Re: [ee4j-build] Maven profiles

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [ee4j-build] Maven profiles

From: Bill Shannon <bill.shannon@xxxxxxxxxx>
Date: Thu, 18 Oct 2018 14:57:13 -0700
Delivered-to: ee4j-build@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/ee4j-build>
List-help: <mailto:ee4j-build-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/ee4j-build>, <mailto:ee4j-build-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/ee4j-build>, <mailto:ee4j-build-request@eclipse.org?subject=unsubscribe>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1

Romain Grécourt wrote on 10/17/2018 05:20 PM:

On Wed, Oct 17, 2018 at 4:49 PM Bill Shannon <bill.shannon@xxxxxxxxxx> wrote:

Romain Grécourt wrote on 10/17/18 04:23 PM:
> On Wed, Oct 17, 2018 at 4:09 PM Bill Shannon <bill.shannon@xxxxxxxxxx
> <mailto:bill.shannon@xxxxxxxxxx>> wrote:
>
> No one ever did answer this question so here's my guess...
>
> The "snapshots" profile should be used only what pushing out SNAPSHOT artifacts.
>
> The "staging" profile should be used when staging a final release for
> review, before finally releasing it.
>
> The "oss-release" profile should be used only when doing a final release
> of a reviewed and approved artifact.
>
>
> The "oss-release" profile is the only one that signs the artifacts.
>
>
> This is used for any "Maven release" that goes to Maven Central, final or not final.

I didn't think SNAPSHOT releases needed to be signed.

SNAPSHOT artifacts are not deployed with a Maven Release.

A simple "mvn deploy" is usually enough.

I think we're using the same terminology differently.

I think of anything pushed to a Maven repository to be a "release".
I guess you only consider non-SNAPSHOT versions to be a "release".

>
>
> If I'm using the nexus-staging-maven-plugin to stage my release so that
> it can be verified, and then to later close the staging repository and
> finally release it, do I need to use the "oss-release" profile to do that?
>
>
> The "oss-release" profile adds a lifecycle (i.e plugin executions) that is not
> desirable for this use-case.
> The base configuration of the plugin can be done in the default profile (i.e no
> profile).

I don't understand.

If I'm staging my release for review, don't I want to include the source jar
file? Don't I want to sign the artifacts so when the release is approved I
can just "release" the repo?

You need to use the oss-release profile to perform a maven release.

In fact you can't close a staging repository without using that profile, otherwise you get validation error (Maven central requirements: source.jar javadoc.jar gpg signatures).

Then what's the point of the "staging" profile? If I push something using that profile, it won't be signed, so I won't be able to close the staging repository, right?

However you do not want to use the release profile to automate the 2nd part of the nexus workflow (i.e nexus-staging:rc-release)

Do the profiles have any effect when just invoking "mvn nexus-staging:something"? I assumed they were unnecessary but also harmless in this case. I assumed they only really mattered when doing "mvn deploy".

>
> If so, I'm not sure when the "staging" profile would be used.
>
>
> IIUC the current direction seems to decouple the nexus workflow in 2 steps:
> - deploy to a staging repository and close the staging repository
> - release the staging repository once reviewed/approved
>
> The staging profile configures the staging repository group for oss.sonatype.org
> <http://oss.sonatype.org>. (https://oss.sonatype.org/content/groups/staging/)
> I.e If activated, one can consume artifacts from any closed staging repository.
>
> If the review/approval depends on automated test suites, they will likely need
> to consume the artifacts from the staging repository.

So if I deploy them using oss-release and close the repo, but don't release
it, what happens? Can I download the artifacts from some staging area and
test them before releasing the repo?

Yes. You download the artifacts from the staging group (https://oss.sonatype.org/content/groups/staging) that aggregates the content of all closed staging repositories.

You will use the staging profile to enable the staging group repository in your project.

I'm still not getting it.

I see that the staging profile will target the deployment to a different repository group than the oss-release profile.

What I don't understand is why I would ever want to target something to that other repository group. The stuff I put there won't be signed, so I can't ultimately "release" it. What would I use it for? Why wouldn't I just use the oss-release profile and target that repository group, close it, but not release it until after it has been tested and approved?

I don't understand how to get signed artifacts into a staging area so that
they can just be "released" after being tested and approved, without needing
to recreate the artifacts.

Not sure where the confusion is.

Step1: Do a Maven release using -Poss-release.

After that, you will have a closed staging repository with all your artifacts (signed and everything).

Step2: Get the approval, release the staging repository, wait for 10min for the artifacts to show on Maven Central.

Right, so what's the purpose of the "staging" profile?

Follow-Ups:
- Re: [ee4j-build] Maven profiles
  - From: Romain Grécourt

References:
- [ee4j-build] Maven profiles
  - From: Bill Shannon
- Re: [ee4j-build] Maven profiles
  - From: Bill Shannon
- Re: [ee4j-build] Maven profiles
  - From: Romain Grécourt
- Re: [ee4j-build] Maven profiles
  - From: Bill Shannon
- Re: [ee4j-build] Maven profiles
  - From: Romain Grécourt

Prev by Date: Re: [ee4j-build] Artifact caching
Next by Date: Re: [ee4j-build] Maven profiles
Previous by thread: Re: [ee4j-build] Maven profiles
Next by thread: Re: [ee4j-build] Maven profiles
Index(es):
- Date
- Thread

Breadcrumbs