Search code examples
mavenazure-pipelinesmaven-3

Azure Pipeline maven task not picking up GCP credentials


I have created an Azure pipeline that should auth with a GCP service account and do the maven test step. In the test I have a BigQuery client directly connecting to the BigQuery datasets, querying it and doing some assertions, that's why I need the credentials.

It is all working fine on my local machine, where I have pointe GOOGLE_APPLICATION_CREDENTIALS to the .json containing the service account key.

Even in the pipeline, everything works fine with the key (I've checked it on some terraform steps and they are picking up the credentials provided in such a way), except the maven command.

Below is the code I'm using:

Azure pipeline:

steps:
  - task: Bash@3
    displayName: Copy GCP Service Account Key
    inputs:
      workingDirectory: ${{parameters.working_drectory}}
      targetType: 'inline'
      script: 'echo ${{parameters.credentials}} | base64 -d > svc.json'

  - task: laurensknoll.google-cloud-sdk-tasks.gcloud-runner.GcloudRunner@0
    displayName: 'gcloud auth activate-service-account'
    inputs:
      command: 'auth activate-service-account'
      arguments: '--key-file svc.json'
      workingDirectory: ${{parameters.working_drectory}}

  - task: laurensknoll.google-cloud-sdk-tasks.gcloud-runner.GcloudRunner@0
    displayName: 'gcloud config set project'
    inputs:
      command: 'config set project'
      arguments: ${{parameters.project}}
      workingDirectory: ${{parameters.working_drectory}}

  - task: MavenAuthenticate@0
    # This task will authenticate your maven feed for input deps and output deps
    inputs:
      artifactsFeeds: $(incomingFeedName)

  - task: Maven@3
    # The version in the POM has to be set to the 'correct value' which is defined by line 2 of this file
    # Note that this changes the pom, so the cache key in the step called 'Cache Maven' will change, and we will need to change this back later
    inputs:
      mavenPomFile: 'samples/testproject/pom.xml'
      goals: 'test'
      mavenAuthenticateFeed: true
    displayName: Build test and set the version, package

relavant POM part:

    <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-surefire-plugin</artifactId>
        <version>${maven-surefire-plugin.version}</version>
        <configuration>
            <parallel>all</parallel>
            <threadCount>4</threadCount>
            <redirectTestOutputToFile>true</redirectTestOutputToFile>
            <systemPropertyVariables>
                <WSNSHELL_HOME>GOOGLE_APPLICATION_CREDENTIALS</WSNSHELL_HOME>
            </systemPropertyVariables>
        </configuration>
        <dependencies>
            <dependency>
                <groupId>org.apache.maven.surefire</groupId>
                <artifactId>surefire-junit47</artifactId>
                <version>${maven-surefire-plugin.version}</version>
            </dependency>
        </dependencies>
    </plugin>

I have tried as well as passing the GOOGLE_APPLICATION_CREDENTIALS as an option to maven with -DGOOGLE_APPLICATION_CREDENTIALS=svc.json but that hasn't worked either


Solution

  • The issue was that the credentials json file wasn't present in the maven working directory, meaning the maven working directory and other steps working directory wasn't the same.

    The issue was fixed by copying the credentials json file to the maven working directory.