Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adopt GHA Scala Library Release Workflow & use Sonatype token rather than password #90

Merged
merged 4 commits into from
Jun 26, 2024

Conversation

rhystmills
Copy link
Contributor

@rhystmills rhystmills commented Jun 25, 2024

Co-authored with @rtyley

What does this change?

Our release recently failed due to a change in authentication for Sonatype.

This PR fixes the release process while moving from changesets to gha-scala-library-release-workflow, which is our preferred method for releasing Scala library versions.

@rhystmills rhystmills requested review from a team as code owners June 25, 2024 15:03
Copy link

changeset-bot bot commented Jun 25, 2024

⚠️ No Changeset found

Latest commit: 36f0bd9

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@rtyley
Copy link
Member

rtyley commented Jun 25, 2024

This is definitely moving in the right direction - just to point out, two things are changing in this PR:

  1. We're switching over to token authentication - and we have to do that, as noted in Sonatype release API auth now requires API token, rejects Nexus UI username & password gha-scala-library-release-workflow#39
  2. This repo is switching from using its own credentials (ie SONATYPE_PASSWORD in https://github.com/guardian/apps-rendering-api-models/settings/secrets/actions) to the shared ones used by the whole organisation (ie AUTOMATED_MAVEN_RELEASE_SONATYPE_TOKEN at https://github.com/organizations/guardian/settings/secrets/actions)
    image

Note that gha-scala-library-release-workflow was created specifically to achieve a higher level of security, and keep those shared credentials safe. This repo (apps-rendering-api-models) isn't using gha-scala-library-release-workflow at the moment.

I suggest that this repo should switch to using gha-scala-library-release-workflow, rather than the changesets approach! The process can work well with releasing both NPM & Scala artifacts, as in these example PRs:

@rtyley rtyley changed the title Use Sonatype token rather than password, to fix release workflow Adopt GHA Scala Library Release Workflow & use Sonatype token rather than password Jun 26, 2024
Copy link
Member

@rtyley rtyley left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, we can only really try this out by merging and trying to do a release.

@rhystmills rhystmills merged commit a20265f into main Jun 26, 2024
1 check passed
@rhystmills rhystmills deleted the fix-release-workflow branch June 26, 2024 09:31
@rtyley
Copy link
Member

rtyley commented Jun 26, 2024

We needed a couple of fix-ups to get this working (#91 & #92) but we've now successfully released v10.0.0, which was a simultaneous release for NPM & Scala 👍

NPM

image

We can see that the produced number of files and total filesize is similar for both our new release and the previous 9.0.0 release:

https://www.npmjs.com/package/@guardian/apps-rendering-api-models/v/10.0.0
image

https://www.npmjs.com/package/@guardian/apps-rendering-api-models/v/9.0.0
image

Scala

https://index.scala-lang.org/guardian/apps-rendering-api-models/artifacts/apps-rendering-api-models
image

rtyley added a commit that referenced this pull request Jun 26, 2024
Two changes:

* A new 'Release' badge, linking straight to the Release workflow added in #90 - a quick way to get to the place where you can make a release, and a status indicator showing if the last release failed.
* Update the NPm badge to link to the project on npmjs.com, which is always convenient when debugging builds
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants