Publish snapshots to oss.jfrog.org

[mojavelinux]

Publish snapshots to oss.jfrog.org to allow users to test the lastest version without having to build it locally.

[robertpanzer]

Sent request to host asciidoctorj on oss.jfrog.og with the groupid org.asciidoctor.

[mojavelinux]

:+1:

[robertpanzer]

Snapshots for 1.6.0 can now be published with a6b7dd7c3bfecc1b0e0cd3b9c49609f78108c0ed. First snapshots, even for the distribution, are available.

[abelsromero]

Maybe a silly question, but anyone can publish snapshots? Or is there some pre-requeriment configuration?

[robertpanzer]

There's no silly questions! I think it should be possible for everyone who is a member of the asciidoctor organization on Bintray.

[abelsromero]

Confirmed! Only after setting bintrayUsername and bintrayApiKey I could publish the snapshots.

I guess the next step is having nightly builds.

[robertpanzer]

Yes! Same as when publishing to bintray. (I should've mentioned that in the readme, sorry!)

I think for continuous snapshots only two problems remain:

1. When publishing from Travis which of the 4 environments should publish the snapshot?
2. Where and how to store the credentials in a secure manner?

Am 28.07.2015 um 18:18 schrieb Abel Salgado Romero notifications@github.com:

Confirmed! Only after setting bintrayUsername and bintrayApiKey I could publish the snapshots.

I guess the next step is having nightly builds.

— Reply to this email directly or view it on GitHub.

[mojavelinux]

Where and how to store the credentials in a secure manner?

Secure environment variables. See http://docs.travis-ci.com/user/environment-variables/#Encrypted-Variables

[robertpanzer]

Can we create a technical user for this? I'd prefer to not put my personal credentials in there, in particular as the "Publisher" is also available in the build infos:) The information about the encryption is a bit scarce and the RSA key has only a strength of 1024 Bit, but I think for that purpose it is generally ok. (Would be fine though if we could restrict that user to only publish snapshots and not publish releases to jcenter.)

[robertpanzer]

You see, I am little picky about security ;-)

[abelsromero]

I'd prefer to not put my personal credentials in there, in particular as the "Publisher" is also available in the build infos:)

I agree with that, I would do the same :P

A part form security, is it possible in travis to trigger the build periodically? I've seen some third-party services (e.e. http://traviscron.pythonanywhere.com/) but it is not in Travis itself.

[mojavelinux]

I'd prefer to not put my personal credentials in there, in particular as the "Publisher" is also available in the build infos:)

I agree with that, I would do the same :P

I "third" that.

In fact, we do have "asciidoctor-docbot", who is our little bot helper. We can use it to automation things. The bot already has an account on GitHub (https://github.com/asciidoctor-docbot). Does it need an account at bintray?

[robertpanzer]

Does it need an account at bintray?

I think so. I was also added separately to the GitHub Asciidoctor organization and the Bintray organization. Seems to be two different groups that are not coupled in any way. (I even have a different user name on bintray than on Github.)

[mojavelinux]

Super! I'll get that up asap and send you the credentials.

[robertpanzer]

:+1:

[robertpanzer]

Regarding nightly builds or builds respectively that are not event triggered only make sense if we package an Asciidoctor snapshot. Otherwise we should;-) get the same builds as longs as there are no changes to the sources in AsciidoctorJ.

Another point we have to look at is to publish snapshots only for those builds when dedicated branches in the asciidoctor/asciidoctorj repo change, not when a PR is opened or gets new commits.

[mojavelinux]

Credentials sent.

I think we only need to publish when a commit hits the branch on which the snapshot is based. I'm not sure if we want snapshots for 1.5.x. For now, I'd rather just stick with 1.6.0 snapshots until we iron out the workflow for other branch post-1.6.0.

not when a PR is opened or gets new commits.

Travis has an environment variable for this. See the docs.

[robertpanzer]

Snapshots are now published automatically from the oraclejdk8 environment on travis. After a successful build on that environment ./gradlew clean build artifactoryPublish -x test is called. Artifacts are published by the user asciidoctor-docbot. Therefore the .travis.yml now sets the environment variables BINTRAY_USER and BINTRAY_KEY. These are encrypted via travis encrypt -r asciidoc/asciidoctorj BINTRAY_USER=asciidoctor-docbot BINTRAY_KEY=<APIKEY>

[mojavelinux]

Great work @robertpanzer!!! Your SysOps skills are strong and shining.

[robertpanzer]

:beers: