Add publish snapshot script #41
Conversation
Signed-off-by: Marc Handalian <[email protected]>
scripts/publish-snapshot.sh
Outdated
| ###### Information ############################################################################ | ||
| # Name: publish-snapshot.sh | ||
| # Language: Shell | ||
| # | ||
| # About: Deploy opensearch artifacts to a sonatype snapshot repository. | ||
| # The given directory is intended to be the root directory of a maven repository containing ./org/opensearch artifacts. | ||
| # This script will search POM files under ./org/opensearch. | ||
| # If found, pom, jar, and signature files will be deployed to the org/opensearch namespace. | ||
| # | ||
| # Prerequisites: The given directory must be the parent directory of org/opensearch artifacts. | ||
| # Environment variables must be set: | ||
| # SONATYPE_ID/SONATYPE_PASSWORD - repository credentials | ||
| # SNAPSHOT_HOST - repository host | ||
| # | ||
| # | ||
| # Usage: ./publish-snapshot.sh <directory> | ||
| # | ||
| ############################################################################################### |
There was a problem hiding this comment.
Do we need to add the license header?
scripts/publish-snapshot.sh
Outdated
| [ -z "${1:-}" ] && { | ||
| echo "Usage: ($basename $0) dir" | ||
| exit 1 | ||
| } | ||
|
|
||
| [ -z "${SONATYPE_ID}" ] && { | ||
| echo "SONATYPE_ID is required" | ||
| exit 1 | ||
| } | ||
|
|
||
| [ -z "${SONATYPE_PASSWORD}" ] && { | ||
| echo "SONATYPE_PASSWORD is required" | ||
| exit 1 | ||
| } | ||
|
|
||
| [ -z "${SNAPSHOT_HOST}" ] && { | ||
| echo "SNAPSHOT_HOST is required" | ||
| exit 1 | ||
| } |
There was a problem hiding this comment.
I recommend adding a usage function that prints out all the usage information, including the meanings of positional parameters, required environment variables, etc. Implementing a -h or --help flag is often useful, too.
scripts/publish-snapshot.sh
Outdated
| gpg --verify-files "${pomsig}" "${jarsig}" | ||
|
|
||
| if [ $? -ne 0 ]; then | ||
| echo "Invalid signature on artifacts, skipping ${pom}" |
There was a problem hiding this comment.
You need a continue here.
Actually, it might be better to fail the whole script if any signature checks fail...otherwise it's hard to automatically verify that everything got uploaded correctly. I think I want a zero exit code to mean "everything was uploaded", not "everything that wasn't invalidated was uploaded".
There was a problem hiding this comment.
Ok. Will update this to validate the signature on all artifacts before any are pushed so that we don't end up with partial uploads.
There was a problem hiding this comment.
If that is the case let's make sure we are executing this script one project at a time (that may have n artifacts to push) vs one execution to push multiple projects under org/opensearch.
Meaning CI execute this separately for each repo built.
There was a problem hiding this comment.
Can we add that in About section of the script? This can be easily missed
Signed-off-by: Marc Handalian <[email protected]>
Signed-off-by: Marc Handalian <[email protected]>
Signed-off-by: Marc Handalian <[email protected]>
Signed-off-by: Marc Handalian <[email protected]>
Signed-off-by: Marc Handalian <[email protected]>
Signed-off-by: Marc Handalian <[email protected]>
Signed-off-by: Marc Handalian <[email protected]>
Signed-off-by: Marc Handalian [email protected]
Description
Add a simple publish script to push pre-built/signed artifacts to a sonatype nexus repository.
This is intended do be used with https://aws.oss.sonatype.org/content/repositories/snapshots.
The script takes in a directory that should contain org/opensearch projects to publish. It intentionally searches only for poms in this namespace and pushes only to a snapshot repository.
Tested with a local instance of nexus running at localhost:8081 and prebuilt/signed dummy artifacts.
note - this uses curl instead of the maven-deploy plugin to deploy. The maven-deploy plugin auto generates a timestamp for each artifact, but it does not deploy signature files. So that signatures match the artifact/pom names, any timestamp/build id should be appended during packaging.
Issues Resolved
Partial - #20
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.