Skip to content

Commit 694e471

Browse files
sebersolebeikov
authored andcommitted
1 parent 6bbf93b commit 694e471

File tree

4 files changed

+118
-196
lines changed

4 files changed

+118
-196
lines changed

build.gradle

Lines changed: 6 additions & 47 deletions
Original file line numberDiff line numberDiff line change
@@ -42,77 +42,36 @@ apply from: file( 'gradle/module.gradle' )
4242
// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
4343
// Release Task
4444

45-
task release {
45+
tasks.register('release') {
4646
description = "The task performed when we are performing a release build. Relies on " +
4747
"the fact that subprojects will appropriately define a release task " +
4848
"themselves if they have any release-related activities to perform"
4949

5050
doFirst {
5151
def javaVersionsInUse = jdkVersions.allVersions
52-
if ( javaVersionsInUse != [JavaLanguageVersion.of( 11 )].toSet() ) {
53-
throw new IllegalStateException( "Please use JDK 11 to perform the release. Currently using: ${javaVersionsInUse}" )
52+
if (javaVersionsInUse != [JavaLanguageVersion.of(11)].toSet()) {
53+
throw new IllegalStateException("Please use JDK 11 to perform the release. Currently using: ${javaVersionsInUse}")
5454
}
5555
}
5656
}
5757

58-
task publish {
58+
tasks.register('publish') {
5959
description = "The task performed when we want to just publish maven artifacts. Relies on " +
6060
"the fact that subprojects will appropriately define a release task " +
6161
"themselves if they have any publish-related activities to perform"
6262
}
6363

64-
ext {
65-
if ( project.hasProperty( 'hibernatePublishUsername' ) ) {
66-
if ( ! project.hasProperty( 'hibernatePublishPassword' ) ) {
67-
throw new GradleException( "Should specify both `hibernatePublishUsername` and `hibernatePublishPassword` as project properties" );
68-
}
69-
}
70-
}
71-
7264
nexusPublishing {
7365
repositories {
74-
sonatype {
75-
username = project.hasProperty( 'hibernatePublishUsername' ) ? project.property( 'hibernatePublishUsername' ) : null
76-
password = project.hasProperty( 'hibernatePublishPassword' ) ? project.property( 'hibernatePublishPassword' ) : null
77-
}
66+
sonatype
7867
}
7968
}
8069

81-
gradle.taskGraph.addTaskExecutionGraphListener(
82-
new TaskExecutionGraphListener() {
83-
@Override
84-
void graphPopulated(TaskExecutionGraph graph) {
85-
String[] tasksToLookFor = [
86-
'publish',
87-
'publishToSonatype',
88-
'publishAllPublicationsToSonatype',
89-
'publishPublishedArtifactsPublicationToSonatypeRepository',
90-
'publishRelocationArtifactsPublicationToSonatypeRepository',
91-
]
92-
93-
for ( String taskToLookFor : tasksToLookFor ) {
94-
if ( graph.hasTask( taskToLookFor ) ) {
95-
// trying to publish - make sure the needed credentials are available
96-
97-
if ( project.property( 'hibernatePublishUsername' ) == null ) {
98-
throw new RuntimeException( "`-PhibernatePublishUsername=...` not found" )
99-
}
100-
if ( project.property( 'hibernatePublishPassword' ) == null ) {
101-
throw new RuntimeException( "`-PhibernatePublishPassword=...` not found" )
102-
}
103-
104-
break;
105-
}
106-
}
107-
}
108-
}
109-
)
110-
11170

11271
// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
11372
// CI Build Task
11473

115-
task ciBuild {
74+
tasks.register('ciBuild') {
11675
description = "The task performed when one of the 'main' jobs are triggered on the " +
11776
"CI server. Just as above, relies on the fact that subprojects will " +
11877
"appropriately define a release task themselves if they have any tasks " +

