I am trying to publish my Java Library to Maven Central. A part of this involves using the signing gradle plugin to sign the artifacts. I need to sign it without using the keyring file as document here as I cant provide my CI secure access to the key ring file.
However when I do this my build fails with:
FAILURE: Build failed with an exception.
* What went wrong:
Could not evaluate onlyIf predicate for task ':signArchives'.
> Could not read PGP secret key
What am I doing wrong? I presume it is related to my GPG_SIGNING_KEY.
I used the full private key from the response of gpg --list-secret-keys --keyid-format LONG. Is this not correct?
My build.gradle
apply plugin: 'java'
apply plugin: 'signing'
apply plugin: 'maven'
apply from: 'publish.gradle'
sourceCompatibility = 1.8
repositories {
mavenCentral()
}
dependencies {
compile group: 'org.apache.httpcomponents', name: 'httpclient', version: '4.5.3'
testCompile 'junit:junit:4.11'
}
task Wrapper(type: Wrapper) {
gradleVersion = '5.6.2'
}
My publish.gradle
apply plugin: 'maven'
apply plugin: 'signing'
def isReleaseBuild() {
return !VERSION.contains("SNAPSHOT")
}
def getReleaseRepositoryUrl() {
return 'https://oss.sonatype.org/service/local/staging/deploy/maven2/'
}
def getSnapshotRepositoryUrl() {
return 'https://oss.sonatype.org/content/repositories/snapshots/'
}
afterEvaluate { project ->
uploadArchives {
repositories {
mavenDeployer {
beforeDeployment { MavenDeployment deployment -> signing.signPom(deployment) }
repository(url: getReleaseRepositoryUrl()) {
def ossrhUsername = OSSRH_USERNAME
def ossrhPassword = OSSRH_PASSWORD
authentication(userName: ossrhUsername, password: ossrhPassword)
}
snapshotRepository(url: getSnapshotRepositoryUrl()) {
def ossrhUsername = OSSRH_USERNAME
def ossrhPassword = OSSRH_PASSWORD
authentication(userName: ossrhUsername, password: ossrhPassword)
}
pom.groupId = GROUP_ID
pom.artifactId = ARTIFACT_ID
pom.version = VERSION
pom.project {
name ARTIFACT_ID
packaging PROJECT_PACKAGING
description PROJECT_DESCRIPTION
url PROJECT_URL
scm {
url SCM_URL
connection SCM_CONNECTION
}
licenses {
license {
name LICENSE_NAME
url LICENSE_URL
}
}
organization {
name = ORGANIZATION_NAME
url = ORGANIZATION_URL
}
developers {
developer {
id DEVELOPER_ID
name DEVELOPER_NAME
email DEVELOPER_EMAIL
}
}
}
}
}
signing {
required { isReleaseBuild() && gradle.taskGraph.hasTask("uploadArchives") }
def signingKey = GPG_SIGNING_KEY
def signingPassword = GPG_SIGNING_PASSWORD
useInMemoryPgpKeys(signingKey, signingPassword)
sign configurations.archives
}
task javadocJar(type: Jar) {
classifier = 'javadoc'
from javadoc
}
task sourcesJar(type: Jar) {
classifier = 'sources'
from sourceSets.main.allSource
}
artifacts {
archives javadocJar, sourcesJar
}
}
}
And with gradle.properties
RELEASE_REPOSITORY_URL='https://oss.sonatype.org/service/local/staging/deploy/maven2/'
SNAPSHOT_REPOSITORY_URL='https://oss.sonatype.org/content/repositories/snapshots/'
GPG_SIGNING_KEY=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
GPG_SIGNING_PASSWORD=the password used to encrypt the key
OSSRH_USERNAME=my ossrh username
OSSRH_PASSWORD=my ossrh password
VERSION=1.0.0
GROUP_ID=com.example
ARTIFACT_ID=project-name
PROJECT_PACKAGING=...
PROJECT_DESCRIPTION=...
PROJECT_URL=...
SCM_URL=...
SCM_CONNECTION=...
LICENSE_NAME=Apache License, Version 2.0
LICENSE_URL=...
ORGANIZATION_NAME=...
ORGANIZATION_URL=...
DEVELOPER_ID=...
DEVELOPER_NAME=...
