Re: [ee4j-build] Maven profiles

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [ee4j-build] Maven profiles

From: Bill Shannon <bill.shannon@xxxxxxxxxx>
Date: Wed, 17 Oct 2018 16:42:40 -0700
Delivered-to: ee4j-build@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/ee4j-build>
List-help: <mailto:ee4j-build-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/ee4j-build>, <mailto:ee4j-build-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/ee4j-build>, <mailto:ee4j-build-request@eclipse.org?subject=unsubscribe>
User-agent: Mozilla/5.0 (X11; SunOS i86pc; rv:52.0) Gecko/20100101 Thunderbird/52.9.1

Romain Grécourt wrote on 10/17/18 04:23 PM:
> On Wed, Oct 17, 2018 at 4:09 PM Bill Shannon <bill.shannon@xxxxxxxxxx
> <mailto:bill.shannon@xxxxxxxxxx>> wrote:
> 
>     No one ever did answer this question so here's my guess...
> 
>     The "snapshots" profile should be used only what pushing out SNAPSHOT artifacts.
> 
>     The "staging" profile should be used when staging a final release for
>     review, before finally releasing it.
> 
>     The "oss-release" profile should be used only when doing a final release
>     of a reviewed and approved artifact. 
> 
> 
>     The "oss-release" profile is the only one that signs the artifacts.
> 
> 
> This is used for any "Maven release" that goes to Maven Central, final or not final.

I didn't think SNAPSHOT releases needed to be signed.

> 
> 
>     If I'm using the nexus-staging-maven-plugin to stage my release so that
>     it can be verified, and then to later close the staging repository and
>     finally release it, do I need to use the "oss-release" profile to do that?
> 
> 
> The "oss-release" profile adds a lifecycle (i.e plugin executions) that is not
> desirable for this use-case.
> The base configuration of the plugin can be done in the default profile (i.e no
> profile).

I don't understand.

If I'm staging my release for review, don't I want to include the source jar
file? Don't I want to sign the artifacts so when the release is approved I
can just "release" the repo?

> 
>     If so, I'm not sure when the "staging" profile would be used.
> 
> 
> IIUC the current direction seems to decouple the nexus workflow in 2 steps:
>  - deploy to a staging repository and close the staging repository
>  - release the staging repository once reviewed/approved
> 
> The staging profile configures the staging repository group for oss.sonatype.org
> <http://oss.sonatype.org>. (https://oss.sonatype.org/content/groups/staging/)
> I.e If activated, one can consume artifacts from any closed staging repository.
> 
> If the review/approval depends on automated test suites, they will likely need
> to consume the artifacts from the staging repository. 

So if I deploy them using oss-release and close the repo, but don't release
it, what happens?  Can I download the artifacts from some staging area and
test them before releasing the repo?

I don't understand how to get signed artifacts into a staging area so that
they can just be "released" after being tested and approved, without needing
to recreate the artifacts.

Follow-Ups:
- Re: [ee4j-build] Maven profiles
  - From: Romain Grécourt

References:
- [ee4j-build] Maven profiles
  - From: Bill Shannon
- Re: [ee4j-build] Maven profiles
  - From: Bill Shannon
- Re: [ee4j-build] Maven profiles
  - From: Romain Grécourt

Prev by Date: Re: [ee4j-build] how to release staged artifacts?
Next by Date: Re: [ee4j-build] how to release staged artifacts?
Previous by thread: Re: [ee4j-build] Maven profiles
Next by thread: Re: [ee4j-build] Maven profiles
Index(es):
- Date
- Thread

Breadcrumbs