From d9f4cf133cc39f56fc4a7300b17a47a551ffa5f2 Mon Sep 17 00:00:00 2001 From: Benjamin Lee Date: Mon, 1 Aug 2022 15:27:54 -0700 Subject: [PATCH 1/3] Updating instructions for publishing to maven. Making clearer the substeps, reorganizing steps, and fixed some incorrect parts. --- docs/dev_guide/publish_to_maven.md | 60 ++++++++++++++++++++---------- 1 file changed, 41 insertions(+), 19 deletions(-) diff --git a/docs/dev_guide/publish_to_maven.md b/docs/dev_guide/publish_to_maven.md index 2987ff1f6..94381c042 100644 --- a/docs/dev_guide/publish_to_maven.md +++ b/docs/dev_guide/publish_to_maven.md @@ -6,9 +6,10 @@ parent: Developer Guides # Developer Guide for publishing to maven ## Manual Publishing +--- -1. Get account details to login to https://oss.sonatype.org/ -2. Install GPG, setup keys, and export to a key server +1. Set up GPG for signing artifacts. + * Generate the key, use the name and email you would like to use to identify who uploaded the artifacts. An example email address would be your github email, and name could be `Feathr Developer`, `Feathr Contributor`, your real name, etc. ``` $ gpg --gen-key ... @@ -16,55 +17,74 @@ Real name: Central Repo Test Email address: central@example.com You selected this USER-ID: "Central Repo Test " - Change (N)ame, (E)mail, or (O)kay/(Q)uit? O -... +``` + * Verify your gpg metadata +``` $ gpg --list-keys /home/mylocaluser/.gnupg/pubring.kbx ---------------------------------- +... pub rsa3072 2021-06-23 [SC] [expires: 2023-06-23] CA925CD6C9E8D064FF05B4728190C4130ABA0F98 uid [ultimate] Central Repo Test sub rsa3072 2021-06-23 [E] [expires: 2023-06-23] -$ gpg --keyserver keyserver.ubuntu.com --recv-keys CA925CD6C9E8D064FF05B4728190C4130ABA0F98 ``` - -if failing to programmatically export to key server, you can export it manually and upload to http://keyserver.ubuntu.com/ via `submit key` - -run the following command to generated the ASCII-armored public key needed by the key server + * Upload gpg keys to a key server + * [Recommended] Upload manually + * Run the following command to generated the ASCII-armored public key needed by the key server ``` gpg --armor --export user-id > pubkey.asc ``` -https://www.linuxbabe.com/security/a-practical-guide-to-gpg-part-1-generate-your-keypair + * upload to http://keyserver.ubuntu.com/ via `submit key` + + * Upload via command line. Currently this hasn't succeeded, if succeeded, please alter the steps here with your fix. +``` +$ gpg --keyserver keyserver.ubuntu.com --recv-keys CA925CD6C9E8D064FF05B4728190C4130ABA0F98 +``` +--- -3. Setup your credentials locally at `$HOME/.sbt/0.13/sonatype.sbt` +2. Set up `Sonatype` credentials + * Get account details to login to https://oss.sonatype.org/. Reachout to feathr team, such as @jaymo001 or @hangfei + * Setup the credentials locally + * Create sonatype configuration file +``` +vim $HOME/.sbt/1.0/sonatype.sbt +``` + * Paste the following with the sonatype credentials ``` credentials += Credentials("Sonatype Nexus Repository Manager", "oss.sonatype.org", "(Sonatype user name)", "(Sonatype password)") ``` -(ref, https://github.com/xerial/sbt-sonatype) +--- -4. Publish to maven via sbt -In your feathr directory, clear your cache to prevent stale errors +3. Publish to sonatype/maven via sbt + * In your feathr directory, clear your cache to prevent stale errors ``` rm -rf target/sonatype-staging/ ``` -Start sbt console by running + * Start sbt console by running +``` +sbt +``` + * if experiencing java issues try setting the java version like so: ``` sbt -java-home /Library/Java/JavaVirtualMachines/jdk1.8.0_282-msft.jdk/Contents/Home ``` -Execute command in sbt console to publish to maven + * Execute command in sbt console to publish to maven ``` reload ; publishSigned; sonatypeBundleRelease ``` +--- -5. "Upon release, your component will be published to Central: this typically occurs within 30 minutes, though updates to search can take up to four hours." +4. "Upon release, your component will be published to Central: this typically occurs within 30 minutes, though updates to search can take up to four hours." https://central.sonatype.org/publish/publish-guide/#releasing-to-central -6. After new version is released via Maven, use the released version to run a test to ensure it actually works. You can do this by running a codebase that imports Feathr scala code. +--- + +5. After new version is released via Maven, use the released version to run a test to ensure it actually works. You can do this by running a codebase that imports Feathr scala code. ## CI Automatic Publishing @@ -72,7 +92,9 @@ https://central.sonatype.org/publish/publish-guide/#releasing-to-central ### References +https://github.com/xerial/sbt-sonatype +https://www.linuxbabe.com/security/a-practical-guide-to-gpg-part-1-generate-your-keypair https://central.sonatype.org/publish/publish-guide/#deployment From 8fa366508a2c32065a9df806a396b4160641a1fa Mon Sep 17 00:00:00 2001 From: Benjamin Lee Date: Mon, 1 Aug 2022 15:34:17 -0700 Subject: [PATCH 2/3] Fixed indentation issue. --- docs/dev_guide/publish_to_maven.md | 94 +++++++++++++++--------------- 1 file changed, 47 insertions(+), 47 deletions(-) diff --git a/docs/dev_guide/publish_to_maven.md b/docs/dev_guide/publish_to_maven.md index 94381c042..33699df19 100644 --- a/docs/dev_guide/publish_to_maven.md +++ b/docs/dev_guide/publish_to_maven.md @@ -10,73 +10,73 @@ parent: Developer Guides 1. Set up GPG for signing artifacts. * Generate the key, use the name and email you would like to use to identify who uploaded the artifacts. An example email address would be your github email, and name could be `Feathr Developer`, `Feathr Contributor`, your real name, etc. -``` -$ gpg --gen-key -... -Real name: Central Repo Test -Email address: central@example.com -You selected this USER-ID: - "Central Repo Test " -Change (N)ame, (E)mail, or (O)kay/(Q)uit? O -``` - * Verify your gpg metadata -``` -$ gpg --list-keys -/home/mylocaluser/.gnupg/pubring.kbx -... -pub rsa3072 2021-06-23 [SC] [expires: 2023-06-23] - CA925CD6C9E8D064FF05B4728190C4130ABA0F98 -uid [ultimate] Central Repo Test -sub rsa3072 2021-06-23 [E] [expires: 2023-06-23] -``` + * ``` + $ gpg --gen-key + ... + Real name: Central Repo Test + Email address: central@example.com + You selected this USER-ID: + "Central Repo Test " + Change (N)ame, (E)mail, or (O)kay/(Q)uit? O + ``` + * Verify your gpg metadata + * ``` + $ gpg --list-keys + /home/mylocaluser/.gnupg/pubring.kbx + ... + pub rsa3072 2021-06-23 [SC] [expires: 2023-06-23] + CA925CD6C9E8D064FF05B4728190C4130ABA0F98 + uid [ultimate] Central Repo Test + sub rsa3072 2021-06-23 [E] [expires: 2023-06-23] + ``` * Upload gpg keys to a key server * [Recommended] Upload manually * Run the following command to generated the ASCII-armored public key needed by the key server -``` -gpg --armor --export user-id > pubkey.asc -``` + * ``` + gpg --armor --export user-id > pubkey.asc + ``` * upload to http://keyserver.ubuntu.com/ via `submit key` * Upload via command line. Currently this hasn't succeeded, if succeeded, please alter the steps here with your fix. -``` -$ gpg --keyserver keyserver.ubuntu.com --recv-keys CA925CD6C9E8D064FF05B4728190C4130ABA0F98 -``` + * ``` + $ gpg --keyserver keyserver.ubuntu.com --recv-keys CA925CD6C9E8D064FF05B4728190C4130ABA0F98 + ``` --- 2. Set up `Sonatype` credentials * Get account details to login to https://oss.sonatype.org/. Reachout to feathr team, such as @jaymo001 or @hangfei * Setup the credentials locally * Create sonatype configuration file -``` -vim $HOME/.sbt/1.0/sonatype.sbt -``` + * ``` + vim $HOME/.sbt/1.0/sonatype.sbt + ``` * Paste the following with the sonatype credentials -``` -credentials += Credentials("Sonatype Nexus Repository Manager", - "oss.sonatype.org", - "(Sonatype user name)", - "(Sonatype password)") -``` + * ``` + credentials += Credentials("Sonatype Nexus Repository Manager", + "oss.sonatype.org", + "(Sonatype user name)", + "(Sonatype password)") + ``` --- 3. Publish to sonatype/maven via sbt * In your feathr directory, clear your cache to prevent stale errors -``` -rm -rf target/sonatype-staging/ -``` + * ``` + rm -rf target/sonatype-staging/ + ``` * Start sbt console by running -``` -sbt -``` + * ``` + sbt + ``` * if experiencing java issues try setting the java version like so: -``` -sbt -java-home /Library/Java/JavaVirtualMachines/jdk1.8.0_282-msft.jdk/Contents/Home -``` + * ``` + sbt -java-home /Library/Java/JavaVirtualMachines/jdk1.8.0_282-msft.jdk/Contents/Home + ``` * Execute command in sbt console to publish to maven -``` -reload - ; publishSigned; sonatypeBundleRelease -``` + * ``` + reload + ; publishSigned; sonatypeBundleRelease + ``` --- 4. "Upon release, your component will be published to Central: this typically occurs within 30 minutes, though updates to search can take up to four hours." From 9f0f37836bcd7ed869058f862773afb1a37f441c Mon Sep 17 00:00:00 2001 From: Benjamin Lee Date: Mon, 1 Aug 2022 15:41:57 -0700 Subject: [PATCH 3/3] Fixed user-id unclear documentation. --- docs/dev_guide/publish_to_maven.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/dev_guide/publish_to_maven.md b/docs/dev_guide/publish_to_maven.md index 33699df19..e80e9ce74 100644 --- a/docs/dev_guide/publish_to_maven.md +++ b/docs/dev_guide/publish_to_maven.md @@ -19,7 +19,7 @@ parent: Developer Guides "Central Repo Test " Change (N)ame, (E)mail, or (O)kay/(Q)uit? O ``` - * Verify your gpg metadata + * Verify your gpg metadata, and not the uid. In this example it is `CA925CD6C9E8D064FF05B4728190C4130ABA0F98` * ``` $ gpg --list-keys /home/mylocaluser/.gnupg/pubring.kbx @@ -31,9 +31,9 @@ parent: Developer Guides ``` * Upload gpg keys to a key server * [Recommended] Upload manually - * Run the following command to generated the ASCII-armored public key needed by the key server + * Run the following command to generated the ASCII-armored public key needed by the key server. Replaced the {uid} with the uid noted from the earlier step. * ``` - gpg --armor --export user-id > pubkey.asc + gpg --armor --export {uid} > pubkey.asc ``` * upload to http://keyserver.ubuntu.com/ via `submit key`