:samples-dir: /home/tcagent1/agent/work/ff6c2020506a5c2d/promote-projects/gradle/build/git-checkout/subprojects/docs/build/working/samples/install/publishing-credentials
:gradle-version: 6.5-rc-1

= Publishing Credentials Sample

[.download]
- link:zips/sample_publishing_credentials-groovy-dsl.zip[icon:download[] Groovy DSL]
- link:zips/sample_publishing_credentials-kotlin-dsl.zip[icon:download[] Kotlin DSL]

NOTE: You can open this sample inside an IDE using the https://www.jetbrains.com/help/idea/gradle.html#gradle_import_project_start[IntelliJ native importer] or https://projects.eclipse.org/projects/tools.buildship[Eclipse Buildship].

This sample shows how credentials can be used when publishing artifacts to a Maven repository using link:{userManualPath}/build_environment.html#sec:project_properties[project properties].
This approach allows you to keep sensitive configuration out of your project's source code and inject it only when needed.

The code in the `maven-repository-stub` directory builds a plugin used to stub the Maven repository in order to demonstrate the authentication flow. It expects the following hardcoded credentials on the server stub:
====
include::sample[dir="groovy",files="maven-repository-stub/src/main/java/com/example/MavenRepositoryStub.java[tags=credentials]"]
====

In a real project, your build would point to a private repository for your organization.

The published project has some sample Java code to be compiled and distributed as a Java library.
Gradle build file registers a publication to a Maven repository:
====
include::sample[dir="groovy",files="build.gradle[tags=publication]"]
include::sample[dir="kotlin",files="build.gradle.kts[tags=publication]"]
====

Authentication credentials are only configured and validated if the publication task is going to be invoked in the current build:
====
include::sample[dir="groovy",files="build.gradle[tags=credentials]"]
include::sample[dir="kotlin",files="build.gradle.kts[tags=credentials]"]
====

Credential values are declared to be Gradle properties and can be passed to the publish task in multiple ways:

* via command-line properties:
=====
----
$ ./gradlew publish -PmavenUser=secret-user -PmavenPassword=secret-password
----
=====
* via environment variables:
=====
----
$ ORG_GRADLE_PROJECT_mavenUser=secret-user ORG_GRADLE_PROJECT_mavenPassword=secret-password ./gradlew publish
----
=====
* by setting the properties in `gradle.properties` file:
=====
----
mavenUser=secret-user
mavenPassword=secret-password
----
=====
and running
=====
----
$ ./gradlew publish
----
=====
The sensitive data is kept outside of the project sources since the `gradle.properties` file can reside in the user's `~/.gradle` directory.

For more information about using Gradle properties, see link:{userManualPath}/build_environment.html#sec:gradle_configuration_properties[Gradle Properties user manual chapter].
