Add allowlist test for packaged runtime JARs

Track the set of third-party runtime dependencies that are bundled into
the oauth plugin by generating a deterministic manifest for
:oauth__plugin and diffing it against an allowlist in CI.

This prevents accidental changes to the packaged dependency set and
ensures that libraries already provided by Gerrit are not bundled into
the plugin.

Exclude org.slf4j:slf4j-api from the Maven dependencies since Gerrit
ships it, avoiding duplicate classes and potential version skew in the
plugin classloader.

Change-Id: I625bd7f0d4a29ff68996b295562b5349ef4b7c55
5 files changed
tree: c4fc23f9a930bed2fcd32de138c499d0884e1212
  1. .settings/
  2. src/
  3. tools/
  4. .bazelignore
  5. .bazelrc
  6. .bazelversion
  7. .gitignore
  8. .travis.yml
  9. BUILD
  10. external_plugin_deps.MODULE.bazel
  11. LICENSE
  12. LICENSE-scribe
  13. MODULE.bazel
  14. MODULE.bazel.lock
  15. oauth_plugin_deps.lock.json
  16. oauth_third_party_runtime_jars.allowlist.txt
  17. README.md
README.md

Gerrit OAuth2 authentication provider

Build Status

With this plugin Gerrit can use OAuth2 protocol for authentication. Supported OAuth providers:

See the Wiki what it can do for you.

Prebuilt artifacts

Prebuilt binary artifacts are available on release page. Make sure to pick the right JAR for your Gerrit version.

Build

To build the plugin with Bazel, install Bazel and run the following:

  git clone https://gerrit.googlesource.com/plugins/oauth
  cd oauth && bazel build oauth

Install

Copy the bazel-bin/oauth.jar to $gerrit_site/plugins and re-run init to configure it:

  java -jar gerrit.war init -d <site>
  [...]
  *** OAuth Authentication Provider
  ***
  Use Bitbucket OAuth provider for Gerrit login ? [Y/n]? n
  Use Google OAuth provider for Gerrit login ? [Y/n]?
  Application client id          : <client-id>
  Application client secret      : 
                confirm password : 
  Link to OpenID accounts? [true]: 
  Use GitHub OAuth provider for Gerrit login ? [Y/n]? n

Reporting bugs

Make sure to read the FAQ before reporting issues.

License

Apache License 2.0