Updated maven central gpg refferrences and credentials

.github/actions/publish-to-sonatype/action.yaml

@@ -32,6 +32,12 @@ inputs:
   publish-password:
     description: ""
     required: true
+  validation-max-number-checks:
+    description: ""
+    required: true
+  sonatype-domain-name:
+    description: ""
+    required: true
 
 runs:
   using: "composite"
@@ -118,13 +124,53 @@ runs:
         ARTIFACT_NAME='${{ steps.create-artifact.outputs.artifact-name }}'
         unzip -l "${ARTIFACT_NAME}" | tail -n +4 | sort -k4,4
 
-    #- name: Stage artifacts
-    #  working-directory: ${{ inputs.staging-folder }}
-    #  shell: bash
-    #  run: |
-    #    TOKEN=$(printf "${{ inputs.publish-user }}:${{ inputs.publish-password }}" | base64)
-    #    curl --request POST \
-    #      --verbose \
-    #      --header "Authorization: Bearer ${TOKEN}" \
-    #      --form bundle=@${{ steps.create-artifact.outputs.artifact-name }} \
-    #      https://central.sonatype.com/api/v1/publisher/upload
+    - name: Stage artifacts
+      id: stage-release
+      working-directory: ${{ inputs.staging-folder }}
+      shell: bash
+      run: |
+        TOKEN=$(printf "${{ inputs.publish-user }}:${{ inputs.publish-password }}" | base64)
+
+        echo "curl --request POST --verbose --header 'Authorization: Bearer ${TOKEN}' --form bundle=@${{ steps.create-artifact.outputs.artifact-name }} ${{ inputs.sonatype-domain-name }}/api/v1/publisher/upload?publishingType=USER_MANAGED"
+        echo stage-release-id=$(curl --request POST --silent --header "Authorization: Bearer ${TOKEN}" --form bundle=@${{ steps.create-artifact.outputs.artifact-name }} ${{ inputs.sonatype-domain-name }}/api/v1/publisher/upload?publishingType=USER_MANAGED) >> $GITHUB_OUTPUT
+
+    - name: Check validation
+      working-directory: ${{ inputs.staging-folder }}
+      shell: bash
+      run: |
+        TOKEN=$(printf "${{ inputs.publish-user }}:${{ inputs.publish-password }}" | base64)
+
+        NUMBER_OF_CHECKS=${{ inputs.validation-max-number-checks }}
+
+        for ((i = 1; i <= NUMBER_OF_CHECKS; i++)); do
+          RESPONSE=$(curl --request POST --silent --header "Authorization: Bearer ${TOKEN}" '${{ inputs.sonatype-domain-name }}/api/v1/publisher/status?id=${{ steps.stage-release.outputs.stage-release-id }}' | jq -cr '.')
+          SONATYPE_RESPONSE=$(echo "${RESPONSE}" | jq -cr '.deploymentState')
+
+          if [[ ${SONATYPE_RESPONSE} == 'FAILED' ]]; then
+            ERRORS=$(echo "${RESPONSE}" | jq '.errors')
+            echo "Package validation failed. Check build package logs to determine potential reasons why the uploaded package is not valid."
+            echo "Errors: ${ERRORS}"
+
+            exit 1
+          elif [[ ${SONATYPE_RESPONSE} == 'VALIDATING' || ${SONATYPE_RESPONSE} == 'PENDING' ]]; then
+            echo "Package validation is not done. Status: ${SONATYPE_RESPONSE}"
+
+            # Exponential backoff
+            sleep_time=$((2 ** (i - 1)))
+            echo "Next retry in ${sleep_time} second ...."
+            sleep "$sleep_time"
+          elif [[ "${SONATYPE_RESPONSE}" == 'VALIDATED' ]]; then
+            echo "Package is validated. Run release confirmation."
+
+            exit 0
+          fi
+        done
+
+    - name: Maven Central release id
+      working-directory: ${{ inputs.staging-folder }}
+      shell: bash
+      run: |
+        echo "## Maven Central Release Stage ID for artifact: ${{ steps.get-build-name.outputs.build-name }}" >> $GITHUB_STEP_SUMMARY
+        echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
+        echo "${{ steps.stage-release.outputs.stage-release-id }}" >> $GITHUB_STEP_SUMMARY
+        echo "\`\`\`" >> $GITHUB_STEP_SUMMARY

.github/workflows/promote-prod.yaml

@@ -1,5 +1,4 @@
 name: Promote to Prod
-run-name: promote-to-prod
 
 permissions:
   # This is required for requesting the OIDC token

.github/workflows/promote.yaml

@@ -16,6 +16,11 @@ on:
         type: string
         description: Target build name
         default: clients-java-push-to-dev
+      source-branch:
+        type: string
+        required: false
+        default: origin/dev/dev-ci-fixes-stage
+        description: Source branch to merge from
     secrets:
       SONATYPE_MAVEN_USER:
         required: true
@@ -92,39 +97,24 @@ jobs:
 
           for BUILD_NAME in "${BUILD_NAMES[@]}"; do
             echo "Promoting '$BUILD_NAME'"
-            jf rt build-promote "$BUILD_NAME" ${{ inputs.build-number }} ${{ inputs.target-repository }}
+            jf rt build-promote --copy=true "$BUILD_NAME" ${{ inputs.build-number }} ${{ inputs.target-repository }}
           done
 
