Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sonatype and Javadoc snapshots both failing since recently #1832

Closed
cpovirk opened this issue Sep 9, 2024 · 6 comments
Closed

Sonatype and Javadoc snapshots both failing since recently #1832

cpovirk opened this issue Sep 9, 2024 · 6 comments
Assignees
@eamonnmcmanus
Labels
P2

Comments

@cpovirk
Copy link
Member

cpovirk commented Sep 9, 2024
edited
Loading

Sonatype

Failed to deploy artifacts: Could not transfer artifact com.google.auto:auto-common:jar:HEAD-20240816.234909-593 from/to sonatype-nexus-snapshots (https://oss.sonatype.org/content/repositories/snapshots/): authentication failed for https://oss.sonatype.org/content/repositories/snapshots/com/google/auto/auto-common/HEAD-SNAPSHOT/auto-common-HEAD-20240816.234909-593.jar, status: 401 Content access is protected by token

That appears to have started with 98c8ec7, but I assume it's a result of some credentials expiring or being regenerated or having access cut off. I reported a similar problem recently with Guava as internal bug 360518509, and it turned out to be simple to fix

I'm going to try looking up my Sonatype User Token and plugging it into our repository secrets. I don't know if the old one (last updated Aug 31, 2021) expired or what.

[edit: But note that I've sometimes had to refresh after logging in in order to see the menu option to show my User Token.]

Javadoc

mv: cannot stat '/home/runner/work/auto/auto/target/site/apidocs': No such file or directory

(Or at least I'm guessing that that's the problem.)

That appears to have started with either 8a9bd4f or a161323. It's hard to be sure which because the submission of the one cancelled the CI for the other.
@cgdecker cgdecker added the P2 label Sep 17, 2024
@cpovirk cpovirk mentioned this issue Oct 1, 2024
Closed
@cpovirk
Copy link
Member Author

cpovirk commented Oct 1, 2024

I updated the Auto Sonatype secret to use my user token after doing the same for Truth. It was kind of a pain, but I think it's done.

That leaves only Javadoc. I may report progress on a similar problem with Truth for that, too.

@cpovirk
Copy link
Member Author

cpovirk commented Oct 1, 2024

I have a fix out for the Truth Javadoc problem, and it looks like the same fix will work here.

@cpovirk cpovirk self-assigned this Oct 1, 2024
copybara-service bot pushed a commit that referenced this issue Oct 2, 2024
@cpovirk
Update path to apidocs for the change in... some plugin or other?
ae89c14 
(In the case of the similar problem for _Truth_, the problem was `maven-javadoc-plugin-3.10.0`. But the _Auto_ problem doesn't appear to have started with such an upgrade, so _shrug_.)

This should fix Javadoc snapshots.

Fixes ttps://github.com//issues/1832

RELNOTES=n/a
PiperOrigin-RevId: 681054579
@copybara-service copybara-service bot mentioned this issue Oct 2, 2024
Closed
copybara-service bot pushed a commit that referenced this issue Oct 2, 2024
@cpovirk
Update path to apidocs for the change in... some plugin or other?
d6db8f8 
(In the case of the similar problem for _Truth_, the problem was `maven-javadoc-plugin-3.10.0`. But the _Auto_ problem doesn't appear to have started with such an upgrade, so _shrug_.)

This should fix Javadoc snapshots.

Fixes ttps://github.com//issues/1832

RELNOTES=n/a
PiperOrigin-RevId: 681477620
@cpovirk
Copy link
Member Author

cpovirk commented Oct 3, 2024

Javadoc is fixed.

Sonatype snapshots are not fixed. I assume that I don't personally have the necessary permissions to publish for auto. We'll need someone who does have permissions to follow the instructions above.

@cpovirk cpovirk assigned eamonnmcmanus and unassigned cpovirk Oct 3, 2024
@cpovirk
Copy link
Member Author

cpovirk commented Oct 3, 2024
edited
Loading

In short, we need a username and password in https://github.com/google/auto/settings/secrets/actions that come from a Sonatype owner's User Token (rather than a "plain" username and password). There's a chance that those are already in your .m2/settings.xml, or you can get them by following https://central.sonatype.org/publish/generate-token/. [edit: But see my warning about about possibly having to refresh the page.] (And then put them in your .m2/settings.xml while you have them handy, since you'll likely need them for publishing "real" releases in the future.)

@eamonnmcmanus
Copy link
Member

Thanks for the detailed instructions! I've done that, and it looks like the Publish Snapshot action is working now.

