feat(cicd): #4006 migrate sonatype to maven central (#9803)

Co-authored-by: nKwiatkowski <nkwiatkowski@kestra.io>

.github/workflows/workflow-publish-maven.yml

@@ -15,8 +15,8 @@ on:
       SONATYPE_GPG_PASSWORD:
         description: "The Sonatype GPG password."
         required: true
-      SONATYPE_GPG_FILE:
-        description: "The Sonatype GPG file."
+      SONATYPE_GPG_FILE_ASCII:
+        description: "The Sonatype GPG file in ASCII format."
         required: true
 
 jobs:
@@ -39,18 +39,12 @@ jobs:
       - name: Publish - Release package to Maven Central
         shell: bash
         env:
-          ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.SONATYPE_USER }}
-          ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.SONATYPE_PASSWORD }}
-          SONATYPE_GPG_KEYID: ${{ secrets.SONATYPE_GPG_KEYID }}
-          SONATYPE_GPG_PASSWORD: ${{ secrets.SONATYPE_GPG_PASSWORD }}
-          SONATYPE_GPG_FILE: ${{ secrets.SONATYPE_GPG_FILE}}
-        run: |
-          mkdir -p ~/.gradle/
-          echo "signing.keyId=${SONATYPE_GPG_KEYID}" > ~/.gradle/gradle.properties
-          echo "signing.password=${SONATYPE_GPG_PASSWORD}" >> ~/.gradle/gradle.properties
-          echo "signing.secretKeyRingFile=${HOME}/.gradle/secring.gpg" >> ~/.gradle/gradle.properties
-          echo ${SONATYPE_GPG_FILE} | base64 -d > ~/.gradle/secring.gpg
-          ./gradlew publishToSonatype ${{ startsWith(github.ref, 'refs/tags/v')  && 'closeAndReleaseSonatypeStagingRepository' || '' }}
+          ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.SONATYPE_USER }}
+          ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.SONATYPE_PASSWORD }}
+          ORG_GRADLE_PROJECT_signingInMemoryKeyId: ${{ secrets.SONATYPE_GPG_KEYID }}
+          ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.SONATYPE_GPG_PASSWORD }}
+          ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.SONATYPE_GPG_FILE_ASCII}}
+        run: ./gradlew publishToMavenCentral
 
       # Gradle dependency
       - name: Java - Gradle dependency graph

.github/workflows/workflow-release.yml

@@ -69,7 +69,7 @@ jobs:
       SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
       SONATYPE_GPG_KEYID: ${{ secrets.SONATYPE_GPG_KEYID }}
       SONATYPE_GPG_PASSWORD: ${{ secrets.SONATYPE_GPG_PASSWORD }}
-      SONATYPE_GPG_FILE: ${{ secrets.SONATYPE_GPG_FILE }}
+      SONATYPE_GPG_FILE_ASCII: ${{ secrets.SONATYPE_GPG_FILE_ASCII }}
 
   Github:
     name: Github Release

build.gradle

@@ -31,12 +31,10 @@ plugins {
     id 'com.github.node-gradle.node' version '7.1.0'
 
     // release
-    id "io.github.gradle-nexus.publish-plugin" version "2.0.0"
     id 'net.researchgate.release' version '3.1.0'
     id "com.gorylenko.gradle-git-properties" version "2.5.0"
     id 'signing'
-    id 'ru.vyarus.pom' version '3.0.0' apply false
-    id 'ru.vyarus.github-info' version '2.0.0' apply false
+    id "com.vanniktech.maven.publish" version "0.33.0"
 
     // OWASP dependency check
     id "org.owasp.dependencycheck" version "12.1.3" apply false
@@ -414,6 +412,7 @@ distTar.dependsOn shadowJar
 startScripts.dependsOn shadowJar
 startShadowScripts.dependsOn jar
 shadowJar.dependsOn 'ui:assembleFrontend'
+shadowJar.dependsOn jar
 
 /**********************************************************************************************************************\
  * Executable Jar
@@ -484,24 +483,11 @@ tasks.register('runStandalone', JavaExec) {
 /**********************************************************************************************************************\
  * Publish
  **********************************************************************************************************************/
-nexusPublishing {
-    repositoryDescription = "${project.group}:${rootProject.name}:${project.version}"
-    useStaging = !project.version.endsWith("-SNAPSHOT")
-    repositories {
-        sonatype {
-            nexusUrl.set(uri("https://s01.oss.sonatype.org/service/local/"))
-            snapshotRepositoryUrl.set(uri("https://s01.oss.sonatype.org/content/repositories/snapshots/"))
-        }
-    }
-}
+subprojects {subProject ->
 
-subprojects {
-
-    if (it.name != 'jmh-benchmarks') {
-        apply plugin: "maven-publish"
+    if (subProject.name != 'jmh-benchmarks' && subProject.name != rootProject.name) {
         apply plugin: 'signing'
-        apply plugin: 'ru.vyarus.pom'
-        apply plugin: 'ru.vyarus.github-info'
+        apply plugin: "com.vanniktech.maven.publish"
 
         javadoc {
             options {
@@ -535,58 +521,64 @@ subprojects {
             }
         }
 