-      - name: Get build name with build number
-        id: get-build-name-number
-        run: |
-          echo "build-name-numbers=$(echo '${{ steps.get-build-info.outputs.build-info }}' | jq -c '[.buildInfo.modules[].id]')" >> $GITHUB_OUTPUT
-
-      - name: Get artifact version
-        id: get-artifact-version
-        working-directory: client # The version will be the same for all the modules in the project. Taking client since this is the module that is released.
-        run: |
-          echo "artifact-version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout | jq -Rc '[.]')" >> $GITHUB_OUTPUT
-
-      - name: Debug show 'build-name-numbers' and 'artifact-version'
+      - name: Generate release notes
+        id: get-release-notes
         run: |
-          echo "build-name-number: ${{ steps.get-build-name-number.outputs.build-name-number }}"
-          echo "artifact-version: ${{ steps.get-artifact-version.output.artifact-version }}"
-
-      #- name: Generate release notes
-      #  id: get-release-notes
-      #  run: |
-      #    RELEASE_NOTES=$(git log $(git describe --tags --abbrev=0)..HEAD --pretty=format:"- %s")
-      #    echo "release_notes=$RELEASE_NOTES" >> $GITHUB_OUTPUT
+          RELEASE_NOTES=$(git log $(git describe --tags --abbrev=0)..HEAD --pretty=format:"- %s")
+          echo "release_notes<<EOF" >> $GITHUB_OUTPUT
+          echo "${RELEASE_NOTES}" >> $GITHUB_OUTPUT
+          echo "EOF" >> $GITHUB_OUTPUT
 
       - name: Debug print release notes
         run: |
-          echo "Changes for release ${{ steps.get-artifact-version.output.artifact-version }}"
-          echo "${{ steps.get_commits.outputs.release_notes }}"
+          echo "Changes for release ${{ steps.get-artifact-version.outputs.artifact-version }}"
 
       - name: Fast forward
         shell: bash
-        run: git merge --ff-only ${{ inputs.ref-to-merge }}
+        run: git merge --ff-only ${{ inputs.source-branch }}
 
       - name: Add tagging message
         uses: stefanzweifel/git-auto-commit-action@v4
@@ -138,7 +128,29 @@ jobs:
         shell: bash
         run: git push
 
-      #- name: Create Release
+      - name: Get build name with build number
+        id: get-build-name-number
+        run: |
+          echo "build-name-numbers=$(echo '${{ steps.get-build-info.outputs.build-info }}' | jq -c '[.buildInfo.modules[].id]')" >> $GITHUB_OUTPUT
+
+      - name: Get artifact version
+        id: get-artifact-version
+        working-directory: client # The version will be the same for all the modules in the project. Taking client since this is the module that is released.
+        run: |
+          echo "artifact-version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout | jq -Rc '[.]')" >> $GITHUB_OUTPUT
+
+      - name: Debug show 'build-name-numbers' and 'artifact-version'
+        run: |
+          echo "build-name-number: ${{ steps.get-build-name-number.outputs.build-name-number }}"
+          echo "artifact-version: ${{ steps.get-artifact-version.outputs.artifact-version }}"
+
+      - name: Release debug
+        run: |
+          GIT_NOTES='${{ steps.get-release-notes.outputs.release_notes }}'
+          RELEASE_VERSION='${{steps.get-artifact-version.outputs.artifact-version }}'
+          echo "${RELEASE_VERSION}"
+          echo "${GIT_NOTES}"
+
       #  id: create_release
       #  uses: actions/create-release@v1
       #  env:
@@ -147,7 +159,7 @@ jobs:
       #    tag_name: Release ${{ steps.get-artifact-version.output.artifact-version }}
       #    body: |
       #      Changes for release ${{ steps.get-artifact-version.output.artifact-version }}
-      #      "${{ steps.get_commits.outputs.release_notes }}"
+      #      "${{ steps.get-release-notes.output.release_notes }}"
       #    draft: false
       #    prerelease: false
 
@@ -173,5 +185,7 @@ jobs:
           target-repository: ${{ inputs.target-repository }}
           build-name-number: ${{ matrix.build-name-number }}
           artifact-version: ${{ matrix.artifact-version }}
-          publish-user: ${{ secrets.SONATYPE_USER }}
-          publish-password: ${{ secrets.SONATYPE_PASSWORD }}
+          publish-user: ${{ secrets.SONATYPE_MAVEN_USER }}
+          publish-password: ${{ secrets.SONATYPE_MAVEN_PASSWORD }}
+          validation-max-number-checks: ${{ vars.VALIDATION_MAX_NUMBER_CHECKS }}
+          sonatype-domain-name: ${{ vars.SONATYPE_DOMAIN_NAME }}