ci/release/Jenkinsfile

Lines changed: 22 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,10 @@ pipeline {
5757
stage('Release check') {
5858
steps {
5959
script {
60+
print "INFO: params.RELEASE_VERSION = ${params.RELEASE_VERSION}"
61+
print "INFO: params.DEVELOPMENT_VERSION = ${params.DEVELOPMENT_VERSION}"
62+
print "INFO: params.RELEASE_DRY_RUN? = ${params.RELEASE_DRY_RUN}"
63+
6064
// Avoid doing a release for commits from a release
6165
def lastCommitter = sh(script: 'git show -s --format=\'%an\'', returnStdout: true).trim()
6266
def secondLastCommitter = sh(script: 'git show -s --format=\'%an\' HEAD~1', returnStdout: true).trim()
@@ -124,25 +128,18 @@ pipeline {
124128
checkout scmGit(branches: [[name: '*/main']], extensions: [], userRemoteConfigs: [[credentialsId: 'ed25519.Hibernate-CI.github.com', url: 'https://github.com/hibernate/hibernate-release-scripts.git']])
125129
}
126130
configFileProvider([configFile(fileId: 'release.config.ssh', targetLocation: "${env.HOME}/.ssh/config"), configFile(fileId: 'release.config.ssh.knownhosts', targetLocation: "${env.HOME}/.ssh/known_hosts")]) {
127-
withCredentials([
128-
usernamePassword(credentialsId: 'ossrh.sonatype.org', passwordVariable: 'OSSRH_PASSWORD', usernameVariable: 'OSSRH_USER'),
129-
usernamePassword(credentialsId: 'gradle-plugin-portal-api-key', passwordVariable: 'PLUGIN_PORTAL_PASSWORD', usernameVariable: 'PLUGIN_PORTAL_USERNAME'),
130-
file(credentialsId: 'release.gpg.private-key', variable: 'RELEASE_GPG_PRIVATE_KEY_PATH'),
131-
string(credentialsId: 'release.gpg.passphrase', variable: 'RELEASE_GPG_PASSPHRASE')
132-
]) {
133-
sshagent(['ed25519.Hibernate-CI.github.com', 'hibernate.filemgmt.jboss.org', 'hibernate-ci.frs.sourceforge.net']) {
134-
// set release version
135-
// update changelog from JIRA
136-
// tags the version
137-
// changes the version to the provided development version
138-
withEnv([
139-
"BRANCH=${env.GIT_BRANCH}",
140-
"DISABLE_REMOTE_GRADLE_CACHE=true"
141-
]) {
142-
sh ".release/scripts/prepare-release.sh ${env.PROJECT} ${env.RELEASE_VERSION} ${env.DEVELOPMENT_VERSION}"
143-
}
144-
}
145-
}
131+
sshagent(['ed25519.Hibernate-CI.github.com', 'hibernate.filemgmt.jboss.org', 'hibernate-ci.frs.sourceforge.net']) {
132+
// set release version
133+
// update changelog from JIRA
134+
// tags the version
135+
// changes the version to the provided development version
136+
withEnv([
137+
"BRANCH=${env.GIT_BRANCH}",
138+
"DISABLE_REMOTE_GRADLE_CACHE=true"
139+
]) {
140+
sh ".release/scripts/prepare-release.sh ${env.PROJECT} ${env.RELEASE_VERSION} ${env.DEVELOPMENT_VERSION}"
141+
}
142+
}
146143
}
147144
}
148145
}
@@ -155,10 +152,12 @@ pipeline {
155152
}
156153
configFileProvider([configFile(fileId: 'release.config.ssh', targetLocation: "${env.HOME}/.ssh/config"), configFile(fileId: 'release.config.ssh.knownhosts', targetLocation: "${env.HOME}/.ssh/known_hosts")]) {
157154
withCredentials([
158-
usernamePassword(credentialsId: 'ossrh.sonatype.org', passwordVariable: 'OSSRH_PASSWORD', usernameVariable: 'OSSRH_USER'),
159-
usernamePassword(credentialsId: 'gradle-plugin-portal-api-key', passwordVariable: 'PLUGIN_PORTAL_PASSWORD', usernameVariable: 'PLUGIN_PORTAL_USERNAME'),
160-
file(credentialsId: 'release.gpg.private-key', variable: 'RELEASE_GPG_PRIVATE_KEY_PATH'),
161-
string(credentialsId: 'release.gpg.passphrase', variable: 'RELEASE_GPG_PASSPHRASE'),
155+
// https://github.com/gradle-nexus/publish-plugin#publishing-to-maven-central-via-sonatype-ossrh
156+
usernamePassword(credentialsId: 'ossrh.sonatype.org', passwordVariable: 'ORG_GRADLE_PROJECT_sonatypePassword', usernameVariable: 'ORG_GRADLE_PROJECT_sonatypeUsername'),
157+
// https://docs.gradle.org/current/userguide/publishing_gradle_plugins.html#account_setup
158+
usernamePassword(credentialsId: 'gradle-plugin-portal-api-key', passwordVariable: 'GRADLE_PUBLISH_SECRET', usernameVariable: 'GRADLE_PUBLISH_KEY'),
159+
file(credentialsId: 'release.gpg.private-key', variable: 'SIGNING_GPG_PRIVATE_KEY_PATH'),
160+
string(credentialsId: 'release.gpg.passphrase', variable: 'SIGNING_GPG_PASSPHRASE')
162161
gitUsernamePassword(credentialsId: 'username-and-token.Hibernate-CI.github.com', gitToolName: 'Default')
163162
]) {
164163
sshagent(['ed25519.Hibernate-CI.github.com', 'hibernate.filemgmt.jboss.org', 'hibernate-ci.frs.sourceforge.net']) {

