Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Attempting to publish to Sonatype staging fails to produce checksums #718

Open
dblock opened this issue Oct 6, 2021 · 0 comments
Open

Attempting to publish to Sonatype staging fails to produce checksums #718

dblock opened this issue Oct 6, 2021 · 0 comments

Comments

@dblock
Copy link

dblock commented Oct 6, 2021
edited
Loading

Not sure this is a shadow problem, but would really appreciate some help.

Coming from https://github.com/opensearch-project/common-utils

We used to publish a component to Sonatype Staging, and in build.gradle had the following:

publishing {
    publications {
        shadow(MavenPublication) {
            project.shadow.component(it)
            ...
        }
    }
    repositories {
        maven {
            name = "sonatype-staging"
        }
    }
    signing {
        required { gradle.taskGraph.hasTask("publishShadowPublicationToSonatype-stagingRepository") }
        sign publishing.publications.shadow
    }
}

That worked well by invoking gradle publishShadowPublicationToSonatype-stagingRepository.

Since then our process needed to change by assembling a combined build out of several repositories from source, and instead of common-utils publishing to Sonatype staging we did common-utils -> mavenLocal -> Sonatype Staging via this script. As a result, we no longer see .md5 and .sha1 checksums in Sonatype staging, and that fails Sonatype checks to promote to maven central.

My initial reaction was to figure out how to generate those checksums during publishToMavenLocal. There's a similar unanswered SO, too. Looking at this code.

The solution I found was:

tasks.withType(Jar) { task ->
    task.doLast {
        ant.checksum algorithm: 'md5', file: it.archivePath
        ant.checksum algorithm: 'sha1', file: it.archivePath
        ant.checksum algorithm: 'sha-256', file: it.archivePath, fileext: '.sha256'
        ant.checksum algorithm: 'sha-512', file: it.archivePath, fileext: '.sha512'
    }
}

Invoking gradle publishShadowPublicationToMavenLocal generated the .md5 and .sha1 files.

  1. Shouldn't shadow be automatically always creating signatures as it seems to claim in the docs?
  2. Is there a way to patch publishToMavenLocal to include these signatures?
  3. Should shadow be doing (2).
  4. Is this the best way to achieve this?

Shadow Version

7.1.0

Gradle Version

6.4

Expected Behavior

Expecting shadow publish to always include .md5 and .sha1 checksums.

Actual Behavior

Only publishes .pom, .xml, .jar.

Gradle Build Script(s)

https://github.com/opensearch-project/common-utils/blob/main/build.gradle
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dblock