- Every release master (person allowed to manage releases), should do following:
1.1. Generate GPG pair for signing releases (please use password protection!)
See Guide 1
also Guide 2 1.2 Publish key on public servers viagpg2 --keyserver hkp://pool.sks-keyservers.net --send-keys <KEYID>1.3. Register sonatype account - The same operations (sonatype account and published GPG identity) should be done for CI bot (please create password-protected key, as suggested by default)
- Create a New Project ticket, requesting new project/namespace to be created. Mention all release masters and CI bot in a list of collaborators.
- For CI bot, generate travis-compatible version of the GPG key (use gpg2 to export ascii-armored secret key into the file first) :
cat secret_key.ascii.gpg | python bin/multiline_input_to_travis_env.py > /tmp/travis_compatible_env_value.txt - At least one account on https://hub.docker.com is needed, which credentials will be used to avoid hitting limits for anonymous docker pulls, often exceeded by Travis servers. It is recommended to use separate CI robot account for security purposes, as credentials would be stored (encrypted) on Travis side.
Following environment variables need to be configured on a repository level:
DOCKERHUB_USERNAME(visible) – any Docker Hub account, preferably CI bot’s.DOCKERHUB_PASSWORD(secret)ORG_GRADLE_PROJECT_ossrhUsername(visible) – Sonatype username for CI botORG_GRADLE_PROJECT_ossrhPassword(secret)ORG_GRADLE_PROJECT_signingKey(secret) – the exact contents of CI bot’s GPG key in a form suitable for Travis environment ( content of/tmp/travis_compatible_env_value.txt, generated above)ORG_GRADLE_PROJECT_signingPassword(secret) -- passphrase for bot's GPG keyORG_GRADLE_PROJECT_publishGroupId(optional, visible) – if releasing to the Maven namespace different from defaultcom.appland
Export variable TRAVIS_BUILD setting its value to the desired version number
(or change hardcoded defaultVersion in a build.gradle) .
Export all variables listed in Travis configuration section except
DOCKERHUB_USERNAME, DOCKERHUB_PASSWORD.
For the variable ORG_GRADLE_PROJECT_signingKey use actual multiline key body
(depending on your environment, setting up multiline variables could be
challenging or not) .
Following bash expression could be used to set up multiline variable in bash:
export ORG_GRADLE_PROJECT_signingKey=<EXACT CONTENT OF /tmp/travis_compatible_env_value.txt>
Also, every variable which name starts with ORG_GRADLE_PROJECT_<varname>
could be instead configured as gradle setting <varname> (prefix stripped)
If you omit ossrhUsername setting, publishing would be done locally into
directory buid/repo
If you omit sighingKey setting, signatures won’t be generated
The default artifact name base (appmap-agent) could be changed
via variable ORG_GRADLE_PROJECT_publishArtifactId
semantic-release invoked by Travis on master branch,
triggers publishing task as a hook defined in .releaserc.yml
Since April 2021 we're using Gradle Nexus Publish plugin,
old ./gradlew publish command is deprecated
and likely won't work in "local filesystem" mode any more
(not tested and not needed).
Nexus Publishing plugin takes care not only of uploading artifacts
(like previously used maven-publish plugin does)
but also automates
the procedures of "closing" and "releasing" repository in OSSRH
./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository
(triggered by semantic-release, most complete flow)
or
./gradlew publishToSonatype closeReleaseSonatypeStagingRepository
(more conservative, skips the step of pushing to Maven Central)
- BUG? Javadoc is intentionally empty due to errors in javadoc generation.