-        github {
-            user 'kestra-io'
-            license 'Apache'
-            repository 'kestra'
-            site 'https://kestra.io'
+        //These modules should not be published
+        def unpublishedModules = ["jdbc-mysql", "jdbc-postgres", "webserver"]
+        if (subProject.name in unpublishedModules){
+            return
         }
 
-        maven.pom {
-            description = 'The modern, scalable orchestrator & scheduler open source platform'
+        subProject.tasks.matching { it.name.startsWith("publish") }.configureEach {
+            dependsOn rootProject.tasks.named("executableJar")
+        }
+        mavenPublishing {
+            publishToMavenCentral(true)
+            signAllPublications()
 
-            developers {
-                developer {
-                    id = "tchiotludo"
-                    name = "Ludovic Dehon"
+            coordinates(
+                "${rootProject.group}",
+                subProject.name == "cli" ? rootProject.name : subProject.name,
+                "${rootProject.version}"
+            )
+
+            pom {
+                name        = project.name
+                description = "${project.group}:${project.name}:${rootProject.version}"
+                url         = "https://github.com/kestra-io/${rootProject.name}"
+
+                licenses {
+                    license {
+                        name = "The Apache License, Version 2.0"
+                        url  = "http://www.apache.org/licenses/LICENSE-2.0.txt"
+                    }
+                }
+                developers {
+                    developer {
+                        id    = "tchiotludo"
+                        name  = "Ludovic Dehon"
+                        email = "ldehon@kestra.io"
+                    }
+                }
+                scm {
+                    connection = 'scm:git:'
+                    url = "https://github.com/kestra-io/${rootProject.name}"
                 }
             }
         }
 
-        publishing {
-            publications {
-                sonatypePublication(MavenPublication) {
-                    version project.version
+        afterEvaluate {
+            publishing {
+                publications {
+                    withType(MavenPublication).configureEach { publication ->
 
-                    if (project.name.contains('cli')) {
-                        groupId "io.kestra"
-                        artifactId "kestra"
-
-                        artifact shadowJar
-                        artifact executableJar
-                    } else if (project.name.contains('platform')){
-                        groupId project.group
-                        artifactId project.name
-                    } else {
-                        from components.java
-
-                        groupId project.group
-                        artifactId project.name
-
-                        artifact sourcesJar
-                        artifact javadocJar
-                        artifact testsJar
+                        if (subProject.name == "platform") {
+                            // Clear all artifacts except the BOM
+                            publication.artifacts.clear()
+                        }
                     }
                 }
             }
         }
 
-        signing {
-            // only sign JARs that we publish to Sonatype
-            required { gradle.taskGraph.hasTask("publishSonatypePublicationPublicationToSonatypeRepository") }
-            sign publishing.publications.sonatypePublication
-        }
-
         tasks.withType(GenerateModuleMetadata).configureEach {
             // Suppression this validation error as we want to enforce the Kestra platform
             suppressedValidationErrors.add('enforced-platform')
@@ -594,7 +586,6 @@ subprojects {
     }
 }
 
-
 /**********************************************************************************************************************\
  * Version
  **********************************************************************************************************************/

cli/build.gradle

@@ -38,3 +38,30 @@ dependencies {
     //test
     testImplementation "org.wiremock:wiremock-jetty12"
 }
+
+//Need to be disable to allow publishing an artifact with different name than project.name (here rootProject.name)
+tasks.withType(GenerateModuleMetadata).configureEach {
+    enabled = false
+}
+
+afterEvaluate {
+    components.remove(components.findByName("java"))
+    publishing {
+        publications {
+            withType(MavenPublication).configureEach { publication ->
+                publication.artifacts.clear()
+
+                // Use the shadow jar
+                publication.artifact(rootProject.tasks.named("shadowJar").get()) {
+                    extension = "jar"
+                }
+
+                // Add the executable zip
+                publication.artifact(rootProject.tasks.named("executableJar").get().archiveFile) {
+                    classifier = "exec"
+                    extension = "zip"
+                }
+            }
+        }
+    }
+}

jdbc-mysql/build.gradle

@@ -1,5 +1,3 @@
- publishSonatypePublicationPublicationToSonatypeRepository.enabled = false
-
  configurations {
      compileClasspath.extendsFrom(micronaut)
  }

jdbc-postgres/build.gradle

@@ -1,5 +1,3 @@
-publishSonatypePublicationPublicationToSonatypeRepository.enabled = false
-
 configurations {
     implementation.extendsFrom(micronaut)
 }

platform/build.gradle

@@ -1,6 +1,5 @@
 plugins {
     id 'java-platform'
-    id 'maven-publish'
 }
 
 group = 'io.kestra'
@@ -143,14 +142,4 @@ dependencies {
         api "io.kestra:runner-memory:$version"
         api "io.kestra:storage-local:$version"
     }
-}
-
-publishing {
-    publications {
-        sonatypePublication(MavenPublication) {
-            groupId project.group
-            artifactId project.name
-            from components.javaPlatform
-        }
-    }
 }

webserver/build.gradle

@@ -1,5 +1,3 @@
-publishSonatypePublicationPublicationToSonatypeRepository.enabled = false
-
 if (rootProject.name == "kestra") {
     processResources {
         dependsOn(':ui:assembleFrontend')