Workflow CD fails to deploy plugin modules with 403

Dohbedoh commented 2 years ago

Reproduction steps

The automated CD release of a new plugin jenkinsci/mina-sshd-api-plugin fails to deploy the module plugins in nexus. Note that the plugin is a multi module plugin (like the aws java sdk plugin for example)

Expected Results

The CD release should deploy the following:

https://repo.jenkins-ci.org/releases/io/jenkins/plugins/mina-sshd-api/mina-sshd-api-parent/ (parent pom)
https://repo.jenkins-ci.org/releases/io/jenkins/plugins/mina-sshd-api/mina-sshd-common-api/ (hpi)
https://repo.jenkins-ci.org/releases/io/jenkins/plugins/mina-sshd-api/mina-sshd-core-api/ (hpi)
https://repo.jenkins-ci.org/releases/io/jenkins/plugins/mina-sshd-api/mina-sshd-sftp-api/ (hpi)
https://repo.jenkins-ci.org/releases/io/jenkins/plugins/mina-sshd-api/mina-sshd-ssh-api/ (hpi)

Actual Results

The CD release fails to deploy the modules:

[INFO] --- maven-deploy-plugin:2.8.2:deploy(default-deploy) @ mina-sshd-common-api ---
[INFO] Using alternate deployment repository maven.jenkins-ci.org::default::https://repo.jenkins-ci.org/releases/
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Mina SSHD API :: Parent 2.8.0-14.va_eb_e1a_e0145a_:
[INFO] 
[INFO] Mina SSHD API :: Parent ............................ SUCCESS [01:08 min]
[INFO] Mina SSHD API :: Common ............................ FAILURE [  9.282 s]
[INFO] Mina SSHD API :: Core .............................. SKIPPED
[INFO] Mina SSHD API :: SCP ............................... SKIPPED
[INFO] Mina SSHD API :: SFTP .............................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  02:24 min
[INFO] Finished at: 2022-06-14T23:02:46Z
[INFO] ------------------------------------------------------------------------
[WARNING] The requested profile "consume-incrementals" could not be activated because it does not exist.
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.8.2:deploy(default-deploy) on project mina-sshd-common-api: Failed to deploy artifacts: Could not transfer artifact io.jenkins.plugins.mina-sshd-api:mina-sshd-common-api:hpi:2.8.0-14.va_eb_e1a_e0145a_ from/to maven.jenkins-ci.org (https://repo.jenkins-ci.org/releases/): authorization failed for https://repo.jenkins-ci.org/releases/io/jenkins/plugins/mina-sshd-api/mina-sshd-common-api/2.8.0-14.va_eb_e1a_e0145a_/mina-sshd-common-api-2.8.0-14.va_eb_e1a_e0145a_.hpi, status: 403 Forbidden -> [Help 1]

Anything else?

The plugin was hosted recently and haven't been released yet:

There is some discussion about the repository paths in:

https://github.com/jenkins-infra/repository-permissions-updater/pull/2584#pullrequestreview-1001146719

cc @jglick

daniel-beck commented 2 years ago

The wildcard in the permissions file doesn't actually work, because the file names are (dis)allowed based on the name. See this repo's readme.

It works for https://github.com/jenkins-infra/repository-permissions-updater/blob/master/permissions/plugin-aws-java-sdk.yml because the name is a true prefix of all file names (we cannot only allow name-version, so it's name-*). It doesn't work here because name includes -api.

Just don't use this trick. Nobody understands how this actually works, and it creates tons of problems.

Dohbedoh commented 2 years ago

I see. Thanks for the explanation, will propose a fix then.

jenkins-infra / repository-permissions-updater