lhotari opened a new pull request, #26004: URL: https://github.com/apache/pulsar/pull/26004
### Motivation The Gradle build ([PIP-463](https://github.com/apache/pulsar/blob/master/pip/pip-463.md)) doesn't yet define the remote repositories for publishing artifacts to the ASF Nexus repository at https://repository.apache.org. The Maven build got these from the ASF parent POM's `distributionManagement` (`apache.releases.https` / `apache.snapshots.https`). To perform a Gradle-based release, the publish conventions need the staging and snapshot repository definitions, with credential handling that keeps the password out of `~/.gradle/gradle.properties` and keeps the publish tasks compatible with the configuration cache. ### Modifications - Add `apacheReleases` and `apacheSnapshots` Maven repositories to `pulsar.publish-conventions.gradle.kts`, named after the ASF parent POM repositories. Releases are published with `./gradlew publishAllPublicationsToApacheReleasesRepository --no-parallel ...` and snapshots with `./gradlew publishAllPublicationsToApacheSnapshotsRepository`. - Resolve credentials at execution time with `credentials(PasswordCredentials::class)` from the `apacheReleasesUsername` / `apacheReleasesPassword` (and `apacheSnapshots*`) Gradle properties, passed as `ORG_GRADLE_PROJECT_`-prefixed environment variables on the publish command line. This is the form that keeps `PublishToMavenRepository` tasks configuration-cache compatible; explicitly assigned credentials would disable the configuration cache for those tasks. - Allow overriding the repository URLs with the `apacheReleasesRepoUrl` / `apacheSnapshotsRepoUrl` Gradle properties, e.g. a `file://` URL for testing the publication layout (credentials are skipped for the file transport, which rejects them). - Validate the version against the target repository before any upload: only `-SNAPSHOT` versions may be published to `apacheSnapshots` and only release versions to `apacheReleases`, failing with an error message that names the correct task. - Enable signing with `-PuseGpgCmd=true` alone: the gpg command uses its default key unless `-Psigning.gnupg.keyName=<key id>` selects one. Previously the signing tasks were silently disabled unless a key property was set. The release process documentation in `apache/pulsar-site` (`contribute/release-process.md`) is updated separately to use the new publish task and credential properties. ### Verifying this change - [x] Make sure that the change passes the CI checks. This change was verified manually: - Publishing a `-SNAPSHOT` version to a `file://` URL override of `apacheSnapshots` (and a release version to `apacheReleases`) produces the expected repository layout, including `.asc` signatures that pass `gpg --verify` when signing is enabled with `-PuseGpgCmd=true`. - Publishing a release version to `apacheSnapshots` or a `-SNAPSHOT` version to `apacheReleases` fails with the validation error before any upload. - Publishing without credentials fails with Gradle's built-in error naming the missing `apacheReleasesUsername` / `apacheReleasesPassword` properties. - `./gradlew help`, `rat` and the publish tasks run cleanly with `--configuration-cache` (entries stored and reused), and `spotlessCheck checkstyleMain checkstyleTest` pass. ### Does this pull request potentially affect one of the following parts: *If the box was checked, please highlight the changes* - [ ] Dependencies (add or upgrade a dependency) - [ ] The public API - [ ] The schema - [ ] The default values of configurations - [ ] The threading model - [ ] The binary protocol - [ ] The REST endpoints - [ ] The admin CLI options - [ ] The metrics - [ ] Anything that affects deployment -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
