search

47degrees / LambdaTest

Functional testing for Scala.
https://47deg.github.io/LambdaTest/
Apache License 2.0
67 stars 4 forks source link

Problem publishing to Sonatype #14

Closed nickelsberry closed 6 years ago

nickelsberry commented 6 years ago

From @nestorpersist

"I am trying to push out a new version of LambdaTest to sonatype (using sbt publishSigned) and am getting the following errors.

Access to URL https://oss.sonatype.org/service/local/staging/deploy/maven2/com/fortysevendeg/lambda-test_2.12/1.3.1/lambda-test_2.12-1.3.1.jar.asc was refused by the server: Forbidden

(docs/*:publishSignedConfiguration) Repository for publishing is not specified."

Can you take a look at this?

fedefernandez commented 6 years ago

The publication process didn't change for a while, neither our Sonatype credentials. Looks like a temporary error or a bad credentials. As shown here it's necessary to have a couple of environment variables (PUBLISH_USERNAME and PUBLISH_PASSWORD) with the credentials of our Sonatype account.

For the publication, it's also required the gpg file with the key, but I can't find it, probably is not stored in our system.

nestorpersist commented 6 years ago

Nothing on my side is changed in the publication part.

PUBLISH_USERNAME=47deg.developer PUBLISH_PASSWORD= starts with Nk

I am able to log directly into sonatype with these.

I do have the gpg file on my machine.

Here is my pub key. There is also a secring.gpg file in the same dir. These are the same files that worked for previous versions.

The FORBIDDEN error states that credentials are ok but I don’t have access to the specific repo.

https://support.sonatype.com/hc/en-us/articles/213464668-Troubleshooting-Artifact-Deployment-Failures https://support.sonatype.com/hc/en-us/articles/213464668-Troubleshooting-Artifact-Deployment-Failures

On Apr 18, 2018, at 11:42 AM, Fede Fernández notifications@github.com wrote:

The publication process didn't change for a while, neither our Sonatype credentials. Looks like a temporary error or a bad credentials. As shown here https://github.com/47deg/LambdaTest/blob/master/build.sbt#L128 it's necessary to have a couple of environment variables (PUBLISH_USERNAME and PUBLISH_PASSWORD) with the credentials of our Sonatype account.

For the publication, it's also required the gpg file with the key, but I can't find it, probably is not stored in our system.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/47deg/LambdaTest/issues/14#issuecomment-382488658, or mute the thread https://github.com/notifications/unsubscribe-auth/ABwdUc6z5g63jIToUdZkvli_GdTPAiChks5tp4kbgaJpZM4TadUj.

fedefernandez commented 6 years ago

I'm wondering if we have lost the permissions for publishing under com.fortydevendeg package.

I'll try to check that tomorrow. On the other hand, maybe it's time to migrate to com.47deg, what do you think?

nestorpersist commented 6 years ago

I changed to com.47deg and am getting the same error!

[error] (lambdatest/:publishSigned) java.io.IOException: Access to URL https://oss.sonatype.org/service/local/staging/deploy/maven2/com/47deg/lambda-test_2.12/1.3.1/lambda-test_2.12-1.3.1.jar.asc was refused by the server: Forbidden [error] (docs/:publishSignedConfiguration) Repository for publishing is not specified.

On Apr 18, 2018, at 2:38 PM, Fede Fernández notifications@github.com wrote:

I'm wondering if we have lost the permissions for publishing under com.fortydevendeg package.

I'll try to check that tomorrow. On the other hand, maybe it's time to migrate to com.47deg, what do you think?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/47deg/LambdaTest/issues/14#issuecomment-382537897, or mute the thread https://github.com/notifications/unsubscribe-auth/ABwdUeVsIwfSTR5VCE9j3ZRS2K_367DQks5tp7JvgaJpZM4TadUj.

fedefernandez commented 6 years ago

Hi @nestorpersist, I found the problem, the last version was published on Jan 02, 2017. From that date, there were two changes on the build.sbt:

After some research, I found the problem is that a new module was added (docs) leaving the main code in the root module. That creates incompatibilities, like avoiding the publication from the root module. I've created a new pull request that creates the root module, moving all previous code to a new one under the lambdatest folder. This allows the publication of the artifact from the root project.