gradle/published-java-module.gradle

Lines changed: 60 additions & 102 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,8 @@ dependencies {
2929
// Publishing
3030

3131
java {
32+
// Configure the Java "software component" to include javadoc and sources jars in addition to the classes jar.
33+
// Ultimately, this component is what makes up the publication for this project.
3234
withJavadocJar()
3335
withSourcesJar()
3436
}
@@ -98,130 +100,86 @@ publishing {
98100
}
99101

100102

101-
var signingKey = resolveSigningKey()
102-
var signingPassword = findSigningProperty( "signingPassword" )
103+
// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
104+
// Signing
103105

104-
signing {
105-
useInMemoryPgpKeys( signingKey, signingPassword )
106+
def signPublicationsTask = tasks.register('signPublications') {
107+
description "Grouping task which executes all Sign tasks"
106108

107-
sign publishing.publications.publishedArtifacts
109+
dependsOn tasks.withType( Sign )
108110
}
109111

110-
String resolveSigningKey() {
111-
var key = findSigningProperty( "signingKey" )
112-
if ( key != null ) {
113-
return key
114-
}
115-
116-
var keyFile = findSigningProperty( "signingKeyFile" )
117-
if ( keyFile != null ) {
118-
return new File( keyFile ).text
119-
}
120-
121-
return null
112+
tasks.named( "publishPublishedArtifactsPublicationToSonatypeRepository" ) {
113+
// publishing depends on signing
114+
dependsOn signPublicationsTask
122115
}
123116

124-
String findSigningProperty(String propName) {
125-
if ( System.getProperty( propName ) != null ) {
126-
logger.debug "Found `{}` as a system property", propName
127-
return System.getProperty(propName )
128-
}
129-
else if ( System.getenv().get( propName ) != null ) {
130-
logger.debug "Found `{}` as an env-var property", propName
131-
return System.getenv().get( propName )
132-
}
133-
else if ( project.hasProperty( propName ) ) {
134-
logger.debug "Found `{}` as a project property", propName
135-
return project.hasProperty( propName )
136-
}
137-
else {
138-
logger.debug "Did not find `{}`", propName
139-
return null
140-
}
117+
tasks.register('sign') {
118+
description "Pseudonym for :signPublications"
119+
dependsOn signPublicationsTask
141120
}
142121

143-
144-
var signingTask = project.tasks.getByName( "signPublishedArtifactsPublication" ) as Sign
145122
var signingExtension = project.getExtensions().getByType(SigningExtension) as SigningExtension
146123

147-
task sign {
148-
dependsOn "signPublications"
149-
}
124+
gradle.taskGraph.whenReady { TaskExecutionGraph graph ->
125+
boolean wasSigningRequested = false
126+
boolean wasPublishingRequested = false
127+
128+
graph.allTasks.each {task ->
129+
if ( task instanceof Sign ) {
130+
wasSigningRequested = true
131+
}
132+
else if ( task instanceof PublishToMavenRepository ) {
133+
wasPublishingRequested = true
134+
}
135+
}
150136

151-
task signPublications { t ->
152-
tasks.withType( Sign ).all { s ->
153-
t.dependsOn s
137+
if ( wasPublishingRequested ) {
138+
def ossrhUser = System.getenv().get( "ORG_GRADLE_PROJECT_sonatypeUsername" )
139+
def ossrhPass = System.getenv().get( "ORG_GRADLE_PROJECT_sonatypePassword" )
140+
if ( ossrhUser == null || ossrhPass == null ) {
141+
throw new RuntimeException( "Cannot perform publishing to OSSRH without credentials." )
142+
}
143+
logger.lifecycle "Publishing groupId: '" + project.group + "', version: '" + project.version + "'"
154144
}
155-
}
156145

