berndruecker
commented
1 year ago @akeller I recall that you had some discussions around this in the past - anything interesting to add? @xomiamoore Any objections to adjust this behavior?
Closed berndruecker closed 1 year ago
berndruecker
commented
1 year ago @akeller I recall that you had some discussions around this in the past - anything interesting to add? @xomiamoore Any objections to adjust this behavior?
berndruecker
commented
1 year ago I think this needs to be changed here: https://github.com/camunda-community-hub/community-hub-release-parent/blob/master/pom.xml#L147
I wonder why this attribute is not taken into account: https://github.com/camunda-community-hub/vanillabp-camunda7-adapter/actions/runs/4023024758/workflow#L32
(just for the record, related issue https://github.com/camunda-community-hub/community-action-maven-release/issues/45).
akeller
commented
1 year ago @berndruecker, there was some concern by (now ex-) Camundi that this was potentially insecure and risky. Given that I, personally, was too stretched to review any of the assets, I relied on the maintainer making good choices about what they add to their project (and, therefore, what is released).
berndruecker
commented
1 year ago Thanks for the feedback Amara - inline with my memories. Unless anybody objects (@xomiamoore / @mary-grace?) I would switch to auto-releases by default - which means, that there will be no manual step involved to get a release to Maven Central
mary-grace
commented
1 year ago @berndruecker I'm ok with this change. Mia is out sick and it's unsure when/if they'll be back online this week, so I'm ok with moving forward with the acknowledgment of the prior concerns and a potential need to keep a closer eye on things moving forward to make sure there aren't any security issues or concerns.
zambrovski
commented
1 year ago I believe currently this issue can be closed, since we have a property in the docs allowing to close the staging repository after successful release. I just documented the feature
stephanpelikan
commented
1 year ago Thanks for this hint, but I have this activated from the very beginning on. It doesn't bring the desired effect.
berndruecker
commented
1 year ago Yeah - I agree - I think it is not picked up as it is not used (I just introduced this yesterday and I think it was removed again already - I have a look at it today: https://github.com/camunda-community-hub/community-hub-release-parent/blob/3e48e4da7de23e44505122145abb06efecc2f1c4/pom.xml#L190)
berndruecker
commented
1 year ago Interesting - the latest HEAD version does a proper auto-release (see example for https://oss.sonatype.org/service/local/repositories/releases/content/org/camunda/community/community-hub-extension-example/0.0.3/community-hub-extension-example-0.0.3.pom build by https://github.com/camunda-community-hub/community-hub-extension-example/actions/runs/4062895558/jobs/6994482279) - maybe that was some other problem that you just resolved with your cleanup work this night @zambrovski - so I agree that we can close this. Thank you so much!
berndruecker
commented
1 year ago @stephanpelikan Switching to the parent 1.4.0 and making sure you are using the latest action (which you should automatically if you use v1) should give you auto releases. Please let me know if it does not work as expected!
stephanpelikan
commented
1 year ago Ok, parent 1.4.0 was missing. I released a new version, but it failed due to OSSRH problems. I don't know if this is because of the auto-release or because of a common instabilitiy of oss.sonatype.org. Do you have an idea?
zambrovski
commented
1 year ago Not lucky. This is not about becuase of auto-close. As you can see, the Nexus OSS server just broke. @berndruecker you should be able to login into the Nexus Console and should find the orgcamunda-2240 repository still unclosed. Just click on the button and it should be ok. So I hope this was just bad luck of Sonatype glitches. Will observe it further.
Cheers,
Simon
On Wed, 2023-02-01 at 05:05 -0800, stephanpelikan wrote:
Ok, parent 1.4.0 was missing. I released a new version, but it failed due to OSSRH problemshttps://github.com/camunda-community-hub/vanillabp-camunda7-adapter/actions/runs/4064552067/jobs/6998122008#step:5:2684. I don't know if this is because of the auto-release or because of a common instabilitiy of oss.sonatype.org. Do you have an idea?
— Reply to this email directly, view it on GitHubhttps://github.com/camunda-community-hub/community-action-maven-release/issues/48#issuecomment-1412025464, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAFEK2AYLRKSW5OMA2LL6YDWVJNP5ANCNFSM6AAAAAAULA7WOM. You are receiving this because you were mentioned.Message ID: @.***>
stephanpelikan
commented
1 year ago I will rerun the Github action later.
Others who faced the same problem got the advise to request for migrating to s01.oss.sonatype.org. Maybe you should consider this for Camunda Community Hub as well?
berndruecker
commented
1 year ago We have some things on s01.oss.sonatype.org - but this affects whole package id's (e.g. org.camunda), so this is not a completely easy undertaking. Let's just keep an eye on how often this happens for the moment.
berndruecker
commented
1 year ago @stephanpelikan I released the artifact manually.
And please open new issues for new problems - ideally in the repo they occur - I start to loose oversight ;-)
stephanpelikan
commented
1 year ago By-the-way: Next time we to rerun the Git action because now the Maven deployment was not completed and I have to upgrade the version manually.
berndruecker
commented
1 year ago Yeah - sounds better - then I could simply drop the release from maven central. Sorry for the inconvenience - it seems to be really not your lucky week... 🧸
Releases to Maven Central should be automatically released (instead of waiting for a manual release button pressed by some Camundi, as this slows down releases for community members and can also create bottlenecks on the Camunda side).