davidjlynn
commented
2 years ago @pseudomuto Did some testing of the release process and this seems to have ironed out the issues blocking release on Maven Central. Can you review when you have time?
Closed davidjlynn closed 2 years ago
davidjlynn
commented
2 years ago @pseudomuto Did some testing of the release process and this seems to have ironed out the issues blocking release on Maven Central. Can you review when you have time?
davidjlynn
commented
2 years ago Just to address the strangeness mentioned above, I have opened a bug with the gradle project: gradle/gradle#20166
pseudomuto
commented
2 years ago Nice! I was running into this here: https://github.com/pseudomuto/protoc-gen-doc/compare/maven_publishing?expand=1
Let me see if I can get this one working since you've got it in a better state than my branch.
pseudomuto
commented
2 years ago Can confirm this removes the issues I was running into when closing staging repos in Nexus 👏
Would you mind applying the following before I merge this?
.gradle and build to gitignore:+/.gradle
/bin
+/build\n)- def signingKey = project.getProperty('SIGNING_PRIVATE_KEY')
- def signingPassword = project.getProperty('SIGNING_PASSWORD')
+ def signingKey = project.getProperty('signingKey')
+ def signingPassword = project.getProperty('signingPassword')+
+### Publish the Maven artifacts
+
+1. Head over to https://s01.oss.sonatype.org/#stagingRepositories
+1. Verify the contents of the staging repo and close it
+1. After successful closing (test suite is run), release the repo@pseudomuto I have made all the review changes, one note is I could not confirm the new signingKey and signingPassword variables worked.
This is possibly just due to me having different secrets in my testing environment, because it failed when I switched over.
I use GPG_SIGNING_KEY and GPG_SIGNING_PASSWORD as referenced in the github workflows file.
However I had to guess the secrets needing set up in the release job, so might work fine in your release jobs.
To continue #357, the previous commits managed to upload the artifacts to the staging area, however these could not pass the review due to missing requirements. This required more information to be provided in the POM file, and the releases signed.
This commit adds the information and signing. The signing is done by GPG and requires 2 new secrets to be provided:
If a GPG key does not already exist, this guide can be followed: https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key The value needed for the GPG_SIGNING_KEY secret can be found by:
gpg --list-keysgpg --export-secret-keys --armor [name] > export.ascOnce a release is done, the aritfacts will appear in the staging repository here: https://s01.oss.sonatype.org/#stagingRepositories This staging repository can be "closed" which will execute the checks. If all checks pass (they have in my experiments) the "Release" workflow will become availble.
The only strangeness I encountered was that originally only 2 of the releases were getting signed. This appears to be an issue with publishing files of the same name. I have worked around the issue by creating a copy of the files under names which include their architecture. After I did this the signing worked correctly.