uranusjr commented on code in PR #68073: URL: https://github.com/apache/airflow/pull/68073#discussion_r3366602641
########## java-sdk/README.md: ########## @@ -119,58 +119,32 @@ cat ~/.m2/repository/org/apache/airflow/airflow-sdk/*/airflow-sdk-*.pom Check that the coordinates, description, license, SCM, and organization fields look correct. -### Export your signing key +### Dry-run against a local repository -The build expects an ASCII-armored PGP private key. Export it with: +To test the full publish flow without touching ASF infrastructure, override the +repository URL to a local directory (no signing key required since nothing goes +to Maven Central): ```bash -gpg --armor --export-secret-keys <your-key-id> +./gradlew :sdk:publish -PmavenUrl=file:///tmp/local-maven-repo +ls /tmp/local-maven-repo/org/apache/airflow/airflow-sdk/ ``` -Copy the full output (including the header and footer) for use in the next step. - ### Publish to ASF Nexus staging Store the four credentials in `~/.gradle/gradle.properties` so they are not exposed in your shell history: ```properties -mavenUsername=<your-asf-id> -mavenPassword=<your-asf-nexus-token> -signing.key=<ascii-armored-pgp-key> -signing.password=<key-passphrase> -``` - -Then run the publish task: - -```bash -./gradlew :sdk:publish -``` - -Alternatively, pass them on the command line (note the single quotes around -properties whose values contain newlines or special characters): - -```bash -./gradlew :sdk:publish \ - -PmavenUsername=<your-asf-id> \ - -PmavenPassword=<your-asf-nexus-token> \ - -P'signing.key=<ascii-armored-pgp-key>' \ - -P'signing.password=<key-passphrase>' +mavenUsername=your-asf-nexux-token-username +mavenPassword=your-asf-nexus-token-password +signing.password=your-gpg-key-passphrase ``` -### Release - -The process from now on should be the same as releasing other Airflow components. - -### Dry-run against a local repository - -To test the full publish flow without touching ASF infrastructure, override the -repository URL to a local directory (no signing key required since nothing goes -to Maven Central): +Then run the publish task. ```bash -./gradlew :sdk:publish -PmavenUrl=file:///tmp/local-maven-repo -ls /tmp/local-maven-repo/org/apache/airflow/airflow-sdk/ +./gradlew :sdk:publish -P"signing.key=$(gpg --armor --export-secret-keys your-gpg-key-fingerprint)" Review Comment: I don’t think this is true? The shell history for this would only show the subcommand (and the fingerprint is public in the first place), not the secret key itself. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
