Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Publishing to Maven Central example is incorrect #1118

Closed
4 tasks done
jagodevreede opened this issue Dec 18, 2022 · 6 comments
Closed
4 tasks done

Publishing to Maven Central example is incorrect #1118

jagodevreede opened this issue Dec 18, 2022 · 6 comments
Labels
bug Something isn't working invalid This doesn't seem right

Comments

@jagodevreede
Copy link

Task List

  • Steps to reproduce provided
  • Stacktrace (if present) provided
  • Example that reproduces the problem (link to git repository is ideal)
  • Full description of the issue provided (see below)

Description

The example at https://jreleaser.org/guide/latest/examples/maven/maven-central.html will result in a failed release (at nexus). With a failed step: Event: Failed: Signature Validation This is because jreleaser does not upload the signed files *.asc to nexus.

Steps to Reproduce

  1. checkout project at https://github.com/jagodevreede/jreleaser-reproducer/tree/mavenCentral
  2. run mvn -Ppublication deploy -DaltDeploymentRepository=local::file:./target/staging-deploy as per example: https://jreleaser.org/guide/latest/examples/maven/staging-artifacts.html
  3. run jreleaser full-release --dry-run

Expected Behaviour

That all files in the staging-deploy are uploaded but also the signed files

Actual Behaviour

Log:

[INFO]  JReleaser 1.3.1
[INFO]  Configuring with jreleaser.yml
[INFO]    - basedir set to /Users/jagodevreede/git/jreleaser-reproducer
[INFO]  Reading configuration
[INFO]  Loading variables from /Users/jagodevreede/.jreleaser/config.properties
[INFO]  Validating configuration
[INFO]  Project version set to 0.0.1
[INFO]  Release is not snapshot
[INFO]  Timestamp is 2022-12-18T20:46:16.240383+01:00
[INFO]  HEAD is at 7ebace2
[INFO]  Platform is osx-x86_64
[INFO]  dry-run set to true
[INFO]  Generating changelog
[INFO]  Storing changelog: out/jreleaser/release/CHANGELOG.md
[INFO]  Calculating checksums
[INFO]    [checksum] target/staging-deploy/io/github/jagodevreede/module-a/0.0.1/module-a-0.0.1-javadoc.jar.sha256
[INFO]    [checksum] target/staging-deploy/io/github/jagodevreede/module-a/0.0.1/module-a-0.0.1-sources.jar.sha256
[INFO]    [checksum] target/staging-deploy/io/github/jagodevreede/module-a/0.0.1/module-a-0.0.1.jar.sha256
[INFO]    [checksum] target/staging-deploy/io/github/jagodevreede/module-a/0.0.1/module-a-0.0.1.pom.sha256
[INFO]    [checksum] target/staging-deploy/io/github/jagodevreede/jreleaser-reproducer/0.0.1/jreleaser-reproducer-0.0.1.pom.sha256
[INFO]  Signing files
[INFO]    [sign] target/staging-deploy/io/github/jagodevreede/module-a/0.0.1/module-a-0.0.1-javadoc.jar
[INFO]    [sign] target/staging-deploy/io/github/jagodevreede/module-a/0.0.1/module-a-0.0.1-sources.jar
[INFO]    [sign] target/staging-deploy/io/github/jagodevreede/module-a/0.0.1/module-a-0.0.1.jar
[INFO]    [sign] target/staging-deploy/io/github/jagodevreede/module-a/0.0.1/module-a-0.0.1.pom
[INFO]    [sign] target/staging-deploy/io/github/jagodevreede/jreleaser-reproducer/0.0.1/jreleaser-reproducer-0.0.1.pom
[INFO]    [sign] out/jreleaser/checksums/checksums_sha256.txt
[INFO]  Deploying all staged artifacts
[INFO]    [nexus2] Deploying to maven-central
[INFO]    [nexus2]  - jreleaser-reproducer-0.0.1.pom
[INFO]    [nexus2]  - jreleaser-reproducer-0.0.1.pom.md5
[INFO]    [nexus2]  - jreleaser-reproducer-0.0.1.pom.sha1
[INFO]    [nexus2]  - jreleaser-reproducer-0.0.1.pom.sha256
[INFO]    [nexus2]  - jreleaser-reproducer-0.0.1.pom.sha512
[INFO]    [nexus2]  - module-a-0.0.1-javadoc.jar
[INFO]    [nexus2]  - module-a-0.0.1-javadoc.jar.md5
[INFO]    [nexus2]  - module-a-0.0.1-javadoc.jar.sha1
[INFO]    [nexus2]  - module-a-0.0.1-javadoc.jar.sha256
[INFO]    [nexus2]  - module-a-0.0.1-javadoc.jar.sha512
[INFO]    [nexus2]  - module-a-0.0.1-sources.jar
[INFO]    [nexus2]  - module-a-0.0.1-sources.jar.md5
[INFO]    [nexus2]  - module-a-0.0.1-sources.jar.sha1
[INFO]    [nexus2]  - module-a-0.0.1-sources.jar.sha256
[INFO]    [nexus2]  - module-a-0.0.1-sources.jar.sha512
[INFO]    [nexus2]  - module-a-0.0.1.jar
[INFO]    [nexus2]  - module-a-0.0.1.jar.md5
[INFO]    [nexus2]  - module-a-0.0.1.jar.sha1
[INFO]    [nexus2]  - module-a-0.0.1.jar.sha256
[INFO]    [nexus2]  - module-a-0.0.1.jar.sha512
[INFO]    [nexus2]  - module-a-0.0.1.pom
[INFO]    [nexus2]  - module-a-0.0.1.pom.md5
[INFO]    [nexus2]  - module-a-0.0.1.pom.sha1
[INFO]    [nexus2]  - module-a-0.0.1.pom.sha256
[INFO]    [nexus2]  - module-a-0.0.1.pom.sha512
[INFO]  Uploading is not enabled. Skipping
[INFO]  Releasing to https://github.com/jagodevreede/jreleaser-reproducer
[INFO]   - uploading module-a-0.0.1-javadoc.jar
[INFO]   - uploading module-a-0.0.1-sources.jar
[INFO]   - uploading module-a-0.0.1.jar
[INFO]   - uploading module-a-0.0.1.pom
[INFO]   - uploading jreleaser-reproducer-0.0.1.pom
[INFO]   - uploading checksums_sha256.txt
[INFO]   - uploading module-a-0.0.1-javadoc.jar.asc
[INFO]   - uploading module-a-0.0.1-sources.jar.asc
[INFO]   - uploading module-a-0.0.1.jar.asc
[INFO]   - uploading module-a-0.0.1.pom.asc
[INFO]   - uploading jreleaser-reproducer-0.0.1.pom.asc
[INFO]   - uploading checksums_sha256.txt.asc
[INFO]  Announcing release
[INFO]  Announcing is not enabled. Skipping
[INFO]  Writing output properties to out/jreleaser/output.properties
[INFO]  JReleaser succeeded after 2,020 s

