This PR adds Maven Central publishing to the Audioswitch project. Previously Audioswitch was published to JCenter, but due to their pending shutdown of the service, we needed to migrate to a new artifact provider.
This PR uses the Gradle Nexus Publish Plugin to manage multitenancy and closing and releasing Next staging repositories.
A few new environment variables were added to the CircleCI settings to assist with this:
OSSRH_USERNAME: The username for the MavenCentral repository. We are actually using a user token here for our twilio-sdk-build user.
OSSRH_PASSWORD: The password for the MavenCentral repository. Again, in this case this is the user token password.
SONATYPE_STAGING_PROFILE_ID: The MavenCentral staging repository profile id. This was obtained from oss.sonatype.org.
SIGNING_KEY_ID: The signing key ID for the twilio-sdk-build user.
SIGNING_KEY: The base64 encoded GPG private key used for signing the artifacts.
SIGNING_SECRET_KEY_RING_FILE: The location where the base64 decoded GPG private key should be written during the and consumed from during the CI process.
SIGNING_PASSWORD: The password for the GPG private key file
Breakdown
Updated the .circleci/config.yml file to extract the base64 encoded GPG data from the environment variable and write it to the file specified in the SIGNING_SECRET_KEY_RING_FILE environment variable. This is used in both the publish-pre-release and publish-release tasks.
Updated the Gradle task name that is run in the publish-release task to accurately reflect what it now does: sonatypeAudioSwitchReleaseUpload.
Updated CHANGELOG.md and CONTRIBUTORS.md
Added the signing plugin in audioswitch/build.gradle and configured it for use
Added the necessary pom.xml information in the publishing: publications block to ensure that the Maven Central requirements are met. This validation happens during the close operation on the staging repository.
Removed the unneeded uploadArchives block in audioswitch/build.gradle now that we are no longer publishing to Bintray.
Removed now unused gradle extended properties that were used for Bintray publishing. Also removed ext.getAudioSwitchJfrogOssPassword as it was not being used.
Added both the maven-publish and io.github.gradle-nexus.publish-plugin gradle plugins to the root gradle file.
Configured the nexusPublishing block for publishing to MavenCentral/Sonatype
Added the necessary signing properties to the jfrogOssSnapshotsAudioSwitchUpload gradle task so that our snapshots that are published are able to be signed
Renamed the bintrayAudioSwitchReleaseUpload gradle task to sonatypeAudioSwitchReleaseUpload to accurately reflect what it is doing.
Augmented the sonatypeAudioSwitchReleaseUpload task to publish the artifacts to the Sonatype repository and then close and release it.
Validation
I have validated that with the changes we are still able to publish to the JFrog OSS repo. We can discuss if we want to forgo this and just publish snapshots to the MavenCentral snapshot repository.
I have tested the publish-release task to ensure that we get the artifact uploaded and the repo is closed. I have yet to actually run the portion that does the release, but from what I am seeing, it looks like it will work. Once this PR is merged, we can cut an actual release.
Additional Notes
[Any additional comments, notes, or information relevant to reviewers.]
Submission Checklist
[x] The source has been evaluated for semantic versioning changes and are reflected in gradle.properties
[x] The CHANGELOG.md reflects any feature, bug fixes, or known issues made in the source code
Description
This PR adds Maven Central publishing to the Audioswitch project. Previously Audioswitch was published to JCenter, but due to their pending shutdown of the service, we needed to migrate to a new artifact provider.
This PR uses the Gradle Nexus Publish Plugin to manage multitenancy and closing and releasing Next staging repositories.
A few new environment variables were added to the CircleCI settings to assist with this:
OSSRH_USERNAME
: The username for the MavenCentral repository. We are actually using a user token here for ourtwilio-sdk-build
user.OSSRH_PASSWORD
: The password for the MavenCentral repository. Again, in this case this is the user token password.SONATYPE_STAGING_PROFILE_ID
: The MavenCentral staging repository profile id. This was obtained fromoss.sonatype.org
.SIGNING_KEY_ID
: The signing key ID for thetwilio-sdk-build
user.SIGNING_KEY
: The base64 encoded GPG private key used for signing the artifacts.SIGNING_SECRET_KEY_RING_FILE
: The location where the base64 decoded GPG private key should be written during the and consumed from during the CI process.SIGNING_PASSWORD
: The password for the GPG private key fileBreakdown
.circleci/config.yml
file to extract the base64 encoded GPG data from the environment variable and write it to the file specified in theSIGNING_SECRET_KEY_RING_FILE
environment variable. This is used in both thepublish-pre-release
andpublish-release
tasks.publish-release
task to accurately reflect what it now does:sonatypeAudioSwitchReleaseUpload
.CHANGELOG.md
andCONTRIBUTORS.md
signing
plugin inaudioswitch/build.gradle
and configured it for usepom.xml
information in thepublishing: publications
block to ensure that the Maven Central requirements are met. This validation happens during the close operation on the staging repository.uploadArchives
block inaudioswitch/build.gradle
now that we are no longer publishing to Bintray.ext.getAudioSwitchJfrogOssPassword
as it was not being used.maven-publish
andio.github.gradle-nexus.publish-plugin
gradle plugins to the root gradle file.nexusPublishing
block for publishing to MavenCentral/SonatypejfrogOssSnapshotsAudioSwitchUpload
gradle task so that our snapshots that are published are able to be signedbintrayAudioSwitchReleaseUpload
gradle task tosonatypeAudioSwitchReleaseUpload
to accurately reflect what it is doing.sonatypeAudioSwitchReleaseUpload
task to publish the artifacts to the Sonatype repository and then close and release it.Validation
publish-release
task to ensure that we get the artifact uploaded and the repo is closed. I have yet to actually run the portion that does the release, but from what I am seeing, it looks like it will work. Once this PR is merged, we can cut an actual release.Additional Notes
[Any additional comments, notes, or information relevant to reviewers.]
Submission Checklist
gradle.properties
CHANGELOG.md
reflects any feature, bug fixes, or known issues made in the source code