search

grafana / pyroscope-java

pyroscope java integration
Apache License 2.0
75 stars 32 forks source link

Publish to Maven Repo #11

Closed charlesverdad closed 2 years ago

charlesverdad commented 2 years ago

It would be great if the Pyroscope java agent is published in the maven repo.

It took a while to figure out how I can create a workaround and download the pyroscope.jar file from github and into our complicated build scripts. If Pyroscope-java is in maven then I can just add it to our list of dependencies and I don't have to worry about modifying our build pipeline.

I'm sure this feature would help others quickly adopt / try out pyroscope too.

Rperry2174 commented 2 years ago

Thanks for reporting @charlesverdad we'll add this to the roadmap and try and get it addressed soon!

quidryan commented 2 years ago

Publishing to Maven Central is the best way to go, but it's also a PITA filled with credentials and keys. Beware. I suggest doing it via Gradle called as part of a Github action.

Someone in the core team will have to provision the group id via Sonatype:

  1. creating a role account to represent the project (or an individual can do it).
  2. Using that account, you create a JIRA to request the group id ("io.pyroscope").
  3. A bot will give you the opportunity to verify the domain via a DNS TXT record. Create the record in DNS, then "Respond" to the JIRA ticket.
  4. Once the JIRA ticket is closed, the role account will be able to login to https://s01.oss.sonatype.org/ where you should create an Access User Token via the Profile page. Save those.
  5. Create two Github Secrets in this repo for the token. The first part should be called ORG_GRADLE_PROJECT_SONATYPEUSERNAME and the second part should be ORG_GRADLE_PROJECT_SONATYPEPASSWORD.

A GPG key to sign the artifacts will have to be created, then made available as GH Secrets. It'd go something like this:

  1. gpg --gen-key to create a key. Create a GH Secret called ORG_GRADLE_PROJECT_SIGNINGPASSWORD and put the passphrase used in this command as the value.
  2. gpg --list-key to find key id. Create a GH Secret called ORG_GRADLE_PROJECT_SIGNINGKEYID to this key. Let's call it ABCDEFG for now.
  3. Run gpg --export-secret-keys --armor ABCDEFG | perl -p -e 's/\n/\\n/' and use it's value for the last GH Secret called ORG_GRADLE_PROJECT_SIGNINGKEY

Then Gradle needs to be updated to be able to properly create a javadoc jar, a sources jar, a proper pom files and sign it all via a GPG key. I created a dummy project to show how how this would be done: https://github.com/quidryan/euler/blob/main/build.gradle

I can make a PR to this repo, once all the GH Secrets are created with the necessary changes.

Then we would create a some GH Actions to do the release (./gradlew final publishToSonatype closeAndReleaseSonatypeStagingRepository). We could probably use some Actions to some CI builds too. I'll start to model what the release action would look like, while the Nexus coordinate is provisioned.

I can optionally create all the keys and accounts, then save them hand them off to the pyroscope-io team and pretend I never saw them. I'm also available to pair via video on this while some from the pyroscope-io team performs the operations.

Rperry2174 commented 2 years ago

This is complete: Docs Maven repo