Environment Information

  • Operating System: OSX
  • JReleaser Version: 1.3.1
  • JDK Version: openjdk 17.0.4

There is no stacktrace from [out|build|target]/jreleaser/trace.log.
@jagodevreede jagodevreede added the bug Something isn't working label Dec 18, 2022
@aalmiray
Copy link
Member

aalmiray commented Dec 18, 2022
edited

Can not reproduce with latest snapshot

$ jreleaser -V
------------------------------------------------------------
jreleaser 1.4.0-SNAPSHOT
------------------------------------------------------------
Build time:   2022-12-17 14:14:29-06:00
Revision:     66360a26addf8872040bf3570f42da5e963111b2
JVM:          11.0.17 (Azul Systems, Inc. 11.0.17+8-LTS)
------------------------------------------------------------

I get the following output when running full-release on the reproducer project

$ jreleaser full-release --dry-run
[INFO]  JReleaser 1.4.0-SNAPSHOT
[INFO]  Configuring with jreleaser.yml
[INFO]    - basedir set to /private/tmp/jreleaser-reproducer
[INFO]    - outputdir set to /private/tmp/jreleaser-reproducer/out/jreleaser
[INFO]  Reading configuration
[INFO]  git-root-search set to false
[INFO]  Loading variables from /Users/aalmiray/.jreleaser/config.toml
[INFO]  Validating configuration
[INFO]  Strict mode set to false
[INFO]  Project version set to 0.0.1
[INFO]  Release is not snapshot
[INFO]  Timestamp is 2022-12-18T15:06:51.596152-06:00
[INFO]  HEAD is at 4ea80ef
[INFO]  Platform is osx-x86_64
[INFO]  dry-run set to true
[INFO]  Generating changelog
[INFO]  Storing changelog: out/jreleaser/release/CHANGELOG.md
[INFO]  Calculating checksums
[INFO]    [checksum] target/staging-deploy/io/github/jagodevreede/module-a/0.0.1/module-a-0.0.1-javadoc.jar.sha256
[INFO]    [checksum] target/staging-deploy/io/github/jagodevreede/module-a/0.0.1/module-a-0.0.1-sources.jar.sha256
[INFO]    [checksum] target/staging-deploy/io/github/jagodevreede/module-a/0.0.1/module-a-0.0.1.jar.sha256
[INFO]    [checksum] target/staging-deploy/io/github/jagodevreede/module-a/0.0.1/module-a-0.0.1.pom.sha256
[INFO]    [checksum] target/staging-deploy/io/github/jagodevreede/jreleaser-reproducer/0.0.1/jreleaser-reproducer-0.0.1.pom.sha256
[INFO]  Signing files
[INFO]    [sign] target/staging-deploy/io/github/jagodevreede/module-a/0.0.1/module-a-0.0.1-javadoc.jar
[INFO]    [sign] target/staging-deploy/io/github/jagodevreede/module-a/0.0.1/module-a-0.0.1-sources.jar
[INFO]    [sign] target/staging-deploy/io/github/jagodevreede/module-a/0.0.1/module-a-0.0.1.jar
[INFO]    [sign] target/staging-deploy/io/github/jagodevreede/module-a/0.0.1/module-a-0.0.1.pom
