Gradle publish to clojars failing with Http 400

[regunathb]

I have a Gradle build that uses the maven-publish plugin to push builds to clojars. The publishMavenPublicationToMavenRepository task fails while uploading the .module file:

Execution failed for task ':publishMavenPublicationToMavenRepository'.

Failed to publish publication 'maven' to repository 'maven' Could not PUT 'https://clojars.org/repo/com/flipkart/grpc-jexpress/1.39-SNAPSHOT/grpc-jexpress-1.39-20220614.115203-1.module'. Received status code 400 from server: Bad Request

The Gradle scan report is here : https://scans.gradle.com/s/3nnfhhsaadxvi The Gradle build file is here : https://github.com/flipkart-incubator/grpc-jexpress/blob/master/build.gradle

I have set my clojars user name as 'clojarsusername' and deploy token as 'clojarspassword' in my ~/.gradle/gradle.properties file. If I use incorrect values here, the build fails with Http 403, quite understandably. Any pointers to what I may be missing here?

[tobias]

Hi @regunathb! We currently don't support .module files - what are they? We currently only support poms and jars.

[regunathb]

It is the Gradle module metadata, from what I read here : https://docs.gradle.org/current/userguide/publishing_gradle_module_metadata.html . I have gone ahead and disabled publication of Gradle Module Metadata to work around this issue for the moment.

[regunathb]

Thanks @tobias for the quick revert. I was able to get around the issue by disabling module metadata publishing. We may go ahead and close this issue as #notfixing if you don't intend to support uploading files of this type.

[tobias]

@regunathb I would be open to supporting uploading module files. I'll mark this as ready for work. I think whoever takes it on would need familiarity with the gradle deployment process and ecosystem, or be willing to take on learning it.

[ajoberstar]

@tobias I'd be interested in working on this. I'd like to publish module files for some of the Clojurephant libraries.

What would support of this look like from your perspective? At the most minimal level, it could just allow the files to be uploaded. But unsure if there's typically more validation you like to do. They're JSON files (see spec), so that could be another way to validate them, if desired.

[tobias]

Hi @ajoberstar! Adding support for this would be great!

To let .module files through, you should just need to modify this regex.

But I agree it would be nice to do some validation on the file as well. We currently read the pom and ensure the group, artifact, and versions match what was provided as part of the upload path, and we could do the same for module files (see https://github.com/clojars/clojars-web/blob/main/src/clojars/routes/repo.clj#L195).

We also require that each file have at least an md5 or sha1 checksum, and that they be correct. But as long as gradle supplies at least one of those, that validation should happen automatically here.

Do you know when the module file is sent (is it before or after maven-metadata.xml)? For most deploys via aether (used by maven, lein, clojure/tools.) send the maven-metadata.xml file last, and we use that as a signal to know the deploy is done enough to validate and upload to the s3 repository (this is the "finalize" step in the code). But for some deploys, files are sent after* the metadata file (typically files with classifiers: -native, -src, etc). Those don't get validated, but just pass through. So if the module file is uploaded post-metadata, we may not have a spot to validate it currently. Yes, this is a hack. I really wish maven deploys started with a request that was "here are the files I'll be sending you".

Let me know if you have any questions or run in to any issues with dev setup and testing.

[ajoberstar]

I'll look into the ordering to see if there's anything reliable we can count on. Will let you know as I run into questions. Thanks!