DEVELOPER_EMAIL=...
As you suspected, it’s the format of the secret PGP key that is wrong here. The useInMemoryPgpKeys method expects an “ascii-armored in-memory PGP secret key”. gpg --list-secret-keys is only meant for human consumption and doesn’t even show the ‘content’ of the secret key.
You can get the key in the correct format using gpg --armor --export-secret-keys foobar#example.com instead. Use your own key ID (as returned by gpg --list-secret-keys) or email address instead of foobar#example.com.
To make use of the exported key in the gradle.properties file, you need to escape the newline characters. For example, you could append a new, working line for your GPG_SIGNING_KEY property like so:
gpg --armor --export-secret-keys foobar#example.com \
| awk 'NR == 1 { print "GPG_SIGNING_KEY=" } 1' ORS='\\n' \
>> gradle.properties
(See this answer for an explanation of the main awk magic that is used here.)
With your gradle.properties file updated as described (and using your build scripts), I could successfully sign my dummy JAR files with ./gradlew signArchives.
Related
I am following instructions in the Sonatype documentation for publishing a gradle project.
I have the following gradle version.
$ ./gradlew --version
------------------------------------------------------------
Gradle 7.6
------------------------------------------------------------
Build time: 2022-11-25 13:35:10 UTC
Revision: daece9dbc5b79370cc8e4fd6fe4b2cd400e150a8
Kotlin: 1.7.10
Groovy: 3.0.13
Ant: Apache Ant(TM) version 1.10.11 compiled on July 10 2021
JVM: 1.8.0_181 (Oracle Corporation 25.181-b13)
OS: Mac OS X 10.16 x86_64
When I try to use the uploadArchives task as given in their example, I get the following error:
$ ./gradlew uploadArchives
FAILURE: Build failed with an exception.
* Where:
Build file '/Users/ferozed/stash/libs/mask-json-field-transform/build.gradle' line: 167
* What went wrong:
A problem occurred evaluating root project 'mask-json-field-transform'.
> Could not find method uploadArchives() for arguments [build_6yphclnk6m8p3rtmq5h7m56li$_run_closure12#19fbeecd] on root project 'mask-json-field-transform' of type org.gradle.api.Project.
This is my build.gradle file
buildscript {
repositories {
gradlePluginPortal()
}
dependencies {
classpath 'gradle.plugin.com.github.johnrengelman:shadow:7.1.2'
}
}
plugins {
id 'java' // so that we can use 'implementation', 'testImplementation' for dependencies
id 'maven-publish'
id 'signing'
}
apply plugin: 'maven-publish'
apply plugin: 'signing'
apply plugin: 'com.github.johnrengelman.shadow'
repositories {
jcenter()
mavenCentral()
maven {
url = "https://packages.confluent.io/maven"
}
maven {
url = "https://jitpack.io"
}
}
group = 'io.github.ferozed.kafka.connect'
version = '0.1'
dependencies {
// Kafka
implementation group: 'org.apache.kafka', name: 'connect-api', version: '3.3.1'
implementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.14.1'
implementation 'com.github.jcustenborder.kafka.connect:connect-utils:0.7.173'
implementation 'com.github.jcustenborder.kafka.connect:kafka-connect-transform-common:0.1.0.14'
//test
testImplementation(platform('org.junit:junit-bom:5.9.0'))
testImplementation('org.junit.jupiter:junit-jupiter')
testImplementation("io.mockk:mockk:1.9.2")
}
sourceSets {
main {
java {
srcDirs = ["src/main/java"]
}
resources {
srcDirs = ["src/main/avro", "src/main/resources"]
}
}
test {
java {
srcDirs = ["src/test/java"]
}
}
}
test {
useJUnitPlatform()
testLogging {
events "passed", "skipped", "failed"
}
}
task javadocJar(type: Jar) {
classifier = 'javadoc'
from javadoc
}
task sourcesJar(type: Jar) {
classifier = 'sources'
from sourceSets.main.allSource
}
tasks.withType(AbstractArchiveTask).configureEach {
preserveFileTimestamps = false
reproducibleFileOrder = true
}
plugins.withId("com.github.johnrengelman.shadow"){
//this block requires the java plugin to be applied first.
