建在开发人员计算机以外的服务器上运行?
在这种情况下,请将用户名和密码放入这些服务器上的环境变量中,并使用 属性 任务。
或者,从本地文件读取用户名和密码。
无论如何,请将凭据保留在应具有发布权限的计算机本地。
Presumably the ant builds that are allowed to publish run on servers other than the developers' machines?
In which case, put the username and password into environment variables on those servers and read them using the
environmentoption on the Property task.Alternatively, read the username and password from a local file.
In any case, keep the credentials local to the machine which should have the permission to publish.