How to setup Gradle publish task user credentials with GitLab CI secret variables? I am using gradle maven publish plugin, and here is snippet from build.gradle

repositories {
    maven {
      credentials {
        username artifactUser
        password artifactPass
      }
      url "..."
    }
  }

I've tried to use gradle.properties as below

artifactUser=${env.MAVEN_REPO_USER}
artifactPass=${env.MAVEN_REPO_PASS}

And several ways of accessing secret variables in .gitlab-ci.yml file (because gradle.properties is not picked up from gradle or variables are not transformed correctly, it is in root project dir)

Method 1

'./gradlew publish -x test -PartifactUser=${env.MAVEN_REPO_USER} -PartifactPass=${env.MAVEN_REPO_PASS}'

Error: /bin/bash: line 56: -PartifactUser=${env.MAVEN_REPO_USER}: bad substitution

Method 2

    before_script:
      - chmod +x ./gradlew
      - export REPO_USER=${env.MAVEN_REPO_USER}
      - export REPO_PASS=${env.MAVEN_REPO_PASS}
    ...
    deploy:
  stage: deploy
  script:
    - ./gradlew publish -x test -PartifactUser=$REPO_USER -PartifactPass=$REPO_PASS

I am using openjdk:8-jdk-slim image for build using gradle wrapper. Seems like there are several issues with this kind of variable usage, do we have any workaround?

You don't need env. prefinx in your .gitlab-ci.yml. You don't need to re-export the variables as well.

If you have defined a variables named MAVEN_REPO_USER and MAVEN_REPO_PASS in Gitlab CI/CD settings for the project, you can just use them in Gradle script:

repositories {
    maven {
        credentials {
            username System.getenv("MAVEN_REPO_USER")
            password System.getenv("MAVEN_REPO_PASS")
        }
        url "…"
    }
}

Here is how I resolved it (unfortunately the official GitLab doco is very focused on Maven... :(

apply plugin: 'java'
apply plugin: 'maven-publish'

compileJava.options.encoding = 'UTF-8'
group = 'com.example'
version = '1.0.9'


task zipSource(type: Zip) {
    from file('files/test.zip')
    archiveClassifier = 'testZip'
}

publishing {
    repositories {
        maven {
            name 'GitLab' 
            url 'https://gitlab.my-company.com/api/v4/projects/2302/packages/maven'
            credentials(HttpHeaderCredentials) {
                name = "Job-Token"
                value = System.getenv("CI_JOB_TOKEN")
            }
            authentication {
                header(HttpHeaderAuthentication)
            }
        }
   }
   publications {
        mavenJava(MavenPublication) {
            artifactId = 'project1-sample'
            //deploy jar vom Java
            from components.java
            //deploy arbitrary Zip file
            artifact zipSource
        }
    }
}

As md_rasler mentioned in his comment above, his code worked almost perfectly. I had to modify it slightly and use different name 'Deploy-Token' as the default value for the name. My config lookks like this:

maven {
    url "https://gitlab.com/api/v4/projects/<<project_id>>/packages/maven"
    credentials(HttpHeaderCredentials) {
        name = "${System.getenv("CI_JOB_TOKEN") ? 'a -Token' : 'Deploy-Token'}"
        value = "${System.getenv("CI_JOB_TOKEN") ?: gitlabDeployToken}"
    }
    authentication {
        header(HttpHeaderAuthentication)
    }
}

you can use environment variables directly to set gradle properties, see full documentation here.

in your case set artifactUser and artifactPass as env variables (best as secrect ones).