plugins.withId("java"){
shadowJar {
//We are overriding the default jar to be the shadow jar
classifier = null
exclude 'META-INF'
exclude 'META-INF/*.INF'
exclude 'META-INF/license/*'
}
jar {
manifest {
attributes(
'Built-By' : System.properties['user.name'],
'Build-Timestamp': new java.text.SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSSZ").format(new Date()),
'Created-By' : "Gradle ${gradle.gradleVersion}",
'Build-Jdk' : "${System.properties['java.version']} (${System.properties['java.vendor']} ${System.properties['java.vm.version']})",
'Build-OS' : "${System.properties['os.name']} ${System.properties['os.arch']} ${System.properties['os.version']}"
)
}
}
tasks.build.dependsOn tasks.shadowJar
tasks.shadowJar.mustRunAfter tasks.jar
tasks.shadowJar.mustRunAfter tasks.javadocJar
tasks.shadowJar.mustRunAfter tasks.sourcesJar
}
}
publishing {
publications {
mavenJava(MavenPublication) {
pom {
name = 'Mask Json Field Transform'
description = 'A kafka connect transform to remove the value of a sensitive field in a json document.'
url = 'https://github.com/ferozed/mask-json-field-transform'
properties = [
myProp: "value",
"prop.with.dots": "anotherValue"
]
licenses {
license {
name = 'The Apache License, Version 2.0'
url = 'http://www.apache.org/licenses/LICENSE-2.0.txt'
}
}
developers {
developer {
id = 'ferozes'
name = 'Feroze Daud'
email = 'ferozed.oss#gmail.com'
}
}
scm {
connection = 'scm:git:git#github.com:ferozed/mask-json-field-transform.git'
developerConnection = 'scm:git:git#github.com:ferozed/mask-json-field-transform.git'
url = 'https://github.com/ferozed/mask-json-field-transform'
}
}
}
}
}
signing {
sign configurations.archives
sign publishing.publications.mavenJava
}
tasks.signArchives.dependsOn tasks.shadowJar
artifacts {
archives javadocJar, sourcesJar
}
uploadArchives {
repositories {
mavenDeployer {
beforeDeployment { deployment -> signing.signPom(deployment) }
repository(url: "https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/") {
authentication(userName: ossrhUsername, password: ossrhPassword)
}
snapshotRepository(url: "https://s01.oss.sonatype.org/content/repositories/snapshots/") {
authentication(userName: ossrhUsername, password: ossrhPassword)
}
pom.project {
name 'Example Application'
packaging 'jar'
// optionally artifactId can be defined here
description 'A kafka connect transform to remove the value of a sensitive field in a json document.'
url 'https://github.com/ferozed/mask-json-field-transform'
scm {
connection 'scm:svn:http://foo.googlecode.com/svn/trunk/'
developerConnection 'scm:svn:https://foo.googlecode.com/svn/trunk/'
url 'https://github.com/ferozed/mask-json-field-transform'
}
licenses {
license {
name 'The Apache License, Version 2.0'
url 'http://www.apache.org/licenses/LICENSE-2.0.txt'
}
}
developers {
developer {
id 'ferozed'
name 'Feroze Daud'
email 'feroz#gmail.com'
}
}
}
}
}
}
What am I doing wrong?
First and foremost, you may not need to 'fix the error' so to speak, in that it appears the problematic code MAY be able to be outright deleted. However...
To fix the error...
Could not find method uploadArchives() for arguments [build_6yphclnk6m8p3rtmq5h7m56li$_run_closure12#19fbeecd] on root project 'mask-json-field-transform' of type org.gradle.api.Project.
This is telling us that uploadArchives is not valid. See immediately below.
I believe you may need to use the maven plugin to access this functionality.
https://github.com/siddeshbg/gradle-uploadArchives/blob/master/README.md
to do this, add:
id 'maven'
to your plugins{}
block.
The above example explains that the maven plugin is responsible for doing this
The Maven plugin adds support for deploying artifacts to Maven repositories
It is worth considering also that the author of the above repository claims:
This is the legacy publishing mechanism, should not be used in newer
builds
Now... on to the better solution, forgetting the maven plugin, in favor of the maven-publish plugin you're already using...
