Hi, we are using Jenkins to build our project, in which bower will be invoked to install dependencies including Kendo UI professional. Regarding the credentials... I see the options are: 1) in bower.json, have something like "kendo-ui": "https://<user>:<pwd>@bower.telerik.com/bower-kendo-ui.git#~2016.1.412", or 2) have the <user>:<pwd> stored in _netrc (windows) or some plugin ( this option unfortunately does not work currently in our Jenkins, the build always suspends when starting to authenticate against kendo repository). Both options expose the credential to some extent.
The problem is, we can't really have a "build user" for downloading Kendo on the build server, as we would then have to pay for yet another license, or one of our developer's personal subscription accounts would have to be used. That sounds a bit weird. Is there any token, "API Key" or similar concept? If username/password is the only way to let bower download Kendo, any suggestions on how that should be done on Jenkins?
1 Answer, 1 is accepted
The API key or token approach is the way to go, indeed. Our infrastructure team is considering this implementation, but we don't provide such offering for the moment.
Apart from that, the _netrc file should work as expected. For added security, you may change the file permissions, so that it is readable only by the jenkins user.
Regards,
Petyo
Telerik