Testing GH actions with a SNAPSHOT version

Author: jcpitre

.github/workflows/publish_assets.yml

@@ -91,17 +91,6 @@ jobs:
           asset_name: javadocs.zip
           asset_content_type: application/zip
 
-      # The following steps will publish artifacts to a sonatype staging repo with the aim of promoting them to maven central
-      # Pretty much everything is done through gradle.
-      # The version used will be according to the axion-release-plugin, meaning it will take a tag if present.
-      # The tag should follow semantic versioning, e.g. v1.2.3. There could be a suffix, e.g. v1.2.3-TEST
-      # gradle will build, sign then upload artifacts to a Sonatype staging repo.
-      # See https://s01.oss.sonatype.org for accessing these repos.
-      # At this point it should manually be closed, which will trigger acceptance tests for maven central (but not transfer yet)
-      # Once closed, the repo is available for testing.
-      # After testing, it can be manually promoted on the sonatype site, which will then publish to maven central.
-      # Note than once in maven central a release cannot be removed or altered.
-
       - name: Load secrets from 1Password
         id: onepw_secrets
         uses: ./.github/actions/extract-1password-secret
@@ -112,7 +101,12 @@ jobs:
 
       - name: Build and Publish to Sonatype
         run: |
-          # Don't verify since it has already been done when the PR was created.
-          ./gradlew publish --rerun-tasks -x spotlessCheck
-          ./gradlew customPublish
+          # Publishing to Maven Central will fail if the version is a snapshot, i.e. there is no version tag
+          # directly on the current commit.
+          # See https://repo1.maven.org/maven2/org/mobilitydata/gtfs-validator/ for the maven central repository.
+          # One this step is done, the artefacts will be validated but not yet published.
+          # See https://central.sonatype.com/publishing/deployments (you need to login as mobilitydata)
+          # From this page you can examine the list of artefacts, and either drop them or release them.
+          # Note that once released, the artefacts cannot be removed or altered.
+          ./gradlew publishToMavenCentral
 

.github/workflows/publish_snapshots.yml

@@ -3,18 +3,12 @@ name: Publish Jars Snapshots
 on:
   push:
     branches: [ 146-Migrate-maven-repository ]
-    paths-ignore:
-      - '**.md'
-      - '**.py'
-      - 'Dockerfile'
-      - '.gitignore'
-      - 'LICENSE'
-      - 'docker.yml'
-      - 'formatting.yml'
-      - 'test_pack_dock.yml'
-      - 'triage.yml'
-      - 'acceptance_test.yml'
-      - 'web/**'
+    paths:
+      - 'core/src/main/**'
+      - 'main/src/main/**'
+      - 'model/src/main/**'
+      - 'build.gradle'
+      - '.github/workflows/publish_snapshots.yml'
   workflow_dispatch:
 
 env:
@@ -38,17 +32,6 @@ jobs:
           java-version: ${{ env.java_version }}
           distribution: ${{ env.java_distribution }}
 
-      # The following steps will publish artifacts to a sonatype staging repo with the aim of promoting them to maven central
-      # Pretty much everything is done through gradle.
-      # The version used will be according to the axion-release-plugin, meaning it will take a tag if present.
-      # The tag should follow semantic versioning, e.g. v1.2.3. There could be a suffix, e.g. v1.2.3-TEST
-      # gradle will build, sign then upload artifacts to a Sonatype staging repo.
-      # See https://s01.oss.sonatype.org for accessing these repos.
-      # At this point it should manually be closed, which will trigger acceptance tests for maven central (but not transfer yet)
-      # Once closed, the repo is available for testing.
-      # After testing, it can be manually promoted on the sonatype site, which will then publish to maven central.
-      # Note than once in maven central a release cannot be removed or altered.
-
       - name: Load secrets from 1Password
         id: onepw_secrets
         uses: ./.github/actions/extract-1password-secret
@@ -57,7 +40,11 @@ jobs:
           VARIABLES_TO_EXTRACT: 'MAVEN_GPG_PASSPHRASE, MAVEN_GPG_PRIVATE_KEY, MAVEN_CENTRAL_PORTAL_TOKEN_USERNAME, MAVEN_CENTRAL_PORTAL_TOKEN_PASSWORD'
           ONE_PASSWORD_SECRET_REFERENCES: ${{ vars.ONE_PASSWORD_SECRET_REFERENCES }}
 
-      - name: Build and Publish to Sonatype
+      - name: Build and Publish to the snapshot repository
         run: |
-          ./gradlew publish --rerun-tasks --info
+          # Publishing to the snapshot repository will fail if the current commit has a version tag.
+          # Which in effect makes it a release.
+          # See https://central.sonatype.com/service/rest/repository/browse/maven-snapshots/org/mobilitydata/gtfs-validator/
+          # for the snapshot repository.
+          ./gradlew publishToSnapshotRepository
 

build.gradle

@@ -26,7 +26,6 @@ plugins {
     id 'java'
     id 'maven-publish'
     id 'signing'
-    id 'distribution'
     id 'test-report-aggregation'
     id "io.freefair.aggregate-javadoc" version "6.4.3"
     id "pl.allegro.tech.build.axion-release" version "1.15.3"
@@ -39,7 +38,7 @@ allprojects {
 
