search

jfrog / artifactory-gradle-plugin

JFrog Gradle plugin for Build Info extraction and Artifactory publishing.
Apache License 2.0
20 stars 15 forks source link

The plugin of version `5+` does not work with `signing` plugin any more #105

Closed artembilan closed 1 week ago

artembilan commented 5 months ago

Describe the bug

The goal is to sign artifacts before they are published to the Artifactory. It works well with plugin of version 4+, but does not with 5+.

Current behavior

This my Gradle init script:

initscript {
    repositories {
        mavenCentral()
    }
    dependencies {
        classpath 'org.jfrog.buildinfo:build-info-extractor-gradle:4.+'
    }
}

def gpgPassphrase = System.getenv('GPG_PASSPHRASE')
def gpgPrivateKey = System.getenv('GPG_PRIVATE_KEY')

allprojects {

    apply plugin: 'signing'

    tasks.register('artifactoryPublish', org.jfrog.gradle.plugin.artifactory.task.ArtifactoryTask) {
        setCiServerBuild()
    }

    apply plugin: org.jfrog.gradle.plugin.artifactory.ArtifactoryPlugin

    artifactory {
        publish {
            contextUrl = System.getenv('ARTIFACTORY_URL')
            repository {
                repoKey = System.getenv('ARTIFACTORY_REPOSITORY')
                username = System.getenv('ARTIFACTORY_USERNAME')
                password = System.getenv('ARTIFACTORY_PASSWORD')
            }
            defaults {
                publications 'mavenJava'
            }
        }
    }

        afterEvaluate {
            pluginManager.withPlugin('maven-publish') {
                signing {
                    useInMemoryPgpKeys(gpgPrivateKey, gpgPassphrase)
                    sign publishing.publications.mavenJava
                }
            }
        }
}

Works well and as expected: the artifacts are signed and .asc files are uploaded to the Artifactory alongside with other artifacts.

If I change build-info-extractor-gradle version to the 5+ it does not sing artifacts. And even if I make artifactoryPublish dependent on signMavenJavaPublication tasks and it is called, the .asc files are not uploaded to the Artifactory.

Reproduction steps

No response

Expected behavior

No response

Artifactory Gradle plugin version

5+

Operating system type and version

GitHub Actions

JFrog Artifactory version

No response

Gradle version

8.5

RoiNiv23 commented 4 months ago

Steps to reproduce:

  1. Clone the example gradle project from JFrog project-examples GitHub page.

  2. Generate a new GPG key.

  3. Inside the project directory modify the build.gradle file as follows:

    
buildscript {
repositories {
    mavenCentral()
}
dependencies {
    classpath(group: 'org.jfrog.buildinfo', name: 'build-info-extractor-gradle', version: '4.+')
}
}
allprojects {
apply plugin: 'signing'
tasks.register('artifactoryPublish', org.jfrog.gradle.plugin.artifactory.task.ArtifactoryTask) {
    setCiServerBuild()
}
apply plugin: org.jfrog.gradle.plugin.artifactory.ArtifactoryPlugin
repositories {
    maven {
        url "<Artifactory URL>/artifactory/<remote reposiotry>"
    }
}
}

version = currentVersion

apply plugin: 'com.jfrog.artifactory' apply plugin: 'java' apply plugin: 'maven-publish'

dependencies { testImplementation 'junit:junit:4.7' }

publishing { publications { mavenJava(MavenPublication) { from components.java } } }

artifactory { contextUrl = '/artifactory' publish { repository { repoKey = '' // The Artifactory repository key to publish to username = // The publisher user name password = // The publisher password } defaults { publications('mavenJava') publishArtifacts = true // Properties to be attached to the published artifacts. properties = ['qa.level': 'basic', 'dev.team' : 'core'] // Publish generated POM files to Artifactory (true by default) publishPom = true } } } afterEvaluate { pluginManager.withPlugin('maven-publish') { signing { sign publishing.publications.mavenJava } } }


4. Modify the gradle.properties file:
 ``` currentVersion=1.0-SNAPSHOT
artifactory_user=<Artifactory username>
artifactory_password=<Artifactory password>

signing.keyId=<KeyID> /last 8 digits of your gpg key, get by running “gpg --list-keys --keyid-format short”
signing.password=<passpharse for the GPG key>
signing.secretKeyRingFile=<path to the GPG key>
  1. Execute the 'gradle artifactoryPublish' command and observe that the artifacts are signed, with corresponding .asc files uploaded to Artifactory along with other artifacts.
  2. Update the 'classpath' from 'org.jfrog.buildinfo:build-info-extractor-gradle:4.+' to 'org.jfrog.buildinfo:build-info-extractor-gradle:5.+' and ensure that no .asc files are generated or uploaded to Artifactory.
RobiNino commented 1 week ago

Hi @artembilan @RoiNiv23 , Artifactory Gradle Plugin 5.2.3 was just released and includes a fix for this issue. We'd appreciate your feedback for it.

artembilan commented 1 week ago

Looks like that works and I see published .asc files as well. This issue can be closed. Thank you!

RobiNino commented 1 week ago

Thanks for the feedback @artembilan !