@cpovirk
Copy link
Member Author

cpovirk commented Oct 3, 2024

Oh, nice, I'd forgotten that you can manually trigger reruns!

copybara-service bot pushed a commit to google/guava that referenced this issue Jan 2, 2025
@cpovirk
Specify versions for plugins.
90375fa 
I'm getting the impression that Maven, rather than having some kind of default like "Maven 3.9.9 uses `maven-install-plugin:3.1.3`," actually just downloads the newest version of every plugin without a specified version. If so, that is making our builds non-hermetic, and I wonder if that sort of behavior could explain why I wasn't sure what change on our part could have caused google/auto#1832 (and _maybe_ even misdiagnosed google/truth#1343, though I haven't investigated any of this).

Anyway, I noticed this because of:

```
Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-install-plugin/maven-metadata.xml
Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-install-plugin/maven-metadata.xml (895 B at 2.1 kB/s)
[WARNING] Ignoring incompatible plugin version 4.0.0-beta-1: The plugin org.apache.maven.plugins:maven-install-plugin:4.0.0-beta-1 requires Maven version 4.0.0-beta-3
[INFO] Latest version of plugin org.apache.maven.plugins:maven-install-plugin failed compatibility check
[INFO] Looking for compatible RELEASE version of plugin org.apache.maven.plugins:maven-install-plugin
[INFO] Selected plugin org.apache.maven.plugins:maven-install-plugin:3.1.3
Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-deploy-plugin/maven-metadata.xml
Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-deploy-plugin/maven-metadata.xml (984 B at 89 kB/s)
[WARNING] Ignoring incompatible plugin version 4.0.0-beta-1: The plugin org.apache.maven.plugins:maven-deploy-plugin:4.0.0-beta-1 requires Maven version 4.0.0-beta-3
[INFO] Latest version of plugin org.apache.maven.plugins:maven-deploy-plugin failed compatibility check
[INFO] Looking for compatible RELEASE version of plugin org.apache.maven.plugins:maven-deploy-plugin
[INFO] Selected plugin org.apache.maven.plugins:maven-deploy-plugin:3.1.3
```

RELNOTES=n/a
PiperOrigin-RevId: 711420356
@copybara-service copybara-service bot mentioned this issue Jan 2, 2025
Merged
copybara-service bot pushed a commit to google/guava that referenced this issue Jan 2, 2025
@cpovirk
Specify versions for plugins.
c146772 
I'm getting the impression that Maven, rather than having some kind of default like "Maven 3.9.9 uses `maven-install-plugin:3.1.3`," actually just downloads the newest version of every plugin without a specified version. If so, that is making our builds non-hermetic, and I wonder if that sort of behavior could explain why I wasn't sure what change on our part could have caused google/auto#1832 (and _maybe_ even misdiagnosed google/truth#1343, though I haven't investigated any of this).

Anyway, I noticed this because of:

```
Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-install-plugin/maven-metadata.xml
Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-install-plugin/maven-metadata.xml (895 B at 2.1 kB/s)
[WARNING] Ignoring incompatible plugin version 4.0.0-beta-1: The plugin org.apache.maven.plugins:maven-install-plugin:4.0.0-beta-1 requires Maven version 4.0.0-beta-3
[INFO] Latest version of plugin org.apache.maven.plugins:maven-install-plugin failed compatibility check
[INFO] Looking for compatible RELEASE version of plugin org.apache.maven.plugins:maven-install-plugin
[INFO] Selected plugin org.apache.maven.plugins:maven-install-plugin:3.1.3
Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-deploy-plugin/maven-metadata.xml
Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-deploy-plugin/maven-metadata.xml (984 B at 89 kB/s)
[WARNING] Ignoring incompatible plugin version 4.0.0-beta-1: The plugin org.apache.maven.plugins:maven-deploy-plugin:4.0.0-beta-1 requires Maven version 4.0.0-beta-3
[INFO] Latest version of plugin org.apache.maven.plugins:maven-deploy-plugin failed compatibility check
[INFO] Looking for compatible RELEASE version of plugin org.apache.maven.plugins:maven-deploy-plugin
[INFO] Selected plugin org.apache.maven.plugins:maven-deploy-plugin:3.1.3
```

RELNOTES=n/a
PiperOrigin-RevId: 711438220
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@eamonnmcmanus eamonnmcmanus

Labels
P2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cgdecker @cpovirk @eamonnmcmanus