Well, I disagree: The App UI you are staging to will show you: - who staged, - what is staged - in case or error (ie. signature mismatch or checksum mismatch) where are the problems - etc
Is not prone to errors, as you do not modify content at all by doing that (Maven did deliver it already), reproducibility really depends only on your build, not this 3rd party service (they blindly accepts bytes and just checks some rules "ok"/"not ok"), as for security you already provided credentials while staging. Given the "stability" history of oss or s01, I have to say that it is even _desirable_ to be able to use UI for these steps, as otherwise you are just "burning" versions (failed releases) for reasons totally unrelated to Maven, but for some 3rd party service that provides you "way" to get something to Central. Unless... we talk about some private Nx instance? Or Sonatype oss one? As in that case scripting would work for it. After all, this is proprietary software (they call it "oss" but is more like "free"), with its own proprietary REST API... T On Sun, Jul 30, 2023 at 11:37 PM Garret Wilson <gar...@globalmentor.com> wrote: > On 7/30/2023 6:32 PM, Tamás Cservenák wrote: > > There is no need for another plugin... well, let me explain: > > all the "vanilla" plugins of Maven (install, deploy, release) support > > everything that aforementioned plugin does: install at end, deploy at > end, > > stage/deploy, there is ONLY two things they cannot do: "close" and > > "release" (the staging repo). > > > > For those two things, you'd need to use the browser, navigate to oss or > s01 > > server, log in, and using Nexus UI close or release your staging > repository. > > > > If this is acceptable to you, you should just drop the use of that > plugin. > > Requiring me to use my browser and log into a site and muck around with > a mouse just to release software is not acceptable. > > That might have been acceptable in 2003. > > We just don't do things like that nowadays. It's not just for > convenience. It's bad practice, prone to errors, hard to reproduce, > introduces security issues, unwieldy to maintain, and a general > infrastructure-as-code anti-pattern for 100 reasons, which you can > probably recite as well as I can. > > Garret > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@maven.apache.org > For additional commands, e-mail: users-h...@maven.apache.org > >
