This is an automated email from the ASF dual-hosted git repository.
uranusjr pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new 2e16d6542ef Fix cred configs in publish workflow (#68073)
2e16d6542ef is described below
commit 2e16d6542ef2609008523c9e260d719daae05b13
Author: Tzu-ping Chung <[email protected]>
AuthorDate: Mon Jun 8 14:22:43 2026 +0800
Fix cred configs in publish workflow (#68073)
---
java-sdk/README.md | 55 ++++++++++++++-----------------------------
java-sdk/sdk/build.gradle.kts | 36 +++++++++++++++-------------
2 files changed, 38 insertions(+), 53 deletions(-)
diff --git a/java-sdk/README.md b/java-sdk/README.md
index e44f40dbefc..f9600116208 100644
--- a/java-sdk/README.md
+++ b/java-sdk/README.md
@@ -119,59 +119,40 @@ cat
~/.m2/repository/org/apache/airflow/airflow-sdk/*/airflow-sdk-*.pom
Check that the coordinates, description, license, SCM, and organization fields
look correct.
-### Export your signing key
+### Dry-run against a local repository
-The build expects an ASCII-armored PGP private key. Export it with:
+To test the full publish flow without touching ASF infrastructure, override the
+repository URL to a local directory (no signing key required since nothing goes
+to Maven Central):
```bash
-gpg --armor --export-secret-keys <your-key-id>
+./gradlew :sdk:publish -PmavenUrl=file:///tmp/local-maven-repo -PskipSigning
+ls /tmp/local-maven-repo/org/apache/airflow/airflow-sdk/
```
-Copy the full output (including the header and footer) for use in the next
step.
-
### Publish to ASF Nexus staging
-Store the four credentials in `~/.gradle/gradle.properties` so they are not
-exposed in your shell history:
+Store the credentials in `~/.gradle/gradle.properties` so they are not exposed
+in your shell history:
```properties
-mavenUsername=<your-asf-id>
-mavenPassword=<your-asf-nexus-token>
-signing.key=<ascii-armored-pgp-key>
-signing.password=<key-passphrase>
-```
-
-Then run the publish task:
-
-```bash
-./gradlew :sdk:publish
+mavenUsername=your-asf-nexus-token-username
+mavenPassword=your-asf-nexus-token-password
+signing.password=your-gpg-key-passphrase
```
-Alternatively, pass them on the command line (note the single quotes around
-properties whose values contain newlines or special characters):
+Then run the publish task.
```bash
-./gradlew :sdk:publish \
- -PmavenUsername=<your-asf-id> \
- -PmavenPassword=<your-asf-nexus-token> \
- -P'signing.key=<ascii-armored-pgp-key>' \
- -P'signing.password=<key-passphrase>'
+./gradlew :sdk:publish -P"signing.key=$(gpg --armor --export-secret-keys
your-gpg-key-fingerprint)"
```
-### Release
+*NOTE:* The signing key is supplied through the command line since it contains
+newlines, which does not work well in a Gradle properties file.
-The process from now on should be the same as releasing other Airflow
components.
-
-### Dry-run against a local repository
-
-To test the full publish flow without touching ASF infrastructure, override the
-repository URL to a local directory (no signing key required since nothing goes
-to Maven Central):
-
-```bash
-./gradlew :sdk:publish -PmavenUrl=file:///tmp/local-maven-repo
-ls /tmp/local-maven-repo/org/apache/airflow/airflow-sdk/
-```
+*NOTE:* You can also use the following environment variables to provide the
+credentials instead: `ASF_NEXUS_USERNAME`, `ASF_NEXUS_PASSWORD`, `SIGNING_KEY`,
+and `SIGNING_PASSWORD`. This is especially useful on e.g. CI.
## Technical Details
diff --git a/java-sdk/sdk/build.gradle.kts b/java-sdk/sdk/build.gradle.kts
index ceea519fba6..c2ff3efd8ea 100644
--- a/java-sdk/sdk/build.gradle.kts
+++ b/java-sdk/sdk/build.gradle.kts
@@ -303,19 +303,22 @@ publishing {
repositories {
maven {
name = "mavenRepo"
- url =
- uri(
- getProperty("mavenUrl")
- ?: if (sdkVersion.endsWith("-SNAPSHOT")) {
-
"https://repository.apache.org/content/repositories/snapshots/";
- } else {
-
"https://repository.apache.org/service/local/staging/deploy/maven2/";
- },
- )
- getProperty("mavenUsername", "ASF_NEXUS_USERNAME").let { user ->
- credentials {
- username = user
- password = getProperty("mavenPassword",
"ASF_NEXUS_PASSWORD")
+ val repoPath =
+ getProperty("mavenUrl")
+ ?: if (sdkVersion.endsWith("-SNAPSHOT")) {
+
"https://repository.apache.org/content/repositories/snapshots/";
+ } else {
+
"https://repository.apache.org/service/local/staging/deploy/maven2/";
+ }
+ url = uri(repoPath)
+ if (!repoPath.startsWith("file:")) {
+ val user = getProperty("mavenUsername", "ASF_NEXUS_USERNAME")
+ val pass = getProperty("mavenPassword", "ASF_NEXUS_PASSWORD")
+ if (user != null && pass != null) {
+ credentials {
+ username = user
+ password = pass
+ }
}
}
}
@@ -323,9 +326,10 @@ publishing {
}
signing {
- getProperty("signing.key", "SIGNING_KEY").let { secretKey ->
- val password = getProperty("signing.password", "SIGNING_PASSWORD")
- useInMemoryPgpKeys(secretKey, password)
+ if (providers.gradleProperty("skipSigning").map { it.toBoolean() }.orNull
?: false) {
+ val signingKey = getProperty("signing.key", "SIGNING_KEY")
+ val signingPassword = getProperty("signing.password",
"SIGNING_PASSWORD")
+ useInMemoryPgpKeys(signingKey, signingPassword)
sign(publishing.publications["mavenJava"])
}
}