I do not personally work with Maven often enough to know what other mechanisms one should use, but Google suggests that perhaps the maven-publish plugin you're using might do this WITHOUT the 'uploadArchives{}' portion of your code that is causing the error.
See:
https://docs.gradle.org/current/userguide/publishing_maven.html
Per this page, it would seem the entire uploadArchives block is unnecessary
Gradle v4.10.2
I’m building a Gradle Java plugin, and it builds. However when I run ./gradlew publish it does nothing, i.e., the artifact doesn’t get published. Here’s my build.gradle file (I have all the variables defined in my gradle.properties file). Also, if I just run ./gradlew publish w/o running ./gradlew build first, it doesn’t run the build phase. What am I missing in my build.gradle file? Thanks.
plugins {
id 'java'
id 'maven'
id 'maven-publish'
}
apply plugin: 'java'
apply plugin: 'maven'
apply plugin: 'maven-publish'
group=project.groupId
version = '0.0.1'
jar {
manifest {
attributes 'artifactId': project.artifactId,
'groupId': project.groupId,
'version': project.version
}
baseName artifactId
doLast {
println "artifactId: $project.artifactId\ngroupId: $project.groupId\nversion: $version"
}
}
dependencies {
compile gradleApi()
}
// For publishigh to S3 maven repo
publishing {
repositories {
maven {
url "s3://" + s3_bucket
credentials(AwsCredentials) {
accessKey AWS_ACCESS_KEY
secretKey AWS_SECRET_KEY
}
}
}
}
RTFM. I was missing the publications block inside the publishing block. Here’s the whole block
publishing {
publications {
myLibrary(MavenPublication) {
from components.java
}
}
repositories {
maven {
url "s3://" + s3_bucket
credentials(AwsCredentials) {
accessKey AWS_ACCESS_KEY
secretKey AWS_SECRET_KEY
}
}
}
}
I have the following build.gradle file:
plugins {
id 'java-gradle-plugin'
id 'com.gradle.plugin-publish' version '0.10.1'
id 'groovy'
id 'maven-publish'
id "com.jfrog.artifactory" version "4.9.1"
}
group = 'de.gafertp'
version = '2.0.0'
repositories {
mavenCentral()
}
dependencies {
compile 'net.sourceforge.plantuml:plantuml:1.2019.1'
testCompile 'org.junit.jupiter:junit-jupiter-api:5.4.0'
testCompile 'org.junit-pioneer:junit-pioneer:0.3.0'
testRuntime 'org.junit.jupiter:junit-jupiter-engine:5.4.0'
}
gradlePlugin {
plugins {
plantUmlPlugin {
id = 'de.gafertp.plantuml'
displayName = 'Gradle PlantUML Plugin'
description = 'A very simple plugin to render PlantUML files. ' +
'Takes a set of diagram files together with desired output files / formats ' +
'and renders them with PlantUML (http://plantuml.com/).'
implementationClass = 'de.gafertp.PlantUmlPlugin'
}
}
}
pluginBundle {
website = 'https://github.com/codecholeric/gradle-plantuml-plugin'
vcsUrl = 'https://github.com/codecholeric/gradle-plantuml-plugin'
tags = ['plantuml']
}
publishing {
publications {
plantUmlPluginJar(MavenPublication) {
from components.java
}
}
}
artifactory {
contextUrl = "${artifactory_contextUrl}"
publish {
repository {
repoKey = 'gradle-dev-local'
username = "${artifactory_user}"
password = "${artifactory_password}"
println "username=${artifactory_user}"
println "password=${artifactory_password}"
maven = true
}
defaults {
publications('plantUmlPluginJar')
}
}
resolve {
repository {
repoKey = 'gradle-dev'
username = "${artifactory_user}"
password = "${artifactory_password}"
maven = true
}
}
}
test {
useJUnitPlatform()
}
And this gradle.properties file:
artifactory_user=${security.getCurrentUsername()}
artifactory_password=${security.getEncryptedPassword()!"blahblah"}
artifactory_contextUrl=http://localhost:8081/artifactory
The build fails with the following error:
Execution failed for task ':artifactoryDeploy'.
