This PR adds Maven Central publishing to the Audioswitch project. Previously Audioswitch was published to JCenter, but due to their pending shutdown of the service, we needed to migrate to a new artifact provider.
This PR uses the Gradle Nexus Publish Plugin to manage multitenancy and closing and releasing Next staging repositories.
A few new environment variables were added to the CircleCI settings to assist with this:
OSSRH_USERNAME: The username for the MavenCentral repository. We are actually using a user token here for our twilio-sdk-build user.
OSSRH_PASSWORD: The password for the MavenCentral repository. Again, in this case this is the user token password.
SONATYPE_STAGING_PROFILE_ID: The MavenCentral staging repository profile id. This was obtained from oss.sonatype.org.
SIGNING_KEY_ID: The signing key ID for the twilio-sdk-build user.
SIGNING_KEY: The base64 encoded GPG private key used for signing the artifacts.
SIGNING_SECRET_KEY_RING_FILE: The location where the base64 decoded GPG private key should be written during the and consumed from during the CI process.
SIGNING_PASSWORD: The password for the GPG private key file
Breakdown
Updated the .circleci/config.yml file to extract the base64 encoded GPG data from the environment variable and write it to the file specified in the SIGNING_SECRET_KEY_RING_FILE environment variable. This is used in both the publish-pre-release and publish-release tasks.
Updated the Gradle task name that is run in the publish-release task to accurately reflect what it now does: sonatypeAudioSwitchReleaseUpload.
Updated CHANGELOG.md and CONTRIBUTORS.md
Added the signing plugin in audioswitch/build.gradle and configured it for use
Added the necessary pom.xml information in the publishing: publications block to ensure that the Maven Central requirements are met. This validation happens during the close operation on the staging repository.
Removed the unneeded uploadArchives block in audioswitch/build.gradle now that we are no longer publishing to Bintray.
Removed now unused gradle extended properties that were used for Bintray publishing. Also removed ext.getAudioSwitchJfrogOssPassword as it was not being used.
Added both the maven-publish and io.github.gradle-nexus.publish-plugin gradle plugins to the root gradle file.
Configured the nexusPublishing block for publishing to MavenCentral/Sonatype
Added the necessary signing properties to the jfrogOssSnapshotsAudioSwitchUpload gradle task so that our snapshots that are published are able to be signed
Renamed the bintrayAudioSwitchReleaseUpload gradle task to sonatypeAudioSwitchReleaseUpload to accurately reflect what it is doing.
Augmented the sonatypeAudioSwitchReleaseUpload task to publish the artifacts to the Sonatype repository and then close and release it.
Validation
I have validated that with the changes we are still able to publish to the JFrog OSS repo. We can discuss if we want to forgo this and just publish snapshots to the MavenCentral snapshot repository.
I have tested the publish-release task to ensure that we get the artifact uploaded and the repo is closed. I have yet to actually run the portion that does the release, but from what I am seeing, it looks like it will work. Once this PR is merged, we can cut an actual release.
Additional Notes
[Any additional comments, notes, or information relevant to reviewers.]
Submission Checklist
[x] The source has been evaluated for semantic versioning changes and are reflected in gradle.properties
[x] The CHANGELOG.md reflects any feature, bug fixes, or known issues made in the source code
Description
This PR adds Maven Central publishing to the Audioswitch project. Previously Audioswitch was published to JCenter, but due to their pending shutdown of the service, we needed to migrate to a new artifact provider.
This PR uses the Gradle Nexus Publish Plugin to manage multitenancy and closing and releasing Next staging repositories.
A few new environment variables were added to the CircleCI settings to assist with this:
OSSRH_USERNAME: The username for the MavenCentral repository. We are actually using a user token here for ourtwilio-sdk-builduser.OSSRH_PASSWORD: The password for the MavenCentral repository. Again, in this case this is the user token password.SONATYPE_STAGING_PROFILE_ID: The MavenCentral staging repository profile id. This was obtained fromoss.sonatype.org.SIGNING_KEY_ID: The signing key ID for thetwilio-sdk-builduser.SIGNING_KEY: The base64 encoded GPG private key used for signing the artifacts.SIGNING_SECRET_KEY_RING_FILE: The location where the base64 decoded GPG private key should be written during the and consumed from during the CI process.SIGNING_PASSWORD: The password for the GPG private key fileBreakdown
.circleci/config.ymlfile to extract the base64 encoded GPG data from the environment variable and write it to the file specified in theSIGNING_SECRET_KEY_RING_FILEenvironment variable. This is used in both thepublish-pre-releaseandpublish-releasetasks.publish-releasetask to accurately reflect what it now does:sonatypeAudioSwitchReleaseUpload.CHANGELOG.mdandCONTRIBUTORS.mdsigningplugin inaudioswitch/build.gradleand configured it for usepom.xmlinformation in thepublishing: publicationsblock to ensure that the Maven Central requirements are met. This validation happens during the close operation on the staging repository.uploadArchivesblock inaudioswitch/build.gradlenow that we are no longer publishing to Bintray.ext.getAudioSwitchJfrogOssPasswordas it was not being used.maven-publishandio.github.gradle-nexus.publish-plugingradle plugins to the root gradle file.nexusPublishingblock for publishing to MavenCentral/SonatypejfrogOssSnapshotsAudioSwitchUploadgradle task so that our snapshots that are published are able to be signedbintrayAudioSwitchReleaseUploadgradle task tosonatypeAudioSwitchReleaseUploadto accurately reflect what it is doing.sonatypeAudioSwitchReleaseUploadtask to publish the artifacts to the Sonatype repository and then close and release it.Validation
publish-releasetask to ensure that we get the artifact uploaded and the repo is closed. I have yet to actually run the portion that does the release, but from what I am seeing, it looks like it will work. Once this PR is merged, we can cut an actual release.Additional Notes
[Any additional comments, notes, or information relevant to reviewers.]
Submission Checklist
gradle.propertiesCHANGELOG.mdreflects any feature, bug fixes, or known issues made in the source code