157-
signingTask.doFirst {
158-
if ( signingKey == null || signingPassword == null ) {
159-
throw new GradleException(
160-
"Cannot perform signing without GPG details. Please set the `signingKey` and `signingKeyFile` properties"
161-
)
146+
if ( wasSigningRequested || wasPublishingRequested ) {
147+
// signing was explicitly requested and/or we are publishing to Sonatype OSSRH
148+
// - we need the signing to happen
149+
signingExtension.required = true
150+
151+
var signingKey = resolveSigningKey()
152+
var signingPassword = resolveSigningPassphrase()
153+
signingExtension.useInMemoryPgpKeys( signingKey, signingPassword )
154+
signingExtension.sign publishing.publications.publishedArtifacts
155+
}
156+
else {
157+
// signing was not explicitly requested and we are not publishing to OSSRH,
158+
// - disable all Sign tasks
159+
tasks.withType( Sign ).each { enabled = false }
162160
}
163161
}
164162

165-
166-
boolean wasSigningExplicitlyRequested() {
167-
// check whether signing task was explicitly requested when running the build
168-
//
169-
// NOTE: due to https://discuss.gradle.org/t/how-to-tell-if-a-task-was-explicitly-asked-for-on-the-command-line/42853/3
170-
// we cannot definitively know whether the task was requested. Gradle really just does not expose this information.
171-
// so we make a convention - we check the "start parameters" object to see which task-names were requested;
172-
// the problem is that these are the raw names directly from the command line. e.g. it is perfectly legal to
173-
// say `gradlew signPubArtPub` in place of `gradlew signPublishedArtifactsPublication` - Gradle will simply
174-
// "expand" the name it finds. However, it does not make that available.
175-
//
176-
// so the convention is that we will check for the following task names
177-
//
178-
// for each of:
179-
// 1. `sign`
180-
// 2. `signPublications`
181-
// 3. `signPublishedArtifactsPublication`
182-
//
183-
// and we check both forms:
184-
// 1. "${taskName}"
185-
// 2. project.path + ":${taskName}"
186-
//
187-
// we need to check both again because of the "start parameters" discussion
188-
189-
def signingTaskNames = ["sign", "signPublications", "signPublishedArtifactsPublication"]
190-
191-
for ( String taskName : signingTaskNames ) {
192-
if ( gradle.startParameter.taskNames.contains( taskName )
193-
|| gradle.startParameter.taskNames.contains( "${project.path}:${taskName}" ) ) {
194-
return true
195-
}
163+
static String resolveSigningKey() {
164+
var key = System.getenv().get( "SIGNING_GPG_PRIVATE_KEY" )
165+
if ( key != null ) {
166+
return key
196167
}
197168

198-
return false
199-
}
169+
var keyFile = System.getenv().get( "SIGNING_GPG_PRIVATE_KEY_PATH" )
170+
if ( keyFile != null ) {
171+
return new File( keyFile ).text
172+
}
200173

201-
if ( wasSigningExplicitlyRequested() ) {
202-
// signing was explicitly requested
203-
signingExtension.required = true
174+
throw new RuntimeException( "Cannot perform signing without GPG details." )
204175
}
205-
else {
206-
gradle.taskGraph.whenReady { graph ->
207-
if ( graph.hasTask( signingTask ) ) {
208-
// signing is scheduled to happen.
209-
//
210-
// we know, from above if-check, that it was not explicitly requested -
211-
// so it is triggered via task dependency. make sure we want it to happen
212-
var publishingTask = project.tasks.getByName( "publishPublishedArtifactsPublicationToSonatypeRepository" ) as PublishToMavenRepository
213-
if ( graph.hasTask( publishingTask ) ) {
214-
// we are publishing to Sonatype OSSRH - we need the signing to happen
215-
signingExtension.required = true
216-
}
217-
else {
218-
// signing was not explicitly requested and we are not publishing to OSSRH,
219-
// so do not sign.
220-
signingTask.enabled = false
221-
}
222-
}
223176

177+
static String resolveSigningPassphrase() {
178+
var passphrase = System.getenv().get( "SIGNING_GPG_PASSPHRASE" )
179+
if ( passphrase == null ) {
180+
throw new RuntimeException( "Cannot perform signing without GPG details." )
224181
}
182+
return passphrase
225183
}
226184

227185

0 commit comments

Comments
 (0)