@W-21191311 Enable publishing to new Sonatype portal#162
Conversation
| MAVEN_USERNAME: ${{ secrets.MAVEN_CENTRAL_USER }} | ||
| MAVEN_PASSWORD: ${{ secrets.MAVEN_CENTRAL_TOKEN }} | ||
| MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }} | ||
| MAVEN_USERNAME: ${{ secrets.MAVEN_CENTRAL_USER_2 }} |
There was a problem hiding this comment.
Would you also update these variable names in settings.xml and maven-publish.yml
There was a problem hiding this comment.
@sahil-here The values used in settings.xml are from the environment rather than from secrets and are set by maven-release.yml and maven-publish.yml. So, there's no need to make changes to settings.xml.
Also, some of the values which are used by settings.xml are set by maven-publish.yml but not by maven-release.yml. So, at first it seems that we need to update maven-publish.yml, as you requested. However, it seemed to me from our FE release process doc (https://salesforce.quip.com/xrT0AlfumtsI#UNXAAABdyzn) that we don't use maven-publish.yml. If we don't use maven-publish.yml, and if settings.xml depends upon maven-publish.yml, then it seems to me that neither maven-publish.yml nor settings.xml are being used. I was going to ask about that during Friday standup.
If we are actually using those files then I agree that I need to update maven-publish.yml. If we are not using those files then perhaps we should delete those files.
Please correct any misunderstandings I might have.
There was a problem hiding this comment.
I don't think the maven-publish.yml is being used, the GPG keys expired 2 years ago.
There was a problem hiding this comment.
I am not sure about settings.xml.
I checked and looks like maven-publish.yml does not have any history of workflows, not sure if there could still be something that might be running it, but it is not showing up alteast in this repo.
There was a problem hiding this comment.
@sahil-here I updated the secrets for maven-publish.yml.
| MAVEN_USERNAME: ${{ secrets.MAVEN_CENTRAL_USER }} | ||
| MAVEN_PASSWORD: ${{ secrets.MAVEN_CENTRAL_TOKEN }} | ||
| MAVEN_CENTRAL_TOKEN: ${{ secrets.MAVEN_CENTRAL_TOKEN }} | ||
| MAVEN_USERNAME: ${{ secrets.MAVEN_CENTRAL_USER_2 }} |
There was a problem hiding this comment.
I don't think the maven-publish.yml is being used, the GPG keys expired 2 years ago.
| body: ${{ github.event.inputs.release-body }} | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| - name: Encode credentials to Base64 |
There was a problem hiding this comment.
Is this section new? required?
There was a problem hiding this comment.
According to the Sonatype doc, that new section is required: https://central.sonatype.org/publish/publish-portal-ossrh-staging-api/#configuring-the-repository. They even emphasize with "must".
There was a problem hiding this comment.
This section?
**Documentation of Manual API Endpoints⚓︎
To authenticate your requests to the Manual API Endpoints, you will need to provide an Authorization header the same way that it is done for the Publisher API. Specifically, it expects a Bearer token that is the base64 encoded string of your token username and token password separated by ...
There was a problem hiding this comment.
"After all of the artifacts have been uploaded, your CI process should make a request to POST /manual/upload/defaultRepository/ where is the namespace that you see in https://central.sonatype.com/publishing/namespaces when you log in with the account that was used to generate the token. This must be done from the same IP that was used when uploading the files, so adding it to the end of your CI process is the most likely way for this to work reliably."
| - name: Ensure visibility in Central Publisher Portal | ||
| run: | | ||
| curl -H "Authorization: Bearer ${{ steps.encode_credentials_step.outputs.ENCODED_CREDENTIALS }}" -i -X POST https://ossrh-staging-api.central.sonatype.com/manual/upload/defaultRepository/com.salesforce.formula | ||
|
|
There was a problem hiding this comment.
What exactly is this for? looks like it is used to upload files manually.
There was a problem hiding this comment.
That's the POST request which is described in the Sonatype procedure which I linked. That request ensures visibility in the portal.
3 participants
Here's the basic description of what I did in this PR: https://central.sonatype.org/publish/publish-portal-ossrh-staging-api/
Also, I had to google a bit to find some details. This article was helpful: https://www.endoflineblog.com/migrate-maven-central-publishing-to-central-portal-for-a-gradle-project
Also, we seem to be using an older version of the maven plugin than is being used by grammaticus. I recommend that we update that version, but have not updated that version in this PR as I want to minimize variables while we are attempting to restore our ability to publish. In a second PR we can update the maven plugin version.