almost automatic release to Maven Central #1016
Conversation
oetr
force-pushed
the
CIF-1762-automatic-release
branch
from
01b1f92 to
c726dce
Compare
oetr
force-pushed
the
CIF-1762-automatic-release
branch
from
c726dce to
d9e3b05
Compare
oetr
force-pushed
the
CIF-1762-automatic-release
branch
from
d9e3b05 to
dc8f4c7
Compare
There was a problem hiding this comment.
Pull Request Overview
This PR automates the release process to Maven Central by replacing manual deployment with an automated API-based upload using a bearer token.
Key Changes:
- Removed manual Maven credentials (username/password) in favor of automated token-based authentication
- Added automatic deployment to Maven Central via Sonatype API with bearer token
- Streamlined release process by removing the draft release step and manual upload requirement
Reviewed Changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| deploy/deploy.sh | Removed MAVEN_USER and MAVEN_PASSWORD environment variable checks and parameters from bazel commands, as deployment now uses bearer token authentication |
| CONTRIBUTING.md | Updated release documentation to reflect automated workflow and provided fallback manual deployment instructions |
| .github/workflows/prerelease.yaml | Renamed job to maven_deploy, added automated deployment step using Sonatype API with bearer token, changed bundle artifact to tar.gz format, and removed draft flag from release creation |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
oetr
force-pushed
the
CIF-1762-automatic-release
branch
from
cc1ca50 to
2d78a82
Compare
| uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2.4.1 | ||
| with: | ||
| generate_release_notes: true | ||
| draft: true |
There was a problem hiding this comment.
IMO it could still be useful to have a manual process to publish from a draft github release so that we can take a look and clean up the release notes.
There was a problem hiding this comment.
We don't do this for cifuzz, why is Jazzer different?
But combined with the point below it makes sense to delay the release on GH until the dev has verified that it's actually published. I'll revert this!
| --fail-with-body \ | ||
| --header "Authorization: Bearer ${{ secrets.SONATYPE_BEARER_TOKEN }}" \ | ||
| --form bundle=@_tmp/jazzer-maven-central-bundle.tar.gz \ | ||
| "https://central.sonatype.com/api/v1/publisher/upload?name=Jazzer%20${TAG#v}&publishingType=AUTOMATIC" |
There was a problem hiding this comment.
Do you know how error during publishing would show up?
We could wait for successful publishing by polling the status API https://central.sonatype.org/publish/publish-portal-api/#verify-status-of-the-deployment. Or just make it a manual step to verify that the release was published.
There was a problem hiding this comment.
Ah, yes, I though about it, but deemed not worth the effort!
Maybe the dev should just check the status and then release the GH draft after the publishing was successful?
oetr
force-pushed
the
CIF-1762-automatic-release
branch
from
2d78a82 to
1d95666
Compare
oetr
changed the title
oetr
changed the title
Just push the tag to release.