From a5edea27acb6fa7be59b2b958e23e161d182ffea Mon Sep 17 00:00:00 2001 From: Roman Zabaluev Date: Wed, 3 Sep 2025 14:23:23 +0400 Subject: [PATCH 1/8] Fix serde API publishing --- .github/workflows/release-serde-api.yml | 6 +----- serde-api/build.gradle | 4 ++++ 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release-serde-api.yml b/.github/workflows/release-serde-api.yml index e19a6e38d..348dca470 100644 --- a/.github/workflows/release-serde-api.yml +++ b/.github/workflows/release-serde-api.yml @@ -34,8 +34,4 @@ jobs: - name: Publish to Maven Central # TODO fix me next publish, I'm broken :( run: | - mvn source:jar javadoc:jar package gpg:sign \ - -Dgpg.passphrase=${{ secrets.GPG_PASSPHRASE }} \ - -Dserver.username=${{ secrets.NEXUS_USERNAME }} \ - -Dserver.password=${{ secrets.NEXUS_PASSWORD }} \ - central-publishing:publish -pl serde-api -s settings.xml + ./gradlew :serde-api:publish diff --git a/serde-api/build.gradle b/serde-api/build.gradle index 913116e3b..64f9e7e72 100644 --- a/serde-api/build.gradle +++ b/serde-api/build.gradle @@ -25,6 +25,10 @@ artifacts { if (release) { signing { + useInMemoryPgpKeys( + System.getenv("GPG_PRIVATE_KEY"), + System.getenv("GPG_PASSPHRASE") + ) sign(publishing.publications) } } From 995e9f3fe8ef989a34f797239a9e00c25a160337 Mon Sep 17 00:00:00 2001 From: Roman Zabaluev Date: Thu, 4 Sep 2025 02:33:51 +0400 Subject: [PATCH 2/8] Release = true for publish --- .github/workflows/release-serde-api.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-serde-api.yml b/.github/workflows/release-serde-api.yml index 348dca470..2e9542ee0 100644 --- a/.github/workflows/release-serde-api.yml +++ b/.github/workflows/release-serde-api.yml @@ -32,6 +32,6 @@ jobs: cat <(echo -e "${{ secrets.GPG_PRIVATE_KEY }}") | gpg --batch --import - name: Publish to Maven Central - # TODO fix me next publish, I'm broken :( run: | - ./gradlew :serde-api:publish + ./gradlew :serde-api:publish \ + -Prelease=true \ From 6d81c0f790250375716b9f777e9f828881a8b8bd Mon Sep 17 00:00:00 2001 From: Roman Zabaluev Date: Thu, 4 Sep 2025 02:36:35 +0400 Subject: [PATCH 3/8] Fix central creds retrieval --- serde-api/build.gradle | 4 ++-- serde-api/gradle.properties | 2 -- 2 files changed, 2 insertions(+), 4 deletions(-) delete mode 100644 serde-api/gradle.properties diff --git a/serde-api/build.gradle b/serde-api/build.gradle index 64f9e7e72..198e21b73 100644 --- a/serde-api/build.gradle +++ b/serde-api/build.gradle @@ -39,8 +39,8 @@ publishing { maven { url "https://s01.oss.sonatype.org/service/local/staging/deploy/maven2" credentials { - username sonatypeUsername - password sonatypePassword + username System.getenv("NEXUS_USERNAME") + password System.getenv("NEXUS_PASSWORD") } } } diff --git a/serde-api/gradle.properties b/serde-api/gradle.properties deleted file mode 100644 index 8577ce8c4..000000000 --- a/serde-api/gradle.properties +++ /dev/null @@ -1,2 +0,0 @@ -sonatypeUsername= -sonatypePassword= From 2a60f81f6e4e7a369bcc648ea095b43bfb40c585 Mon Sep 17 00:00:00 2001 From: Roman Zabaluev Date: Thu, 4 Sep 2025 02:38:10 +0400 Subject: [PATCH 4/8] One more --- build.gradle | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build.gradle b/build.gradle index deb45bcf0..a38219216 100644 --- a/build.gradle +++ b/build.gradle @@ -55,8 +55,8 @@ if (release) { nexusUrl = uri("https://s01.oss.sonatype.org/service/local/") snapshotRepositoryUrl = uri("https://s01.oss.sonatype.org/content/repositories/snapshots/") - username = sonatypeUsername - password = sonatypePassword + username = System.getenv("NEXUS_USERNAME") + password = System.getenv("NEXUS_PASSWORD") } } } From af4214adcefb5f2f19a3403cfa9777d8cf54f93f Mon Sep 17 00:00:00 2001 From: Roman Zabaluev Date: Thu, 4 Sep 2025 02:44:17 +0400 Subject: [PATCH 5/8] moar secrets --- .github/workflows/release-serde-api.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release-serde-api.yml b/.github/workflows/release-serde-api.yml index 2e9542ee0..e39d9785c 100644 --- a/.github/workflows/release-serde-api.yml +++ b/.github/workflows/release-serde-api.yml @@ -26,12 +26,12 @@ jobs: distribution: 'zulu' cache: 'gradle' - - id: install-secret-key - name: Install GPG secret key - run: | - cat <(echo -e "${{ secrets.GPG_PRIVATE_KEY }}") | gpg --batch --import - - name: Publish to Maven Central + env: + GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} + GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + NEXUS_USERNAME: ${{ secrets.NEXUS_USERNAME }} + NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }} run: | ./gradlew :serde-api:publish \ -Prelease=true \ From 3b7912853cdb8b76e4b74f9d0a353eaab2a6f323 Mon Sep 17 00:00:00 2001 From: Roman Zabaluev Date: Thu, 4 Sep 2025 02:53:14 +0400 Subject: [PATCH 6/8] Add version input --- .github/workflows/release-serde-api.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release-serde-api.yml b/.github/workflows/release-serde-api.yml index e39d9785c..64954d62e 100644 --- a/.github/workflows/release-serde-api.yml +++ b/.github/workflows/release-serde-api.yml @@ -1,6 +1,13 @@ name: "Infra: Release: Serde API" -on: workflow_dispatch +on: + workflow_dispatch: + inputs: + version: + required: true + type: string + description: Serde API version to release. Must not be a SNAPSHOT. + default: 1.x.0 permissions: contents: read @@ -35,3 +42,4 @@ jobs: run: | ./gradlew :serde-api:publish \ -Prelease=true \ + -Pversion=${{ inputs.version }} From 82cbef4572aae8e726cdb3dc3d9cd9e1e347353e Mon Sep 17 00:00:00 2001 From: Roman Zabaluev Date: Thu, 4 Sep 2025 03:09:43 +0400 Subject: [PATCH 7/8] Upd borked central URLs --- build.gradle | 4 ++-- serde-api/build.gradle | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/build.gradle b/build.gradle index a38219216..202bcd577 100644 --- a/build.gradle +++ b/build.gradle @@ -52,8 +52,8 @@ if (release) { nexusPublishing { repositories { sonatype { - nexusUrl = uri("https://s01.oss.sonatype.org/service/local/") - snapshotRepositoryUrl = uri("https://s01.oss.sonatype.org/content/repositories/snapshots/") + nexusUrl = uri("https://ossrh-staging-api.central.sonatype.com/service/local/") + snapshotRepositoryUrl = uri("https://ossrh-staging-api.central.sonatype.com/content/repositories/snapshots/") username = System.getenv("NEXUS_USERNAME") password = System.getenv("NEXUS_PASSWORD") diff --git a/serde-api/build.gradle b/serde-api/build.gradle index 198e21b73..aac0da577 100644 --- a/serde-api/build.gradle +++ b/serde-api/build.gradle @@ -37,7 +37,7 @@ publishing { if (release) { repositories { maven { - url "https://s01.oss.sonatype.org/service/local/staging/deploy/maven2" + url "https://ossrh-staging-api.central.sonatype.com/service/local/staging/deploy/maven2" credentials { username System.getenv("NEXUS_USERNAME") password System.getenv("NEXUS_PASSWORD") From 793db5581fd9dd683c4235e1d9f662e64a980910 Mon Sep 17 00:00:00 2001 From: Roman Zabaluev Date: Thu, 4 Sep 2025 03:40:53 +0400 Subject: [PATCH 8/8] Add close staging goal --- .github/workflows/release-serde-api.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release-serde-api.yml b/.github/workflows/release-serde-api.yml index 64954d62e..b2524f3db 100644 --- a/.github/workflows/release-serde-api.yml +++ b/.github/workflows/release-serde-api.yml @@ -41,5 +41,6 @@ jobs: NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }} run: | ./gradlew :serde-api:publish \ + :serde-api:closeAndReleaseSonatypeStagingRepository \ -Prelease=true \ -Pversion=${{ inputs.version }}