-
-
Notifications
You must be signed in to change notification settings - Fork 102
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Publishing to Maven Central example is incorrect #1118
Comments
Can not reproduce with latest snapshot $ jreleaser -V
------------------------------------------------------------
jreleaser 1.4.0-SNAPSHOT
------------------------------------------------------------
Build time: 2022-12-17 14:14:29-06:00
Revision: 66360a26addf8872040bf3570f42da5e963111b2
JVM: 11.0.17 (Azul Systems, Inc. 11.0.17+8-LTS)
------------------------------------------------------------ I get the following output when running $ jreleaser full-release --dry-run
[INFO] JReleaser 1.4.0-SNAPSHOT
[INFO] Configuring with jreleaser.yml
[INFO] - basedir set to /private/tmp/jreleaser-reproducer
[INFO] - outputdir set to /private/tmp/jreleaser-reproducer/out/jreleaser
[INFO] Reading configuration
[INFO] git-root-search set to false
[INFO] Loading variables from /Users/aalmiray/.jreleaser/config.toml
[INFO] Validating configuration
[INFO] Strict mode set to false
[INFO] Project version set to 0.0.1
[INFO] Release is not snapshot
[INFO] Timestamp is 2022-12-18T15:06:51.596152-06:00
[INFO] HEAD is at 4ea80ef
[INFO] Platform is osx-x86_64
[INFO] dry-run set to true
[INFO] Generating changelog
[INFO] Storing changelog: out/jreleaser/release/CHANGELOG.md
[INFO] Calculating checksums
[INFO] [checksum] target/staging-deploy/io/github/jagodevreede/module-a/0.0.1/module-a-0.0.1-javadoc.jar.sha256
[INFO] [checksum] target/staging-deploy/io/github/jagodevreede/module-a/0.0.1/module-a-0.0.1-sources.jar.sha256
[INFO] [checksum] target/staging-deploy/io/github/jagodevreede/module-a/0.0.1/module-a-0.0.1.jar.sha256
[INFO] [checksum] target/staging-deploy/io/github/jagodevreede/module-a/0.0.1/module-a-0.0.1.pom.sha256
[INFO] [checksum] target/staging-deploy/io/github/jagodevreede/jreleaser-reproducer/0.0.1/jreleaser-reproducer-0.0.1.pom.sha256
[INFO] Signing files
[INFO] [sign] target/staging-deploy/io/github/jagodevreede/module-a/0.0.1/module-a-0.0.1-javadoc.jar
[INFO] [sign] target/staging-deploy/io/github/jagodevreede/module-a/0.0.1/module-a-0.0.1-sources.jar
[INFO] [sign] target/staging-deploy/io/github/jagodevreede/module-a/0.0.1/module-a-0.0.1.jar
[INFO] [sign] target/staging-deploy/io/github/jagodevreede/module-a/0.0.1/module-a-0.0.1.pom
[INFO] [sign] target/staging-deploy/io/github/jagodevreede/jreleaser-reproducer/0.0.1/jreleaser-reproducer-0.0.1.pom
[INFO] [sign] out/jreleaser/checksums/checksums_sha256.txt
[INFO] Deploying all staged artifacts
[INFO] [nexus2] Deploying to maven-central
[INFO] [nexus2] - jreleaser-reproducer-0.0.1.pom
[INFO] [nexus2] - jreleaser-reproducer-0.0.1.pom.asc
[INFO] [nexus2] - jreleaser-reproducer-0.0.1.pom.md5
[INFO] [nexus2] - jreleaser-reproducer-0.0.1.pom.sha1
[INFO] [nexus2] - jreleaser-reproducer-0.0.1.pom.sha256
[INFO] [nexus2] - jreleaser-reproducer-0.0.1.pom.sha512
[INFO] [nexus2] - module-a-0.0.1-javadoc.jar
[INFO] [nexus2] - module-a-0.0.1-javadoc.jar.asc
[INFO] [nexus2] - module-a-0.0.1-javadoc.jar.md5
[INFO] [nexus2] - module-a-0.0.1-javadoc.jar.sha1
[INFO] [nexus2] - module-a-0.0.1-javadoc.jar.sha256
[INFO] [nexus2] - module-a-0.0.1-javadoc.jar.sha512