[INFO]    [sign] target/staging-deploy/io/github/jagodevreede/jreleaser-reproducer/0.0.1/jreleaser-reproducer-0.0.1.pom
[INFO]    [sign] out/jreleaser/checksums/checksums_sha256.txt
[INFO]  Deploying all staged artifacts
[INFO]    [nexus2] Deploying to maven-central
[INFO]    [nexus2]  - jreleaser-reproducer-0.0.1.pom
[INFO]    [nexus2]  - jreleaser-reproducer-0.0.1.pom.asc
[INFO]    [nexus2]  - jreleaser-reproducer-0.0.1.pom.md5
[INFO]    [nexus2]  - jreleaser-reproducer-0.0.1.pom.sha1
[INFO]    [nexus2]  - jreleaser-reproducer-0.0.1.pom.sha256
[INFO]    [nexus2]  - jreleaser-reproducer-0.0.1.pom.sha512
[INFO]    [nexus2]  - module-a-0.0.1-javadoc.jar
[INFO]    [nexus2]  - module-a-0.0.1-javadoc.jar.asc
[INFO]    [nexus2]  - module-a-0.0.1-javadoc.jar.md5
[INFO]    [nexus2]  - module-a-0.0.1-javadoc.jar.sha1
[INFO]    [nexus2]  - module-a-0.0.1-javadoc.jar.sha256
[INFO]    [nexus2]  - module-a-0.0.1-javadoc.jar.sha512
[INFO]    [nexus2]  - module-a-0.0.1-sources.jar
[INFO]    [nexus2]  - module-a-0.0.1-sources.jar.asc
[INFO]    [nexus2]  - module-a-0.0.1-sources.jar.md5
[INFO]    [nexus2]  - module-a-0.0.1-sources.jar.sha1
[INFO]    [nexus2]  - module-a-0.0.1-sources.jar.sha256
[INFO]    [nexus2]  - module-a-0.0.1-sources.jar.sha512
[INFO]    [nexus2]  - module-a-0.0.1.jar
[INFO]    [nexus2]  - module-a-0.0.1.jar.asc
[INFO]    [nexus2]  - module-a-0.0.1.jar.md5
[INFO]    [nexus2]  - module-a-0.0.1.jar.sha1
[INFO]    [nexus2]  - module-a-0.0.1.jar.sha256
[INFO]    [nexus2]  - module-a-0.0.1.jar.sha512
[INFO]    [nexus2]  - module-a-0.0.1.pom
[INFO]    [nexus2]  - module-a-0.0.1.pom.asc
[INFO]    [nexus2]  - module-a-0.0.1.pom.md5
[INFO]    [nexus2]  - module-a-0.0.1.pom.sha1
[INFO]    [nexus2]  - module-a-0.0.1.pom.sha256
[INFO]    [nexus2]  - module-a-0.0.1.pom.sha512
[INFO]  Uploading is not enabled. Skipping
[INFO]  Releasing to https://github.com/jagodevreede/jreleaser-reproducer
[INFO]   - uploading module-a-0.0.1-javadoc.jar
[INFO]   - uploading module-a-0.0.1-sources.jar
[INFO]   - uploading module-a-0.0.1.jar
[INFO]   - uploading module-a-0.0.1.pom
[INFO]   - uploading jreleaser-reproducer-0.0.1.pom
[INFO]   - uploading checksums_sha256.txt
[INFO]   - uploading module-a-0.0.1-javadoc.jar.asc
[INFO]   - uploading module-a-0.0.1-sources.jar.asc
[INFO]   - uploading module-a-0.0.1.jar.asc
[INFO]   - uploading module-a-0.0.1.pom.asc
[INFO]   - uploading jreleaser-reproducer-0.0.1.pom.asc
[INFO]   - uploading checksums_sha256.txt.asc
[INFO]  Announcing release
[INFO]  Announcing is not enabled. Skipping
[INFO]  Writing output properties to out/jreleaser/output.properties
[INFO]  JReleaser succeeded after 2.718 s