> java.io.IOException: Failed to deploy file. Status code: 401 Response message: Artifactory returned the following errors:
Unauthorized Status code: 401
If we take a look at the printed username and password, we see this:
username=${security.getCurrentUsername()}
password=${security.getEncryptedPassword()!"blahblah"}
Gradle takes the properties values as literal strings instead of evaluating them. So the issue seems to be that the security object cannot be found, because if I replace the properties in build.gradle file with their values directly, the following error occurs:
A problem occurred evaluating root project 'gradle-plantuml-plugin'.
> Could not get unknown property 'security' for object of type org.jfrog.gradle.plugin.artifactory.dsl.DoubleDelegateWrapper.
What am I doing wrong? The deploy works fine when using plaintext username and password, but I would like to use the auto-generated way of logging in (using an encrypted password).
It seems that gradle.properties should look like this:
username=your_username
password=blahblah
We suppose that blahblah is your encrypted password.
I have this gradle script:
def configureUploadArtifacts(groupId, repoUrl, _packaging) {
def gpgKeyId = System.getenv('GPG_KEY_ID')
def gpgPassword = System.getenv('GPG_KEY_PASSWORD')
def gpgFile = System.getenv('PATH_TO_GPG_FILE')
project.group = groupId;
project.archivesBaseName = name
project.version = getVersionNameFromFile()
ext."signing.keyId" = gpgKeyId
ext."signing.password" = gpgPassword
ext."signing.secretKeyRingFile" = gpgFile
uploadArchives {
apply plugin: 'maven'
apply plugin: 'signing'
signing {
sign configurations.archives
}
def userName = System.getenv('OSSRH_USER_NAME');
def password = System.getenv('OSSRH_PASSWORD');
repositories {
mavenDeployer {
beforeDeployment { MavenDeployment deployment -> signing.signPom(deployment) }
repository(url: "https://oss.sonatype.org/service/local/staging/deploy/maven2/") {
authentication(userName: userName, password: password)
}
snapshotRepository(url: "https://oss.sonatype.org/content/repositories/snapshots/") {
authentication(userName: userName, password: password)
}
pom.project {
name "${project.name}"
packaging "${_packaging}"
// optionally artifactId can be defined here
description 'A collection of core tools I use'
url "http://github.com/${repoUrl}"
scm {
connection "scm:git:git://github.com/${repoUrl}.git"
developerConnection "scm:git:ssh://github.com/${repoUrl}.git"
url "http://github.com/${repoUrl}/tree/master"
}
licenses {
license {
name 'The Apache License, Version 2.0'
url 'http://www.apache.org/licenses/LICENSE-2.0.txt'
}
}
developers {
developer {
id 'TacB0sS'
name 'My Name'
email 'My Email'
}
}
}
}
}
}
}
I use it on my Jenkins server and it works wonderfully.
I would like it also to close and release the artifacts...
How do I do that?
Solution was to add the following to the root build.gradle file:
ext."oss-releases.username" = System.getenv('OSSRH_USER_NAME')
ext."oss-releases.password" = System.getenv('OSSRH_PASSWORD')
ext."oss-releases.url" = "https://oss.sonatype.org/index.html#stagingRepositories"
apply plugin: 'nexus-workflow'
And run the following from the command line:
bash gradlew nexusStagingRelease
DONE!
You can use gradle-release on your script. It works similar as maven-release-plugin (removes SNAPSHOT from version, builds, create tags, deploys artifacts and updates to the next development version):
apply plugin: 'net.researchgate.release'
In Jenkins, using release plugin, you will need to configure the unattended release:
gradle release -Prelease.useAutomaticVersion=true \
-Prelease.releaseVersion=$VERSION \
-Prelease.newVersion=$NEXT_VERSION
My build script is like as follows. I use gradle build command to build and gradle upload command to upload the artifact. My problem is a tar,zip file is also generated with this command and get uploaded. I dont want it. Only things I would like to get uploaded is 'jar' and 'war' files.
I have also a related question posted by me yesterday here.