Please, bear in mind that the project compiles but there are multiple tests that fail, potentially due to a bad migration of the settings.

https://github.com/47deg/LambdaTest/pull/15

Ideally, the project should be migrated to SBT 1.x with a configuration based on an AutoPlugin.

Hope this helps.

nestorpersist commented 6 years ago

Thanks for the pull request fixing the module structure. I have merged it and fixed up a few loose ends.

But it still is not working.

Doing a publishSigned from lambda-test project results in

[error] (lambda-test/*:publishSigned) java.io.IOException: Access to URL https://oss.sonatype.org/service/local/staging/deploy/maven2/com/47deg/lambda-test_2.12/1.3.1/lambda-test_2.12-1.3.1.jar.asc was refused by the server: Forbidden

P.S. Note that many test are designed to fail. They demo how to find errors using this testing framework.

On Apr 21, 2018, at 4:00 PM, Fede Fernández notifications@github.com wrote:

Hi @nestorpersist https://github.com/nestorpersist, I found the problem, the last version was published on Jan 02, 2017. From that date, there were two changes on the build.sbt:

cc4049b#diff-fdc3abdfd754eeb24090dbd90aeec2ce https://github.com/47deg/LambdaTest/commit/cc4049bd2cc0725d3cbec4ef814311c5c0efc79e#diff-fdc3abdfd754eeb24090dbd90aeec2ce c629850#diff-fdc3abdfd754eeb24090dbd90aeec2ce https://github.com/47deg/LambdaTest/commit/c629850d7a15f3e2caa757870b0410edf38940f1#diff-fdc3abdfd754eeb24090dbd90aeec2ce After some research, I found the problem is that a new module was added (docs) leaving the main code in the root module. That creates incompatibilities, like avoiding the publication from the root module. I've created a new pull request that creates the root module, moving all previous code to a new one under the lambdatest folder. This allows the publication of the artifact from the root project.

Please, bear in mind that the project compiles but there are multiple tests that fail, potentially due to a bad migration of the settings.

15 https://github.com/47deg/LambdaTest/pull/15

Ideally, the project should be migrated to SBT 1.x with a configuration based on an AutoPlugin.

Hope this helps.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/47deg/LambdaTest/issues/14#issuecomment-383338929, or mute the thread https://github.com/notifications/unsubscribe-auth/ABwdUSPuk4auWmYYii0ghxTXn0NI0JEvks5tq7oKgaJpZM4TadUj.

fedefernandez commented 6 years ago

Are we still getting the previous error? [error] (docs/*:publishSignedConfiguration) Repository for publishing is not specified.

nestorpersist commented 6 years ago

No. Reorg of modules did seem to fix that.

On Apr 23, 2018, at 8:07 AM, Fede Fernández notifications@github.com wrote:

Are we still getting the error: [error] (docs/*:publishSignedConfiguration) Repository for publishing is not specified.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/47deg/LambdaTest/issues/14#issuecomment-383609246, or mute the thread https://github.com/notifications/unsubscribe-auth/ABwdUeaopEOR7WOBKskfg6W1g7rGCuw4ks5tre4igaJpZM4TadUj.

fedefernandez commented 6 years ago

Umm, I had a similar error due to bad credentials. The PUBLISH_PASSWORD seems ok, but, have you defined it through environment variables? In that case, are you putting the value between double quotes? It contains several special characters and we faced similar errors in the publication of other projects.

nestorpersist commented 6 years ago

Nothing here has changed since I was last successful in publishing. I checked the env vars and used their value to successfully login directly to sonatype.

The Forbidden error seems to be that credentials are ok but access to that repo is forbidden.

On Apr 23, 2018, at 8:14 AM, Fede Fernández notifications@github.com wrote:

Umm, I had a similar error due to bad credentials. The PUBLISH_PASSWORD seems ok, but, have you defined it through environment variables? In that case, are you putting the value between double quotes? It contains several special characters and we faced similar errors in the publication of other projects.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/47deg/LambdaTest/issues/14#issuecomment-383611675, or mute the thread https://github.com/notifications/unsubscribe-auth/ABwdUZZWdTEVieHIiJThFm09lydTAQPVks5tre_JgaJpZM4TadUj.

juanpedromoreno commented 6 years ago

Hi @nestorpersist, I'm afraid that without having pgp files, neither the pgp passphrase, debugging this issue on our side it's hard.