     // Per the axion-release plugin, this computes the project version based
     // on the most recent tag in the repo.
-    version scmVersion.version
+    version "1.2-SNAPSHOT"
 
     repositories {
         mavenCentral()
@@ -101,24 +100,15 @@ subprojects {
 
     // These modules require the same publishing configuration, apart from the name of the module
     // Also we want to limit artefact publishing to these modules.
-    if (project.name == 'main' ||
-            project.name == 'core' ||
-            project.name == 'model') {
+    if (project.name == 'main'
+            || project.name == 'core'
+            || project.name == 'model'
+         ) {
         def fullProjectName = 'gtfs-validator-' + project.name
 
         afterEvaluate {
-            tasks.named('publish') {
-                doFirst {
-                    println "Project version: ${scmVersion.version}"
-                }
-            }
             publishing {
                 repositories {
-                    // This is the sonatype staging repo for maven.
-                    // Once uploaded, the repo needs to be manually closed, which will trigger acceptance tests for
-                    // maven central (but not transfer yet).
-                    // Once successfully closed, the repo is available for testing.
-                    // After testing, it can be manually promoted on the sonatype site, which will then publish to maven central.
                     maven {
                         if (version.endsWith('SNAPSHOT')) {
                             url = 'https://central.sonatype.com/repository/maven-snapshots/'
@@ -173,24 +163,34 @@ subprojects {
             }
 
 
-//            tasks.named('publish') {
-//                finalizedBy customPublish
-//            }
-        }
-        task customPublish {
-//                dependsOn publishMavenJavaPublicationToMavenRepository
-//                mustRunAfter publish
-            onlyIf {
-                if (project.version.toString().contains('SNAPSHOT')) {
-                    throw new GradleException("Publishing to Maven Central Portal is not allowed for SNAPSHOT versions. Currently " + project.version)
+            tasks.register('publishToMavenCentral') {
+                if (!version.toString().endsWith('SNAPSHOT')) {
+                    dependsOn tasks.publish
+                }
+                doFirst {
+                    if (version.toString().endsWith('SNAPSHOT')) {
+                        throw new GradleException("Version \"" + version +
+                                "\" is a snapshot. Cannot publish to Maven Central")
+                    }
+                }
+
+                doLast {
+                    exec {
+                        workingDir project.projectDir
+                        commandLine 'bash', "${project.rootDir}/scripts/publish_to_maven_central.sh", project.name, project.version
+                    }
                 }
-                return true
             }
 
-            doLast {
-                exec {
-                    println "Current working directory: ${project.file('.').absolutePath}"
-                    commandLine 'bash', "../scripts/custom_publish.sh", project.name, project.version
+            tasks.register('publishToSnapshotRepository') {
+                if (version.toString().endsWith('SNAPSHOT')) {
+                    dependsOn tasks.publish
+                }
+                doFirst {
+                    if (!version.toString().endsWith('SNAPSHOT')) {
+                        throw new GradleException("Version \"" + version +
+                                "\" is a NOT a snapshot. Cannot publish to the snapshot repository")
+                    }
                 }
             }
         }

scripts/custom_publish.sh

@@ -0,0 +1,35 @@
+#!/bin/bash
+# This script uploads a zip file to Maven Central.
+# It expects the current working directory to be the one where the build folder is located (e.h. core)
+# This build folder should contain the local-repo folder with the artefacts to be zipped and uploaded.
+set -e
+
+subproject=$1
+version=$2
+
+echo "Running $(basename $0) for subproject \"$subproject\" and version \"$version\""
+echo "Executing in directory = $(pwd)"
+
+zipfile=${subproject}.${version}.zip
+
+pushd build/local-repo
+zip -qr ${zipfile} *
+
+bearer_token=$(echo "$MAVEN_CENTRAL_PORTAL_TOKEN_USERNAME:$MAVEN_CENTRAL_PORTAL_TOKEN_PASSWORD" | base64)
+
+
+# Upload to maven central.
+# publishingType=USER_MANAGED means that the artefacts will be uploaded and verified, but not yet published.
+# See https://central.sonatype.com/publishing/deployments (you need to login as mobilitydata)
+# From this page you can examine the list of artefacts, and either drop them or release them.
+# If you want to remove that step, use publishingType=AUTOMATIC, that will publish directly.
+# Note that once published you cannot remove or alter the artifacts.
+answer=$(curl --request POST \
+  --verbose \
+  --header "Authorization: Bearer ${bearer_token}" \
+  --form bundle="@${zipfile}" \
+  'https://central.sonatype.com/api/v1/publisher/upload?publishingType=USER_MANAGED')
+
+echo "curl request answer: $answer"
+
+popd