[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [ee4j-build] Maven profiles
|
Romain Grécourt wrote on 10/17/18 04:23 PM:
> On Wed, Oct 17, 2018 at 4:09 PM Bill Shannon <bill.shannon@xxxxxxxxxx
> <mailto:bill.shannon@xxxxxxxxxx>> wrote:
>
> No one ever did answer this question so here's my guess...
>
> The "snapshots" profile should be used only what pushing out SNAPSHOT artifacts.
>
> The "staging" profile should be used when staging a final release for
> review, before finally releasing it.
>
> The "oss-release" profile should be used only when doing a final release
> of a reviewed and approved artifact.
>
>
> The "oss-release" profile is the only one that signs the artifacts.
>
>
> This is used for any "Maven release" that goes to Maven Central, final or not final.
I didn't think SNAPSHOT releases needed to be signed.
>
>
> If I'm using the nexus-staging-maven-plugin to stage my release so that
> it can be verified, and then to later close the staging repository and
> finally release it, do I need to use the "oss-release" profile to do that?
>
>
> The "oss-release" profile adds a lifecycle (i.e plugin executions) that is not
> desirable for this use-case.
> The base configuration of the plugin can be done in the default profile (i.e no
> profile).
I don't understand.
If I'm staging my release for review, don't I want to include the source jar
file? Don't I want to sign the artifacts so when the release is approved I
can just "release" the repo?
>
> If so, I'm not sure when the "staging" profile would be used.
>
>
> IIUC the current direction seems to decouple the nexus workflow in 2 steps:
> - deploy to a staging repository and close the staging repository
> - release the staging repository once reviewed/approved
>
> The staging profile configures the staging repository group for oss.sonatype.org
> <http://oss.sonatype.org>. (https://oss.sonatype.org/content/groups/staging/)
> I.e If activated, one can consume artifacts from any closed staging repository.
>
> If the review/approval depends on automated test suites, they will likely need
> to consume the artifacts from the staging repository.
So if I deploy them using oss-release and close the repo, but don't release
it, what happens? Can I download the artifacts from some staging area and
test them before releasing the repo?
I don't understand how to get signed artifacts into a staging area so that
they can just be "released" after being tested and approved, without needing
to recreate the artifacts.