Added github action to publish#45
Conversation
ethan-wrasman-pkware
requested review from
MariusVolkhart and
mbayerPK
as code owners
ethan-wrasman-pkware
force-pushed
the
ew/update_github_actions
branch
2 times, most recently
from
696aacb to
f090e1b
Compare
| `git tag -a X.Y.Z -m "X.Y.Z"`(X.Y.Z is the new version). | ||
| 7. Run `git push --tags`. | ||
| 8. Run `./gradlew publish` in the terminal or command line. | ||
| 9. Visit [Sonatype Nexus] and promote the artifact. |
There was a problem hiding this comment.
My understanding is we still need to promote the artifact. I think they call it components now.
There was a problem hiding this comment.
I see. I think the issue with this will be that you or someone else registered under the namespace will still need to manually promote it. I'll look to see if there is an api call I can use that does this.
There was a problem hiding this comment.
Yeah. if we cannot automate and/or make an api call to promote the artifact using the action, I am not sure how much value we will get from using secrets for the rest of the publishing steps. If it cannot be automated, you would still need non secret creds to login to nexus to promote the artifact like you are saying
| // Signing credentials are stored locally in the user's global gradle.properties file. | ||
| // See https://docs.gradle.org/current/userguide/signing_plugin.html#sec:signatory_credentials for more information. | ||
| useInMemoryPgpKeys( | ||
| signingKeyId, |
There was a problem hiding this comment.
https://docs.gradle.org/current/userguide/signing_plugin.html?cmdf=gradle+useinmemorypgpkey#sec:in-memory-keys suggests the key ID isn't needed
There was a problem hiding this comment.
Oh I see, for pgp subkeys. all good.
mbayerPK
left a comment
mbayerPK
left a comment
There was a problem hiding this comment.
Approving but left some comments that I would like addressed before things are merged
| signing { | ||
| // Signing credentials are stored locally in the user's global gradle.properties file. | ||
| // See https://docs.gradle.org/current/userguide/signing_plugin.html#sec:signatory_credentials for more information. | ||
| useInMemoryPgpKeys( |
There was a problem hiding this comment.
I would still prefer some docs here about what signingKeyId, signingKey, and signingPassword refer to, namely the SIGNING_KEY_ID and ORG_GRADLE_PROJECT_SIGNING_KEY_ID and other env vars in the github build environment .github/workflows/publish.yml build action file and lines 118-124 below.
You could still include the link to https://docs.gradle.org/current/userguide/signing_plugin.html#sec:signatory_credentials as I recall this being a harder thing to figure out and this would be helpful if anything needs to change in the future
| distribution: 'temurin' | ||
|
|
||
| - name: Publish to Maven Central | ||
| run: ./gradlew publish |
There was a problem hiding this comment.
I dont think we want to publish snapshot builds to maven central at all either so you should add a if: "!contains(github.ref, 'SNAPSHOT')" check here as well.
Or maybe have an overall rule for the entire file that nothing is done for a snapshot build here.
There was a problem hiding this comment.
Whatever rule I set up, I'll add to the readme. We do want the ability to publish a snapshot (the ./gradlew publish already had functionality for it and Marius set it up in sonatype). I'm going to change the whole pipeline to run only from a release branch.
If we want a normal release, merge to main from release/x.x.x
If we want a snapshot release, merge to main from release/x.x.x-SNAPSHOT
ethan-wrasman-pkware
force-pushed
the
ew/update_github_actions
branch
from
f090e1b to
74540e2
Compare
ethan-wrasman-pkware
force-pushed
the
ew/update_github_actions
branch
from
74540e2 to
9f5c373
Compare
3 participants
No description provided.