More details(I have excluded some unwanted code)
build file in root
allprojects {
apply plugin: 'maven'
group = 'groupid'
version = '1.0-SNAPSHOT'
}
subprojects {
apply plugin: 'java'
sourceCompatibility = 1.7
targetCompatibility = 1.7
repositories {
maven {
credentials {
username "$nexusUser"
password "$nexusPass"
}
url "$nexusUrl"
}
}
uploadArchives {
repositories {
mavenDeployer {
repository(url: "$nexusSnapshotUrl") {
authentication(userName: "$nexusUser", password: "$nexusPass")
}
}
}
}
}
ext.comlib = [ // Groovy map literal
junit3: "junit:junit:3.8",
junit4: "junit:junit:4.9",
spring_core: "org.springframework:spring-core:3.1",
hibernate_validator : "org.hibernate:hibernate-validator:5.1.3.Final",
spring_core : "org.springframework.security:spring-security-core:4.0.2.RELEASE",
spring_security_web: "org.springframework.security:spring-security-web:4.0.2.RELEASE",
spring_security_config: "org.springframework.security:spring-security-config:4.0.2.RELEASE",
spring_boot_starter_test: "org.springframework.boot:spring-boot-starter-test:1.2.5.RELEASE",
spring_boot_starter_actuator: "org.springframework.boot:spring-boot-starter-actuator:1.2.5.RELEASE",
spring_boot_plugin_gradle: "org.springframework.boot:spring-boot-gradle-plugin:1.2.6.RELEASE",
asciidoctor_gradle_plugin: "org.asciidoctor:asciidoctor-gradle-plugin:1.5.1",
asciidoctor_pdf_plugin: "org.asciidoctor:asciidoctorj-pdf:1.5.0-alpha.9"/*,
sl4j_api: "org.slf4j:slf4j-api:1.7.12",
sl4j_log4j: "org.slf4j:slf4j-log4j12:1.7.12",
logback_classic: "ch.qos.logback:logback-classic:1.1.3",
logback_core: "ch.qos.logback:logback-core:1.1.3"*/
]
build file in sub module
apply plugin: 'spring-boot'
group = 'com.group.id'
apply from: "../build.gradle"
apply plugin: 'org.asciidoctor.gradle.asciidoctor'
apply plugin: 'war'
description = 'module name'
dependencies {
compile "someothermodule:commonapi:1.0.0-SNAPSHOT"
compile "io.springfox:springfox-swagger2:2.0.1"
compile project(':dependingproject1:dependingproject2')
compile comlib.spring_boot_starter_actuator
compile comlib.spring_core
compile comlib.spring_security_web
compile comlib.spring_security_config
testCompile(comlib.spring_boot_starter_test) {
exclude(module: 'commons-logging')
}
testCompile comlib.junit4
providedCompile comlib_app.spring_boot_plugin_tomcat
testCompile "io.springfox:springfox-staticdocs:2.0.3"
testCompile "org.springframework:spring-test:4.1.7.RELEASE"
}
ext {
swaggerOutputDir = file("src/docs/asciidoc/generated")
asciiDocOutputDir = file("${buildDir}/asciidoc")
}
test {
systemProperty 'org.springframework.restdocs.outputDir', asciiDocOutputDir
systemProperty 'io.springfox.staticdocs.outputDir', swaggerOutputDir
}
//spring boot plugin
buildscript {
repositories {
maven {
credentials {
username "$nexusUser"
password "$nexusPass"
}
url "$nexusCentral"
}
maven {
credentials {
username "$nexusUser"
password "$nexusPass"
}
url "$nexusThirdParty"
}
}
dependencies {
classpath(comlib.spring_boot_plugin_gradle)
}
}
Included the following code snippet in my gradle file
[distZip, distTar].each { task -> configurations.archives.artifacts.removeAll
{ it.class.simpleName == "ArchivePublishArtifact" && it.archiveTask == task }
task.enabled = false
}
For more details refer this link. Its issue with spring boot plugin.
arjuncc's solution doesn't seem to work on Gradle 4.10.2, so here's one that works and uses public APIs, hopefully it will continue to work.
configurations.archives.artifacts.removeAll {
// exclude from the archives configuration all artifacts that were generated by distZip & distTar
def depTasks = it.getBuildDependencies().getDependencies()
depTasks.contains(distZip) || depTasks.contains(distTar)
}
More or less the same as ajuncc's solution, but perhaps a bit more simple. Remove all .tar artifacts from the archives configuration:
configurations.archives.artifacts.removeAll {PublishArtifact publishArtifact -> publishArtifact.type == 'tar'}