[improve][build] Add ASF Nexus publishing repositories to publish conventions#26004
Open
lhotari wants to merge 2 commits into
Open
[improve][build] Add ASF Nexus publishing repositories to publish conventions#26004lhotari wants to merge 2 commits into
lhotari wants to merge 2 commits into
Conversation
…ventions - Add apacheReleases and apacheSnapshots Maven repositories (named after the ASF parent POM repositories), publishable with publishAllPublicationsToApacheReleasesRepository / publishAllPublicationsToApacheSnapshotsRepository - Resolve credentials at execution time from the apacheReleasesUsername / apacheReleasesPassword (and apacheSnapshots*) Gradle properties via credentials(PasswordCredentials::class), keeping the publish tasks configuration-cache compatible; pass them as ORG_GRADLE_PROJECT_- prefixed environment variables on the publish command line - Allow overriding the repository URLs with the apacheReleasesRepoUrl / apacheSnapshotsRepoUrl Gradle properties (e.g. a file:// URL for testing the publication layout; credentials are skipped for the file transport, which rejects them) - Validate the version against the target repository before any upload: only -SNAPSHOT versions may go to apacheSnapshots and only release versions to apacheReleases - Enable signing with -PuseGpgCmd=true alone: the gpg command uses its default key unless -Psigning.gnupg.keyName=<key id> selects one Assisted-by: Claude Fable 5 (Claude Code)
…ventions Read project.description in afterEvaluate so that a description assigned in a module's build script body is picked up (the plugin previously read it at apply time, before the script body runs), and capture it as a plain string so the pom configuration stays configuration-cache compatible. Assisted-by: Claude Fable 5 (Claude Code)
merlimat
approved these changes
Jun 12, 2026
dao-jun
approved these changes
Jun 12, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
The Gradle build (PIP-463) doesn't yet define the remote repositories for publishing artifacts to the ASF Nexus repository at https://repository.apache.org. The Maven build got these from the ASF parent POM's
distributionManagement(apache.releases.https/apache.snapshots.https). To perform a Gradle-based release, the publish conventions need the staging and snapshot repository definitions, with credential handling that keeps the password out of~/.gradle/gradle.propertiesand keeps the publish tasks compatible with the configuration cache.Modifications
apacheReleasesandapacheSnapshotsMaven repositories topulsar.publish-conventions.gradle.kts, named after the ASF parent POM repositories. Releases are published with./gradlew publishAllPublicationsToApacheReleasesRepository --no-parallel ...and snapshots with./gradlew publishAllPublicationsToApacheSnapshotsRepository.credentials(PasswordCredentials::class)from theapacheReleasesUsername/apacheReleasesPassword(andapacheSnapshots*) Gradle properties, passed asORG_GRADLE_PROJECT_-prefixed environment variables on the publish command line. This is the form that keepsPublishToMavenRepositorytasks configuration-cache compatible; explicitly assigned credentials would disable the configuration cache for those tasks.apacheReleasesRepoUrl/apacheSnapshotsRepoUrlGradle properties, e.g. afile://URL for testing the publication layout (credentials are skipped for the file transport, which rejects them).-SNAPSHOTversions may be published toapacheSnapshotsand only release versions toapacheReleases, failing with an error message that names the correct task.-PuseGpgCmd=truealone: the gpg command uses its default key unless-Psigning.gnupg.keyName=<key id>selects one. Previously the signing tasks were silently disabled unless a key property was set.The release process documentation in
apache/pulsar-site(contribute/release-process.md) is updated separately to use the new publish task and credential properties.Verifying this change
This change was verified manually:
-SNAPSHOTversion to afile://URL override ofapacheSnapshots(and a release version toapacheReleases) produces the expected repository layout, including.ascsignatures that passgpg --verifywhen signing is enabled with-PuseGpgCmd=true.apacheSnapshotsor a-SNAPSHOTversion toapacheReleasesfails with the validation error before any upload.apacheReleasesUsername/apacheReleasesPasswordproperties../gradlew help,ratand the publish tasks run cleanly with--configuration-cache(entries stored and reused), andspotlessCheck checkstyleMain checkstyleTestpass.Does this pull request potentially affect one of the following parts:
If the box was checked, please highlight the changes