[INFO] [nexus2] - module-a-0.0.1-sources.jar
[INFO] [nexus2] - module-a-0.0.1-sources.jar.asc
[INFO] [nexus2] - module-a-0.0.1-sources.jar.md5
[INFO] [nexus2] - module-a-0.0.1-sources.jar.sha1
[INFO] [nexus2] - module-a-0.0.1-sources.jar.sha256
[INFO] [nexus2] - module-a-0.0.1-sources.jar.sha512
[INFO] [nexus2] - module-a-0.0.1.jar
[INFO] [nexus2] - module-a-0.0.1.jar.asc
[INFO] [nexus2] - module-a-0.0.1.jar.md5
[INFO] [nexus2] - module-a-0.0.1.jar.sha1
[INFO] [nexus2] - module-a-0.0.1.jar.sha256
[INFO] [nexus2] - module-a-0.0.1.jar.sha512
[INFO] [nexus2] - module-a-0.0.1.pom
[INFO] [nexus2] - module-a-0.0.1.pom.asc
[INFO] [nexus2] - module-a-0.0.1.pom.md5
[INFO] [nexus2] - module-a-0.0.1.pom.sha1
[INFO] [nexus2] - module-a-0.0.1.pom.sha256
[INFO] [nexus2] - module-a-0.0.1.pom.sha512
[INFO] Uploading is not enabled. Skipping
[INFO] Releasing to https://github.com/jagodevreede/jreleaser-reproducer
[INFO] - uploading module-a-0.0.1-javadoc.jar
[INFO] - uploading module-a-0.0.1-sources.jar
[INFO] - uploading module-a-0.0.1.jar
[INFO] - uploading module-a-0.0.1.pom
[INFO] - uploading jreleaser-reproducer-0.0.1.pom
[INFO] - uploading checksums_sha256.txt
[INFO] - uploading module-a-0.0.1-javadoc.jar.asc
[INFO] - uploading module-a-0.0.1-sources.jar.asc
[INFO] - uploading module-a-0.0.1.jar.asc
[INFO] - uploading module-a-0.0.1.pom.asc
[INFO] - uploading jreleaser-reproducer-0.0.1.pom.asc
[INFO] - uploading checksums_sha256.txt.asc
[INFO] Announcing release
[INFO] Announcing is not enabled. Skipping
[INFO] Writing output properties to out/jreleaser/output.properties
[INFO] JReleaser succeeded after 2.718 s |
hmm now it gets more interesting, I am still able to reproduce it with the latest snapshot as well:
outputs:
as you can see the [nexus2] logs never mention a |
Well this is odd as signatures are definitely needed by Maven Central. Have you looked inside |
I can't see something immediately wrong but maybe you can? |
Wait, I see it. You have explicitly deactivated the use of maven rules: While the example shown at https://jreleaser.org/guide/latest/examples/maven/maven-central.html does not deactivate them. Maven rules are implicitly activated when the url matches "*.sonatype.org" unless they are explicitly deactivated as it is done in the reproducer project. |
Ahh that was it! 😄 I was running into issue #1117 so I had to disable it, but with the snapshot of jreleaser it works. It even works for my "real" project 👍 (with the 1.4.0-SNAPSHOT) |
Task List
Description
The example at https://jreleaser.org/guide/latest/examples/maven/maven-central.html will result in a failed release (at nexus). With a failed step:
Event: Failed: Signature Validation
This is because jreleaser does not upload the signed files*.asc
to nexus.Steps to Reproduce
mvn -Ppublication deploy -DaltDeploymentRepository=local::file:./target/staging-deploy
as per example: https://jreleaser.org/guide/latest/examples/maven/staging-artifacts.htmljreleaser full-release --dry-run
Expected Behaviour
That all files in the staging-deploy are uploaded but also the signed files
Actual Behaviour
Log:
Environment Information
There is no stacktrace from
[out|build|target]/jreleaser/trace.log
.The text was updated successfully, but these errors were encountered: