Closed dbwiddis closed 3 years ago
Wow, thank you so much! As I've mentioned before I really don't know a lot about GitHub Actions so I can't verify this code but I fully trust you there.
Just to confirm, all I have to do is enter my Sonatype username and password under Secrets and this is ready for merging, right?
Just to confirm, all I have to do is enter my Sonatype username and password under Secrets and this is ready for merging, right?
Yep. The magical .github
directory works for the actions (the workflows dir) and the dependabot config. The secrets are used in the deploy workflow along with the settings under the .mvn
directory.
You may also need to "enable" Actions on the repository. It's been a while since I did that (and I actually got help from another maintainer who did it first, paying it forward, haha) but you'd go under your project settings and click on Actions and pick something from that list (I just enable all).
It wouldn't surprise me if there's some other config setting I missed, but if it doesn't all work after you merge we can troubleshoot then :)
Alright, great! Merging now.
And the troubleshooting begins. Permission denied on the deploy -- have you set up the secrets yet? If so, another possibility is executable permissions on the mvnw
script.
Given the same error on the test workflow which doesn't involve the secrets, I'm pretty sure a chmod 755 mvnw
will fix it.
Hmm, yep, secrets are set up.
I'm pretty sure a chmod 755 mvnw will fix it.
This means I have to do what?😅
In your local command line dev environment/terminal:
main
branch (git pull upstream main
)chmod 755 mvnw
main
branch (git push upstream main
)I could do the same thing in a PR if you need. :)
Okay, thanks!
I could do the same thing in a PR if you need. :)
Thanks a lot, but I'd love to try it myself first so I can do this kind of stuff myself in the future! :D I'll get back to you soon if I can't figure it out... ;)
Uhh okay, it's probably better if you do it. Pretty sure I just misunderstood you, but the command doesn't exist for me. It's also not a Maven goal if that's what you meant.
I realized later you're on Windows. You probably could do this by downloading and setting up git bash, which gives you a unix-like command line for occasional stuff like this. But for now I'll do it in a PR. :)
Ah, that makes sense. Thanks!
Hmm, now it looks like only the Sonatype deployment is failing. This time I at least know what we're talking about (I think) - is there maybe another secret I need to set for the key?
Well, fixed that problem and CI is now working. For the snapshot deployment looks like your gpg signing isn't quite set up right. You can look at my setup which works...
I've got other things I need to do so I'll look at this later if you haven't figured it out.
Alright, no problem, thanks!
Alright, I've tried a bunch of things, but none of them seem to work. Right now Josi's setup is pretty much identical to OSHI's, so I don't know where to go from here, but honestly I'm fine with that:
Deploying to Maven automatically isn't really that important to me; my focus was rather on tests and coverage (which I might add later on with this as a great reference), so you don't need to fix this for me. Unless you really want to, I guess. ;)
I'll get back to you on your other PRs/issues as soon as I can.
No problem. Let me just make one more shout out to @hazendaz who helped set up OSHI to see if he has any ideas what we missed. Otherwise you can just delete that workflow from the .github
folder.
Hi @dbwiddis, just saw this. Maven wrapper will be included in maven 4.0. I think maven team kind of messed up their versions. They had some reasons but effectively 3.7 is moved to 4.0 and 3.8.1 was a security patch which is far more close to 3.6.4 but had a breaking change. Its a bit confusing but they do write it up in their release notes as to why.
@cegredev For gpg, usually that would be in a release profile and not run on simple deploy to sonatype. I think that is the issue here as gpg is just always setup. You might want to juse move that into a profile for 'release' similar to this.
<profile>
<id>release</id>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
Its possible gpg could be used here too with more secrets added. I don't think I've tried to do that specifically but if you were to try to 100% automate a release you would eventually want to get that into place as release requires it.
Thanks a lot! I'll definitely look into this further once I've made more progress on the core library itself!
Adds Maven Wrapper from https://github.com/takari/maven-wrapper
Adds Dependabot to keep
pom.xml
and github action dependencies up to dateAdds configuration for Github actions
mvn test
automaticallyFixes #8