Could you double check that GPG_PASSPHRASE is correctly provided in scope as an environment variable or system property?

nestorpersist commented 6 years ago

I did a test where I changed the env var for the gpg password. I now get a bad password error from publishSigned. This verifies that the gpg password env var was correct.

From Sonatype docs:

Code 403 - Forbidden

The login credentials sent were valid, but the user does not have permission to upload to the repository. Go to "administration/security" in the Nexus UI, and bring up the user (or the user's role if they are mapped via an external role mapping) and examine the role tree to see what repository privileges they have been assigned. A user will need create and update privileges for a repository to be able to deploy into it.

On Apr 23, 2018, at 8:52 AM, Juan Pedro Moreno notifications@github.com wrote:

Hi @nestorpersist https://github.com/nestorpersist, I'm afraid that without having pgp files, neither the pgp passphrase, debugging this issue on our side it's hard.

Could you double check that GPG_PASSPHRASE is correctly provided in scope as an environment variable or system property?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/47deg/LambdaTest/issues/14#issuecomment-383625293, or mute the thread https://github.com/notifications/unsubscribe-auth/ABwdURKwkZ_FWkkzHl8Fo8NQ6fJhmdzJks5trfimgaJpZM4TadUj.

nestorpersist commented 6 years ago

On other minor thing a notice. On my personal oss sonatype profile summary info (userid, name, …) are filled in. These fields are blank of the 47 degrees login of 47deg.developer.

On Apr 23, 2018, at 8:52 AM, Juan Pedro Moreno notifications@github.com wrote:

Hi @nestorpersist https://github.com/nestorpersist, I'm afraid that without having pgp files, neither the pgp passphrase, debugging this issue on our side it's hard.

Could you double check that GPG_PASSPHRASE is correctly provided in scope as an environment variable or system property?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/47deg/LambdaTest/issues/14#issuecomment-383625293, or mute the thread https://github.com/notifications/unsubscribe-auth/ABwdURKwkZ_FWkkzHl8Fo8NQ6fJhmdzJks5trfimgaJpZM4TadUj.

juanpedromoreno commented 6 years ago

I went through this issue with the provided information (gpg files and passpharase) and everything was fine. I was able to publishSigned LambdaTest 1.3.1 successfully:

[info] Done packaging.
[info]  published lambda-test_2.12 to https://oss.sonatype.org/service/local/staging/deploy/maven2/com/47deg/lambda-test_2.12/1.3.1/lambda-test_2.12-1.3.1.jar.asc
[info]  published lambda-test_2.12 to https://oss.sonatype.org/service/local/staging/deploy/maven2/com/47deg/lambda-test_2.12/1.3.1/lambda-test_2.12-1.3.1-javadoc.jar.asc
[info]  published lambda-test_2.12 to https://oss.sonatype.org/service/local/staging/deploy/maven2/com/47deg/lambda-test_2.12/1.3.1/lambda-test_2.12-1.3.1.pom
[info]  published lambda-test_2.12 to https://oss.sonatype.org/service/local/staging/deploy/maven2/com/47deg/lambda-test_2.12/1.3.1/lambda-test_2.12-1.3.1-javadoc.jar
[info]  published lambda-test_2.12 to https://oss.sonatype.org/service/local/staging/deploy/maven2/com/47deg/lambda-test_2.12/1.3.1/lambda-test_2.12-1.3.1-sources.jar.asc
[info]  published lambda-test_2.12 to https://oss.sonatype.org/service/local/staging/deploy/maven2/com/47deg/lambda-test_2.12/1.3.1/lambda-test_2.12-1.3.1.pom.asc
[info]  published lambda-test_2.12 to https://oss.sonatype.org/service/local/staging/deploy/maven2/com/47deg/lambda-test_2.12/1.3.1/lambda-test_2.12-1.3.1-sources.jar
[info]  published lambda-test_2.12 to https://oss.sonatype.org/service/local/staging/deploy/maven2/com/47deg/lambda-test_2.12/1.3.1/lambda-test_2.12-1.3.1.jar

Afterwards, I released and closed accordingly from the Sonatype UI.