@jagodevreede
Copy link
Author

hmm now it gets more interesting, I am still able to reproduce it with the latest snapshot as well:

% jbang jreleaser-snapshot@jreleaser --version                                                                                                  (mavenCentral|…2) Java 17
------------------------------------------------------------
jreleaser 1.4.0-SNAPSHOT
------------------------------------------------------------
Build time:   2022-12-19 12:34:05-06:00
Revision:     9f7bfe8a195acd02930ab8f89ac984d0cfcecce5
JVM:          17.0.4 (GraalVM Community 17.0.4+8-jvmci-22.2-b06)
------------------------------------------------------------

outputs:

[INFO]  JReleaser 1.4.0-SNAPSHOT
[INFO]  Configuring with jreleaser.yml
[INFO]    - basedir set to /Users/jagodevreede/git/jreleaser-reproducer
[INFO]    - outputdir set to /Users/jagodevreede/git/jreleaser-reproducer/out/jreleaser
[INFO]  Reading configuration
[INFO]  git-root-search set to false
[INFO]  Loading variables from /Users/jagodevreede/.jreleaser/config.properties
[INFO]  Validating configuration
[INFO]  Strict mode set to false
[INFO]  Project version set to 0.0.1
[INFO]  Release is not snapshot
[INFO]  Timestamp is 2022-12-19T20:42:45.076828+01:00
[INFO]  HEAD is at 4ea80ef
[INFO]  Platform is osx-x86_64
[INFO]  dry-run set to true
[INFO]  Generating changelog
[INFO]  Storing changelog: out/jreleaser/release/CHANGELOG.md
[INFO]  Calculating checksums
[INFO]    [checksum] target/staging-deploy/io/github/jagodevreede/module-a/0.0.1/module-a-0.0.1-javadoc.jar.sha256
[INFO]    [checksum] target/staging-deploy/io/github/jagodevreede/module-a/0.0.1/module-a-0.0.1-sources.jar.sha256
[INFO]    [checksum] target/staging-deploy/io/github/jagodevreede/module-a/0.0.1/module-a-0.0.1.jar.sha256
[INFO]    [checksum] target/staging-deploy/io/github/jagodevreede/module-a/0.0.1/module-a-0.0.1.pom.sha256
[INFO]    [checksum] target/staging-deploy/io/github/jagodevreede/jreleaser-reproducer/0.0.1/jreleaser-reproducer-0.0.1.pom.sha256
[INFO]  Signing files
[INFO]    [sign] target/staging-deploy/io/github/jagodevreede/module-a/0.0.1/module-a-0.0.1-javadoc.jar
[INFO]    [sign] target/staging-deploy/io/github/jagodevreede/module-a/0.0.1/module-a-0.0.1-sources.jar
[INFO]    [sign] target/staging-deploy/io/github/jagodevreede/module-a/0.0.1/module-a-0.0.1.jar
[INFO]    [sign] target/staging-deploy/io/github/jagodevreede/module-a/0.0.1/module-a-0.0.1.pom
[INFO]    [sign] target/staging-deploy/io/github/jagodevreede/jreleaser-reproducer/0.0.1/jreleaser-reproducer-0.0.1.pom
[INFO]    [sign] out/jreleaser/checksums/checksums_sha256.txt
[INFO]  Deploying all staged artifacts
[INFO]    [nexus2] Deploying to maven-central
[INFO]    [nexus2]  - jreleaser-reproducer-0.0.1.pom
[INFO]    [nexus2]  - jreleaser-reproducer-0.0.1.pom.md5
[INFO]    [nexus2]  - jreleaser-reproducer-0.0.1.pom.sha1
[INFO]    [nexus2]  - jreleaser-reproducer-0.0.1.pom.sha256
[INFO]    [nexus2]  - jreleaser-reproducer-0.0.1.pom.sha512
[INFO]    [nexus2]  - module-a-0.0.1-javadoc.jar
[INFO]    [nexus2]  - module-a-0.0.1-javadoc.jar.md5
[INFO]    [nexus2]  - module-a-0.0.1-javadoc.jar.sha1
[INFO]    [nexus2]  - module-a-0.0.1-javadoc.jar.sha256
