android build 在 jenkins 上发布 apk，无需以纯文本形式存储我的密码 [英] android build release apk on jenkins, without storing my password in plain text

问题描述

我需要能够使用 Jenkins 作业构建我的 apk 的发布版本.

I need to be able to build the release version of my apk, using a Jenkins job.

从阅读以下SO问题

如何创建发布使用 Gradle 签名的 apk 文件?

我知道我可以通过以下两种方式之一做到这一点.要么让用户在 cmd 提示符下输入密码，要么将我的密码详细信息存储在未提交给 git 且位于我的本地计算机上的纯文本文件中.

I understand I can do it in one of two ways. Either get the user to enter the password at cmd prompt, or store my password details in a plain text file that doesn't get committed to git, and lives on my local machine.

不过，在 jenkins 上运行构建作业时，这些都不起作用.1)我无法获得用户输入，因为这可能在半夜运行(即使用户在他们的机器上，我什至不知道如何从 cmd 行获取用户输入)2)任何可以获得对该构建框的访问权限，将能够通过 cmd 行或从该 jenkins 服务器上运行的另一个 build.gradle 作业获取该文件的内容.

Neither of these will work when running the build job on jenkins though. 1) I can't gain user input because this may be running in the middle of the night (I don't even know how to get user input from the cmd line even if the user was at their machine) 2) Anyone who can gain access to that build box, would be able to cat the contents of that file either via the cmd line or from another build.gradle job running on that jenkins server.

有谁知道我可以隐藏我的密码，但 Jenkins 的工作可以访问它吗?

Does anyone know of anyway I can keep my password hidden but so that the Jenkins job can access it?

谢谢

推荐答案

您可以使用 Mask Password Plugin，它就是这样做的.或者同样的功能包含在 EnvInject 插件中，迟早所有 Jenkins 项目都会需要 EnvInject 插件(它可以做很多其他的事情)，所以不妨现在就开始使用它.

You can use Mask Password Plugin, which does just that. Or the same functionality is included in EnvInject plugin, and sooner or later all Jenkins projects get a need for EnvInject plugin (that does many other things), so might as well start using it now.

• 安装EnvInject插件.
• 在 Jenkins Global Configuration 下，找到 Global Passwords 部分.
• 添加名称(这将是环境变量名称)和密码(将带有星号 **** ).
• 在作业配置下，找到构建环境部分.
• 勾选将密码作为环境变量注入构建.
• 然后勾选全局密码.

• Install EnvInject plugin.
• Under Jenkins Global Configuration, find Global Passwords section.
• Add a name (this will be the environment variable name) and password (will be starred **** ).
• Under Job Configuration, find Build Environment section.
• Checkmark Inject passwords to the build as environment variables.
• Then checkmark Global passwords.

在任何构建步骤中，您现在都可以使用 $name(如前所述)来引用密码，就像您以纯文本输入一样.

In any build step, you can now use $name (as defined earlier) to refer to a password as you would if you were typing it in plain text.

• 密码变量仅在作业执行时注入(在服务器的命令行上单独输入 $name 不会产生任何结果，并且与所有 Jenkins 变量一样，它不是持久的).
• 作业控制台日志将显示 **** 而不是密码(如果出现).
• 您可以为每个作业而不是全局配置密码，以便其他作业无法使用它.

• The password variable is injected only at job execution time (typing $name on command line of the server by itself will not produce anything, and like all Jenkins variables, it is not persistent).
• The job console log will show **** instead of password, if it appears.
• You could configure passwords per job, rather than globally, so that other jobs can't use it.

唯一的安全问题是，如果有人具有管理权限来配置您的作业，他们可以编写 echo $name >secretpassword.txt 进入构建步骤，然后查看工作区中的文件.但是您应该小心将管理权限分配给谁.

The only security concern is that if someone has administrative permissions to configure your job, they can write echo $name > secretpassword.txt into a build step, and then review the file in the workspace. But you should be careful who you assign administrative rights to.

这篇关于android build 在 jenkins 上发布 apk，无需以纯文本形式存储我的密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！