.github/workflows/publish-release.yaml

@@ -0,0 +1,17 @@
+name: Publish release
+
+on:
+  workflow_dispatch:
+    inputs:
+      maven_central-release-id:
+        type: string
+        required: true
+        description: Maven central staged release id
+
+jobs:
+  publish-release-to-maven-central:
+    name: Publish release to Maven Centraal
+    uses: ./.github/workflows/publish.yaml
+    with:
+      maven_central-release-id: ${{ inputs.maven_central-release-id }}
+    secrets: inherit

.github/workflows/publish.yaml

@@ -0,0 +1,22 @@
+on:
+  workflow_call:
+    inputs:
+      maven_central-release-id:
+        type: string
+        description: Build number used to build artifact to be promoted
+    secrets:
+      SONATYPE_MAVEN_USER:
+        required: true
+      SONATYPE_MAVEN_PASSWORD:
+        required: true
+
+jobs:
+  publish-release:
+    runs-on: ${{ vars.BUILD_CONTAINER_DISTRO_VERSION }}
+    steps:
+      - name: Validate staged build is valid and ready to be published
+        run: |
+          TOKEN=$(printf "${{ inputs.publish-user }}:${{ inputs.publish-password }}" | base64)
+
+          echo "Request: curl --request POST --silent --header "Authorization: Bearer ${TOKEN}" --form bundle=@${{ steps.create-artifact.outputs.artifact-name }} ${{ inputs.sonatype_domain_name }}api/v1/publisher/deployment/${{ inputs.maven_central-release-id }}"
+          echo stage-release-id=$(curl --request POST --silent --header "Authorization: Bearer ${TOKEN}" --form bundle=@${{ steps.create-artifact.outputs.artifact-name }} ${{ inputs.sonatype_domain_name }}api/v1/publisher/deployment/${{ inputs.maven_central-release-id }}) >> $GITHUB_OUTPUT

.github/workflows/release.yaml

@@ -37,6 +37,11 @@ jobs:
           fetch-depth: 0
           ref: ${{ inputs.ref }}
 
+      - name: Gpg debug step
+        shell: bash
+        run: |
+          gpg --version
+
       # Java plugin will setup gpg but we are not using maven to deploy do JFrog.
       # - jf mvn clean install on publish does not publish POM we would like to publish
       - name: Setup Java
@@ -61,7 +66,7 @@ jobs:
       - name: Set version
         shell: bash
         run: |
-          ./set_version ${{ steps.get-release-version.outputs.release-version }} ${{ inputs.crypto-type }}
+          ./set_version ${{ steps.get-release-version.outputs.release-version }}
 
       - name: Build all modules
         shell: bash

client/deploy-resources/bouncycastle_pom.xml

@@ -21,6 +21,26 @@
     <connection>scm:git:[email protected]:aerospike/aerospike-client-java.git</connection>
     <url>https://github.com/aerospike/aerospike-client-java</url>
   </scm>
+  <developers>
+    <developer>
+      <name>Brian Nichols</name>
+      <email>[email protected]</email>
+      <organization>Aerospike</organization>
+      <organizationUrl>https://aerospike.com/</organizationUrl>
+      <roles>
+        <role>developer</role>
+      </roles>
+    </developer>
+    <developer>
+      <name>Mirza Karacic</name>
+      <email>[email protected]</email>
+      <organization>Aerospike</organization>
+      <organizationUrl>https://aerospike.com/</organizationUrl>
+      <roles>
+        <role>developer</role>
+      </roles>
+    </developer>
+  </developers>
   <dependencies>
     <dependency>
       <groupId>org.bouncycastle</groupId>

client/deploy-resources/gnu_pom.xml

@@ -21,6 +21,26 @@
     <connection>scm:git:[email protected]:aerospike/aerospike-client-java.git</connection>
     <url>https://github.com/aerospike/aerospike-client-java</url>
   </scm>
+  <developers>
+    <developer>
+      <name>Brian Nichols</name>
+      <email>[email protected]</email>
+      <organization>Aerospike</organization>
+      <organizationUrl>https://aerospike.com/</organizationUrl>
+      <roles>
+        <role>developer</role>
+      </roles>
+    </developer>
+    <developer>
+      <name>Mirza Karacic</name>
+      <email>[email protected]</email>
+      <organization>Aerospike</organization>
+      <organizationUrl>https://aerospike.com/</organizationUrl>
+      <roles>
+        <role>developer</role>
+      </roles>
+    </developer>
+  </developers>
   <dependencies>
     <dependency>
       <groupId>org.gnu</groupId>

client/pom.xml

@@ -208,16 +208,16 @@
                 <phase>verify</phase>
                 <goals>
                   <goal>sign</goal>
-                  </goals>
-                </execution>
-              </executions>
+                </goals>
+              </execution>
+            </executions>
             <configuration>
               <gpgArguments>
                 <arg>--pinentry-mode</arg>
                 <arg>loopback</arg>
-                </gpgArguments>
-              </configuration>
-            </plugin>
+              </gpgArguments>
+            </configuration>
+          </plugin>
         </plugins>
       </build>
     </profile>