From 5f68a141624485318a1b4848950c28c3997b077d Mon Sep 17 00:00:00 2001 From: Andrew Lee Rubinger Date: Sat, 14 Dec 2024 21:19:31 -0500 Subject: [PATCH] Issue 56/publish snapshots central (#57) * Issue #56 - Publish SNAPSHOTs to Maven Central, not TBD Artifactory * Issue #56 - Update to new org secret name * publishing: add tailing slash to ossrh-snapshots URL * Fix the user token in GH Actions org secrets - must be tied to the correct Sonatype server Align with URLs from https://central.sonatype.org/publish/publish-guide/#accessing-repositories --------- Co-authored-by: finn --- .github/workflows/build.yml | 10 +++------- .github/workflows/release.yml | 4 ++-- .maven_settings.xml | 20 -------------------- pom.xml | 19 +------------------ 4 files changed, 6 insertions(+), 47 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 88e70dd..da09cf0 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -95,17 +95,13 @@ jobs: --batch-mode \ -DnewVersion=${{ steps.resolve_version.outputs.resolved_version }} - set +x - GITHUB_ID_TOKEN="$(curl -sLS -H "User-Agent: actions/oidc-client" -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=jfrog-github" | jq -r .value)" - export ARTIFACTORY_PASSWORD="$(curl -fsH "Content-Type: application/json" "https://blockxyz.jfrog.io/access/api/v1/oidc/token" -d "{\"grant_type\": \"urn:ietf:params:oauth:grant-type:token-exchange\", \"subject_token_type\":\"urn:ietf:params:oauth:token-type:id_token\", \"subject_token\": \"${GITHUB_ID_TOKEN}\", \"provider_name\": \"github\"}" | jq -r .access_token)" - export ARTIFACTORY_USERNAME="github/${GITHUB_ACTOR}" - set -x - # Maven deploy lifecycle will build, run tests, verify, sign, and deploy - mvn deploy --batch-mode --settings .maven_settings.xml -P sign-artifacts + mvn deploy --batch-mode --settings .maven_settings.xml -P sign-artifacts,ossrh env: SIGN_KEY_PASS: ${{ secrets.GPG_SECRET_PASSPHRASE }} SIGN_KEY: ${{ secrets.GPG_SECRET_KEY }} + SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME_XYZ_BLOCK }} + SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD_XYZ_BLOCK }} - name: Upload coverage reports to Codecov uses: codecov/codecov-action@v5 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8d8948f..248af41 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -75,8 +75,8 @@ jobs: env: SIGN_KEY_PASS: ${{ secrets.GPG_SECRET_PASSPHRASE }} SIGN_KEY: ${{ secrets.GPG_SECRET_KEY }} - SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }} - SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }} + SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME_XYZ_BLOCK }} + SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD_XYZ_BLOCK }} - name: Create GitHub Release uses: softprops/action-gh-release@v2 diff --git a/.maven_settings.xml b/.maven_settings.xml index b15e703..10a5682 100644 --- a/.maven_settings.xml +++ b/.maven_settings.xml @@ -1,25 +1,5 @@ - - block-oss-releases - ${env.ARTIFACTORY_USERNAME} - ${env.ARTIFACTORY_PASSWORD} - - - block-oss-snapshots - ${env.ARTIFACTORY_USERNAME} - ${env.ARTIFACTORY_PASSWORD} - - - block-oss-releases - ${env.ARTIFACTORY_USERNAME} - ${env.ARTIFACTORY_PASSWORD} - - - block-oss-snapshots - ${env.ARTIFACTORY_USERNAME} - ${env.ARTIFACTORY_PASSWORD} - ossrh-snapshots ${env.SONATYPE_USERNAME} diff --git a/pom.xml b/pom.xml index 9d6bbb4..e3ab02f 100644 --- a/pom.xml +++ b/pom.xml @@ -449,7 +449,7 @@ ossrh-snapshots - https://s01.oss.sonatype.org/content/repositories/snapshots + https://s01.oss.sonatype.org/content/repositories/snapshots/ @@ -460,23 +460,6 @@ - - - false - block-oss-releases - Block OSS Releases Repository - https://blockxyz.jfrog.io/artifactory/block-oss-releases-maven2 - default - - - false - block-oss-snapshots - Block OSS Snapshots Repository - https://blockxyz.jfrog.io/artifactory/block-oss-snapshots-maven2 - default - - - block-oss-thirdparty