Romain Grécourt wrote on 10/17/2018 05:20 PM:
Romain Grécourt wrote
on 10/17/18 04:23 PM:
> On Wed, Oct 17, 2018 at 4:09 PM Bill Shannon <bill.shannon@xxxxxxxxxx
> <mailto:bill.shannon@xxxxxxxxxx>>
wrote:
>
> No one ever did answer this question so here's my
guess...
>
> The "snapshots" profile should be used only what
pushing out SNAPSHOT artifacts.
>
> The "staging" profile should be used when staging
a final release for
> review, before finally releasing it.
>
> The "oss-release" profile should be used only
when doing a final release
> of a reviewed and approved artifact.
>
>
> The "oss-release" profile is the only one that
signs the artifacts.
>
>
> This is used for any "Maven release" that goes to
Maven Central, final or not final.
I didn't think SNAPSHOT releases needed to be signed.
SNAPSHOT artifacts are not deployed with a Maven
Release.
A simple "mvn deploy" is usually enough.
I think we're using the same terminology differently.
I think of anything pushed to a Maven repository to be a "release".
I guess you only consider non-SNAPSHOT versions to be a "release".
>
>
> If I'm using the nexus-staging-maven-plugin to
stage my release so that
> it can be verified, and then to later close the
staging repository and
> finally release it, do I need to use the
"oss-release" profile to do that?
>
>
> The "oss-release" profile adds a lifecycle (i.e
plugin executions) that is not
> desirable for this use-case.
> The base configuration of the plugin can be done in
the default profile (i.e no
> profile).
I don't understand.
If I'm staging my release for review, don't I want to
include the source jar
file? Don't I want to sign the artifacts so when the
release is approved I
can just "release" the repo?
You need to use the oss-release profile to perform a
maven release.
In fact you can't close a staging repository without
using that profile, otherwise you get validation error
(Maven central requirements: source.jar javadoc.jar gpg
signatures).
Then what's the point of the "staging" profile? If I push something
using that profile, it won't be signed, so I won't be able to close
the staging repository, right?
However you do not want to use the release profile to
automate the 2nd part of the nexus workflow (i.e
nexus-staging:rc-release)
Do the profiles have any effect when just invoking "mvn
nexus-staging:something"? I assumed they were unnecessary but also
harmless in this case. I assumed they only really mattered when
doing "mvn deploy".
>
> If so, I'm not sure when the "staging" profile
would be used.
>
>
> IIUC the current direction seems to decouple the
nexus workflow in 2 steps:
> - deploy to a staging repository and close the
staging repository
> - release the staging repository once
reviewed/approved
>
> The staging profile configures the staging repository
group for oss.sonatype.org
> <http://oss.sonatype.org>.
(https://oss.sonatype.org/content/groups/staging/)
> I.e If activated, one can consume artifacts from any
closed staging repository.
>
> If the review/approval depends on automated test
suites, they will likely need
> to consume the artifacts from the staging
repository.
So if I deploy them using oss-release and close the repo,
but don't release
it, what happens? Can I download the artifacts from some
staging area and
test them before releasing the repo?
You will use the staging profile to enable the staging
group repository in your project.
I'm still not getting it.
I see that the staging profile will target the deployment to a
different repository group than the oss-release profile.
What I don't understand is why I would ever want to target something
to that other repository group. The stuff I put there won't be
signed, so I can't ultimately "release" it. What would I use it
for? Why wouldn't I just use the oss-release profile and target
that repository group, close it, but not release it until after it
has been tested and approved?
I don't understand how to get signed artifacts into a
staging area so that
they can just be "released" after being tested and
approved, without needing
to recreate the artifacts.
Not sure where the confusion is.
Step1: Do a Maven release using -Poss-release.
After that, you will have a closed staging repository
with all your artifacts (signed and everything).
Step2: Get the approval, release the staging
repository, wait for 10min for the artifacts to show on
Maven Central.
Right, so what's the purpose of the "staging" profile?
|