[INFO]    [nexus2]  - module-a-0.0.1-javadoc.jar.sha512
[INFO]    [nexus2]  - module-a-0.0.1-sources.jar
[INFO]    [nexus2]  - module-a-0.0.1-sources.jar.md5
[INFO]    [nexus2]  - module-a-0.0.1-sources.jar.sha1
[INFO]    [nexus2]  - module-a-0.0.1-sources.jar.sha256
[INFO]    [nexus2]  - module-a-0.0.1-sources.jar.sha512
[INFO]    [nexus2]  - module-a-0.0.1.jar
[INFO]    [nexus2]  - module-a-0.0.1.jar.md5
[INFO]    [nexus2]  - module-a-0.0.1.jar.sha1
[INFO]    [nexus2]  - module-a-0.0.1.jar.sha256
[INFO]    [nexus2]  - module-a-0.0.1.jar.sha512
[INFO]    [nexus2]  - module-a-0.0.1.pom
[INFO]    [nexus2]  - module-a-0.0.1.pom.md5
[INFO]    [nexus2]  - module-a-0.0.1.pom.sha1
[INFO]    [nexus2]  - module-a-0.0.1.pom.sha256
[INFO]    [nexus2]  - module-a-0.0.1.pom.sha512
[INFO]  Uploading is not enabled. Skipping
[INFO]  Releasing to https://github.com/jagodevreede/jreleaser-reproducer
[INFO]   - uploading module-a-0.0.1-javadoc.jar
[INFO]   - uploading module-a-0.0.1-sources.jar
[INFO]   - uploading module-a-0.0.1.jar
[INFO]   - uploading module-a-0.0.1.pom
[INFO]   - uploading jreleaser-reproducer-0.0.1.pom
[INFO]   - uploading checksums_sha256.txt
[INFO]   - uploading module-a-0.0.1-javadoc.jar.asc
[INFO]   - uploading module-a-0.0.1-sources.jar.asc
[INFO]   - uploading module-a-0.0.1.jar.asc
[INFO]   - uploading module-a-0.0.1.pom.asc
[INFO]   - uploading jreleaser-reproducer-0.0.1.pom.asc
[INFO]   - uploading checksums_sha256.txt.asc
[INFO]  Announcing release
[INFO]  Announcing is not enabled. Skipping
[INFO]  Writing output properties to out/jreleaser/output.properties
[INFO]  JReleaser succeeded after 2,105 s

as you can see the [nexus2] logs never mention a .asc file.... (I can also reproduce this in a github action)

@aalmiray
Copy link
Member

Well this is odd as signatures are definitely needed by Maven Central. Have you looked inside out/jreleaser/trace.log? This file contains much more information and could probably help us pinpoint the source of the problem.

@jagodevreede
Copy link
Author

I can't see something immediately wrong but maybe you can?
trace.log

@aalmiray
Copy link
Member

Wait, I see it. You have explicitly deactivated the use of maven rules:

https://github.com/jagodevreede/jreleaser-reproducer/blob/4ea80ef5a3c11dd33bdec776451027695a185ad4/jreleaser.yml#L25-L35

While the example shown at https://jreleaser.org/guide/latest/examples/maven/maven-central.html does not deactivate them. Maven rules are implicitly activated when the url matches "*.sonatype.org" unless they are explicitly deactivated as it is done in the reproducer project.

@jagodevreede
Copy link
Author

Ahh that was it! 😄 I was running into issue #1117 so I had to disable it, but with the snapshot of jreleaser it works. It even works for my "real" project 👍 (with the 1.4.0-SNAPSHOT)

@jagodevreede jagodevreede closed this as not planned Won't fix, can't repro, duplicate, stale Dec 19, 2022
@aalmiray aalmiray added the invalid This doesn't seem right label Dec 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working invalid This doesn't seem right
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aalmiray @jagodevreede