Last active
April 14, 2016 12:54
-
-
Save mccraigmccraig/887d4778b57461b21d29c1ee6b4f6fa9 to your computer and use it in GitHub Desktop.
boot s3-wagon-private repository credentials from gpg or environment
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
;; ; specify S3 repositories with something like | |
;; | |
;; (set-env! | |
;; :wagons '[[s3-wagon-private "1.2.0"]] | |
;; :repositories #(concat % [["releases" {:url "s3p://your-s3-wagon-bucket/releases/" | |
;; :username [:env/aws_access_key :gpg] | |
;; :passphrase [:env/aws_secret_key :gpg]}] | |
;; ["snapshots" {:url "s3p://your-s3-wagon-bucket/snapshots/" | |
;; :username [:env/aws_access_key :gpg] | |
;; :passphrase [:env/aws_secret_key :gpg]}]]) | |
(configure-repositories! | |
(let [gpg-creds (atom nil) | |
with-creds (atom {}) | |
gpg-cred-file (some | |
(fn [f] (when (.exists f) f)) | |
[(clojure.java.io/file | |
(System/getProperty "user.home") ".lein/credentials.clj.gpg") | |
(clojure.java.io/file | |
(System/getProperty "user.home") ".boot/credentials.clj.gpg")]) | |
decrypt-gpg-creds (fn [] | |
(cond | |
@gpg-creds @gpg-creds | |
gpg-cred-file (reset! gpg-creds (gpg-decrypt gpg-cred-file :as :edn)) | |
:else nil)) | |
gpg-creds-for-url (fn [url] | |
(when url | |
(some | |
(fn [[regex cred]] | |
(if (re-find regex url) cred)) | |
(decrypt-gpg-creds)))) | |
fetch-gpg-cred (fn [url k] | |
(let [cred (-> (gpg-creds-for-url url) | |
(get k))] | |
(when cred (println "got GPG cred for: " url k)) | |
cred)) | |
fetch-env-cred (fn [url k] | |
(when-let [[_ ev] (->> k str (re-matches #"^:env/(.+)$"))] | |
(let [ev (clojure.string/upper-case ev) | |
cred (System/getenv ev)] | |
(when cred (println "got EV cred for: " url k)) | |
cred))) | |
make-sequential (fn [v] | |
(cond (nil? v) nil | |
(sequential? v) v | |
:else [v])) | |
choose-creds (fn [{url :url | |
:as m}] | |
(let [cks (clojure.set/intersection | |
#{:username :password :passphrase} | |
(-> m keys set))] | |
(if (not-empty cks) | |
(into | |
{} | |
(for [ck cks] | |
(do | |
(println "looking for: " url ck) | |
(let [v (some | |
identity | |
(for [cspec (make-sequential (get m ck))] | |
(do | |
(cond | |
(= :gpg cspec) | |
(fetch-gpg-cred url ck) | |
(re-matches #"^:env/.+$" (some-> cspec str)) | |
(fetch-env-cred url cspec)))))] | |
(when v [ck v]))))) | |
(gpg-creds-for-url url)))) | |
configure-repo (fn [m] | |
(let [creds (choose-creds m) | |
m (merge m creds)] | |
;; (when creds | |
;; (prn "configured: " m)) | |
m))] | |
(fn [{:keys [url] :as m}] | |
(when-not (get @with-creds url) | |
(swap! with-creds | |
assoc | |
url | |
(configure-repo m))) | |
(get @with-creds url m)))) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment