From b4d32260dce24919181c24008e287e41e88f1ffe Mon Sep 17 00:00:00 2001 From: Steve Ebersole Date: Thu, 12 Dec 2024 12:18:31 -0600 Subject: [PATCH] HHH-18912 - ORM release process https://hibernate.atlassian.net/browse/HHH-18912 --- build.gradle | 61 +---- ci/release/Jenkinsfile | 57 +++-- ci/snapshot-publish.Jenkinsfile | 25 +- gradle/published-java-module.gradle | 214 +++++++----------- .../hibernate-gradle-plugin.gradle | 39 ++-- 5 files changed, 148 insertions(+), 248 deletions(-) diff --git a/build.gradle b/build.gradle index b2d10c0ca8..d98d8687aa 100644 --- a/build.gradle +++ b/build.gradle @@ -43,81 +43,30 @@ apply from: file( 'gradle/module.gradle' ) // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ // Release Task -task release { +tasks.register('release') { description = "The task performed when we are performing a release build. Relies on " + "the fact that subprojects will appropriately define a release task " + "themselves if they have any release-related activities to perform" doFirst { def javaVersionsInUse = jdkVersions.allVersions - if ( javaVersionsInUse != [JavaLanguageVersion.of( 11 )].toSet() ) { - throw new IllegalStateException( "Please use JDK 11 to perform the release. Currently using: ${javaVersionsInUse}" ) + if (javaVersionsInUse != [JavaLanguageVersion.of(17)].toSet()) { + throw new IllegalStateException("Please use JDK 17 to perform the release. Currently using: ${javaVersionsInUse}") } } } -task publish { - description = "The task performed when we want to just publish maven artifacts. Relies on " + - "the fact that subprojects will appropriately define a release task " + - "themselves if they have any publish-related activities to perform" -} - - - -def ossrhUsername = extractPropertyOrSetting( "OSSRH_USER" ) -def ossrhPassword = extractPropertyOrSetting( "OSSRH_PASSWORD" ) - -String extractPropertyOrSetting(String name) { - if ( project.hasProperty( name) ) { - return project.property( name ) - } - - def sysProp = System.getProperty( name ) - if ( sysProp != null ) { - return sysProp - } - - def envProp = System.getenv( name ) - if ( envProp != null ) { - return envProp - } - - return null -} - nexusPublishing { repositories { - sonatype { - username = ossrhUsername - password = ossrhPassword - } + sonatype() } } -gradle.taskGraph.addTaskExecutionGraphListener( - new TaskExecutionGraphListener() { - @Override - void graphPopulated(TaskExecutionGraph graph) { - for ( final def task in graph.allTasks ) { - if ( task instanceof PublishToMavenRepository ) { - if ( ossrhUsername == null ) { - throw new RuntimeException( "OSSRH username not specified, but publishing was requested" ) - } - if ( ossrhPassword == null ) { - throw new RuntimeException( "OSSRH password not specified, but publishing was requested" ) - } - break - } - } - } - } -) - // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ // CI Build Task -task ciBuild { +tasks.register('ciBuild') { description = "The task performed when one of the 'main' jobs are triggered on the " + "CI server. Just as above, relies on the fact that subprojects will " + "appropriately define a release task themselves if they have any tasks " + diff --git a/ci/release/Jenkinsfile b/ci/release/Jenkinsfile index 0f352c451a..f620c5f7f6 100644 --- a/ci/release/Jenkinsfile +++ b/ci/release/Jenkinsfile @@ -53,8 +53,6 @@ def checkoutReleaseScripts() { } } -File findReleaseNotes() { -} // -------------------------------------------- // Pipeline @@ -95,6 +93,10 @@ pipeline { stage('Release check') { steps { script { + print "INFO: params.RELEASE_VERSION = ${params.RELEASE_VERSION}" + print "INFO: params.DEVELOPMENT_VERSION = ${params.DEVELOPMENT_VERSION}" + print "INFO: params.RELEASE_DRY_RUN? = ${params.RELEASE_DRY_RUN}" + checkoutReleaseScripts() def currentVersion = Version.parseDevelopmentVersion( sh( @@ -110,7 +112,9 @@ pipeline { echo "Release was requested manually" if ( !params.RELEASE_VERSION ) { - throw new IllegalArgumentException( 'Missing value for parameter RELEASE_VERSION. This parameter must be set explicitly to prevent mistakes.' ) + throw new IllegalArgumentException( + 'Missing value for parameter RELEASE_VERSION. This parameter must be set explicitly to prevent mistakes.' + ) } releaseVersion = Version.parseReleaseVersion( params.RELEASE_VERSION ) @@ -152,7 +156,7 @@ pipeline { env.DEVELOPMENT_VERSION = developmentVersion.toString() if ( params.RELEASE_DRY_RUN ) { - env.SCRIPT_OPTIONS += " -d" + env.SCRIPT_OPTIONS += "-d" } // Determine version id to check if Jira version exists @@ -169,25 +173,18 @@ pipeline { configFile(fileId: 'release.config.ssh', targetLocation: "${env.HOME}/.ssh/config"), configFile(fileId: 'release.config.ssh.knownhosts', targetLocation: "${env.HOME}/.ssh/known_hosts") ]) { - withCredentials([ - usernamePassword(credentialsId: 'ossrh.sonatype.org', passwordVariable: 'OSSRH_PASSWORD', usernameVariable: 'OSSRH_USER'), - usernamePassword(credentialsId: 'gradle-plugin-portal-api-key', passwordVariable: 'PLUGIN_PORTAL_PASSWORD', usernameVariable: 'PLUGIN_PORTAL_USERNAME'), - file(credentialsId: 'release.gpg.private-key', variable: 'RELEASE_GPG_PRIVATE_KEY_PATH'), - string(credentialsId: 'release.gpg.passphrase', variable: 'RELEASE_GPG_PASSPHRASE') - ]) { - sshagent(['ed25519.Hibernate-CI.github.com', 'hibernate.filemgmt.jboss.org', 'hibernate-ci.frs.sourceforge.net']) { - // set release version - // update changelog from JIRA - // tags the version - // changes the version to the provided development version - withEnv([ - "BRANCH=${env.GIT_BRANCH}", - "DISABLE_REMOTE_GRADLE_CACHE=true", - // Increase the amount of memory for this part since asciidoctor doc rendering consumes a lot of metaspace - "GRADLE_OPTS=-Dorg.gradle.jvmargs='-Dlog4j2.disableJmx -Xmx4g -XX:MaxMetaspaceSize=768m -XX:+HeapDumpOnOutOfMemoryError -Duser.language=en -Duser.country=US -Duser.timezone=UTC -Dfile.encoding=UTF-8'" - ]) { - sh ".release/scripts/prepare-release.sh ${env.PROJECT} ${env.RELEASE_VERSION} ${env.DEVELOPMENT_VERSION}" - } + sshagent(['ed25519.Hibernate-CI.github.com', 'hibernate.filemgmt.jboss.org', 'hibernate-ci.frs.sourceforge.net']) { + // set release version + // update changelog from JIRA + // tags the version + // changes the version to the provided development version + withEnv([ + "BRANCH=${env.GIT_BRANCH}", + "DISABLE_REMOTE_GRADLE_CACHE=true", + // Increase the amount of memory for this part since asciidoctor doc rendering consumes a lot of metaspace + "GRADLE_OPTS=-Dorg.gradle.jvmargs='-Dlog4j2.disableJmx -Xmx4g -XX:MaxMetaspaceSize=768m -XX:+HeapDumpOnOutOfMemoryError -Duser.language=en -Duser.country=US -Duser.timezone=UTC -Dfile.encoding=UTF-8'" + ]) { + sh ".release/scripts/prepare-release.sh ${env.PROJECT} ${env.RELEASE_VERSION} ${env.DEVELOPMENT_VERSION}" } } } @@ -204,10 +201,12 @@ pipeline { configFile(fileId: 'release.config.ssh.knownhosts', targetLocation: "${env.HOME}/.ssh/known_hosts") ]) { withCredentials([ - usernamePassword(credentialsId: 'ossrh.sonatype.org', passwordVariable: 'OSSRH_PASSWORD', usernameVariable: 'OSSRH_USER'), - usernamePassword(credentialsId: 'gradle-plugin-portal-api-key', passwordVariable: 'PLUGIN_PORTAL_PASSWORD', usernameVariable: 'PLUGIN_PORTAL_USERNAME'), - file(credentialsId: 'release.gpg.private-key', variable: 'RELEASE_GPG_PRIVATE_KEY_PATH'), - string(credentialsId: 'release.gpg.passphrase', variable: 'RELEASE_GPG_PASSPHRASE'), + // https://github.com/gradle-nexus/publish-plugin#publishing-to-maven-central-via-sonatype-ossrh + usernamePassword(credentialsId: 'ossrh.sonatype.org', passwordVariable: 'ORG_GRADLE_PROJECT_sonatypePassword', usernameVariable: 'ORG_GRADLE_PROJECT_sonatypeUsername'), + // https://docs.gradle.org/current/userguide/publishing_gradle_plugins.html#account_setup + usernamePassword(credentialsId: 'gradle-plugin-portal-api-key', passwordVariable: 'GRADLE_PUBLISH_SECRET', usernameVariable: 'GRADLE_PUBLISH_KEY'), + file(credentialsId: 'release.gpg.private-key', variable: 'SIGNING_GPG_PRIVATE_KEY_PATH'), + string(credentialsId: 'release.gpg.passphrase', variable: 'SIGNING_GPG_PASSPHRASE') gitUsernamePassword(credentialsId: 'username-and-token.Hibernate-CI.github.com', gitToolName: 'Default') ]) { sshagent(['ed25519.Hibernate-CI.github.com', 'hibernate.filemgmt.jboss.org', 'hibernate-ci.frs.sourceforge.net']) { @@ -216,7 +215,7 @@ pipeline { withEnv([ "DISABLE_REMOTE_GRADLE_CACHE=true" ]) { - sh ".release/scripts/publish.sh ${env.PROJECT} ${env.RELEASE_VERSION} ${env.DEVELOPMENT_VERSION} ${env.GIT_BRANCH} ${env.SCRIPT_OPTIONS}" + sh ".release/scripts/publish.sh ${env.SCRIPT_OPTIONS} ${env.PROJECT} ${env.RELEASE_VERSION} ${env.DEVELOPMENT_VERSION} ${env.GIT_BRANCH}" } } } @@ -243,7 +242,7 @@ pipeline { extensions: [], userRemoteConfigs: [[credentialsId: 'ed25519.Hibernate-CI.github.com', url: 'https://github.com/hibernate/hibernate.org.git']] ) - sh "../scripts/website-release.sh ${env.PROJECT} ${env.RELEASE_VERSION} ${env.SCRIPT_OPTIONS} " + sh "../scripts/website-release.sh ${env.SCRIPT_OPTIONS} ${env.PROJECT} ${env.RELEASE_VERSION}" } } } diff --git a/ci/snapshot-publish.Jenkinsfile b/ci/snapshot-publish.Jenkinsfile index 123ca9cc65..0d0491a7e3 100644 --- a/ci/snapshot-publish.Jenkinsfile +++ b/ci/snapshot-publish.Jenkinsfile @@ -30,24 +30,19 @@ pipeline { } stage('Publish') { steps { - withCredentials([ - usernamePassword(credentialsId: 'ossrh.sonatype.org', passwordVariable: 'OSSRH_PASSWORD', usernameVariable: 'OSSRH_USER'), - usernamePassword(credentialsId: 'gradle-plugin-portal-api-key', passwordVariable: 'PLUGIN_PORTAL_PASSWORD', usernameVariable: 'PLUGIN_PORTAL_USERNAME'), - file(credentialsId: 'release.gpg.private-key', variable: 'RELEASE_GPG_PRIVATE_KEY_PATH'), - string(credentialsId: 'release.gpg.passphrase', variable: 'RELEASE_GPG_PASSPHRASE'), - // https://github.com/gradle-nexus/publish-plugin#publishing-to-maven-central-via-sonatype-ossrh - usernamePassword(credentialsId: 'ossrh.sonatype.org', passwordVariable: 'ORG_GRADLE_PROJECT_sonatypePassword', usernameVariable: 'ORG_GRADLE_PROJECT_sonatypeUsername'), - // https://docs.gradle.org/current/userguide/publishing_gradle_plugins.html#account_setup - usernamePassword(credentialsId: 'gradle-plugin-portal-api-key', passwordVariable: 'GRADLE_PUBLISH_SECRET', usernameVariable: 'GRADLE_PUBLISH_KEY'), - file(credentialsId: 'release.gpg.private-key', variable: 'SIGNING_GPG_PRIVATE_KEY_PATH'), - string(credentialsId: 'release.gpg.passphrase', variable: 'SIGNING_GPG_PASSPHRASE') - ]) { + withCredentials([ + // https://github.com/gradle-nexus/publish-plugin#publishing-to-maven-central-via-sonatype-ossrh + usernamePassword(credentialsId: 'ossrh.sonatype.org', passwordVariable: 'ORG_GRADLE_PROJECT_sonatypePassword', usernameVariable: 'ORG_GRADLE_PROJECT_sonatypeUsername'), + // https://docs.gradle.org/current/userguide/publishing_gradle_plugins.html#account_setup + usernamePassword(credentialsId: 'gradle-plugin-portal-api-key', passwordVariable: 'GRADLE_PUBLISH_SECRET', usernameVariable: 'GRADLE_PUBLISH_KEY'), + file(credentialsId: 'release.gpg.private-key', variable: 'SIGNING_GPG_PRIVATE_KEY_PATH'), + string(credentialsId: 'release.gpg.passphrase', variable: 'SIGNING_GPG_PASSPHRASE') + gitUsernamePassword(credentialsId: 'username-and-token.Hibernate-CI.github.com', gitToolName: 'Default') + ]) { withEnv([ "DISABLE_REMOTE_GRADLE_CACHE=true" ]) { - sh '''./gradlew clean publish -x test \ - --no-scan --no-daemon --no-build-cache --stacktrace - ''' + sh './gradlew clean publish -x test --no-scan --no-daemon --no-build-cache --stacktrace' } } } diff --git a/gradle/published-java-module.gradle b/gradle/published-java-module.gradle index 2f9b30b082..98ff6f06d6 100644 --- a/gradle/published-java-module.gradle +++ b/gradle/published-java-module.gradle @@ -24,162 +24,114 @@ dependencies { javadocSources sourceSets.main.allJava } - -// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -// Publishing - -publishing { - publications { - // main publication - publishedArtifacts { - // Add the Java component to the main publication - from components.java - } - } -} - java { - // include javadoc and sources jar in the Java component - // - classes jar included by default + // Configure the Java "software component" to include javadoc and sources jars in addition to the classes jar. + // Ultimately, this component is what makes up the publication for this project. withJavadocJar() withSourcesJar() } -var signingKey = resolveSigningKey() -var signingPassword = findSigningProperty( "RELEASE_GPG_PASSPHRASE" ) -signing { - useInMemoryPgpKeys( signingKey, signingPassword ) +// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +// Publishing - sign publishing.publications.publishedArtifacts +var publishingExtension = project.getExtensions().getByType(PublishingExtension) as PublishingExtension +publishingExtension.publications { + // main publication + publishedArtifacts { + // Add the Java component to the main publication + from components.java + } } -String resolveSigningKey() { - var key = findSigningProperty( "RELEASE_GPG_PRIVATE_KEY" ) + +// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +// Signing + +def signPublicationsTask = tasks.register('signPublications') { + description "Grouping task which executes all Sign tasks" + + dependsOn tasks.withType( Sign ) +} + +tasks.named( "publishPublishedArtifactsPublicationToSonatypeRepository" ) { + // publishing depends on signing + dependsOn signPublicationsTask +} + +tasks.register('sign') { + description "Pseudonym for :signPublications" + dependsOn signPublicationsTask +} + +var signingExtension = project.getExtensions().getByType(SigningExtension) as SigningExtension +signingExtension.sign publishing.publications.publishedArtifacts + +gradle.taskGraph.whenReady { TaskExecutionGraph graph -> + boolean wasSigningRequested = false + boolean wasPublishingRequested = false + + graph.allTasks.each {task -> + if ( task instanceof Sign ) { + wasSigningRequested = true + } + else if ( task instanceof PublishToMavenRepository ) { + wasPublishingRequested = true + } + } + + if ( wasPublishingRequested ) { + def ossrhUser = System.getenv().get( "ORG_GRADLE_PROJECT_sonatypeUsername" ) + def ossrhPass = System.getenv().get( "ORG_GRADLE_PROJECT_sonatypePassword" ) + if ( ossrhUser == null || ossrhPass == null ) { + throw new RuntimeException( "Cannot perform publishing to OSSRH without credentials." ) + } + logger.lifecycle "Publishing {} : {} : {}", project.group, project.name, project.version + } + + if ( wasSigningRequested || wasPublishingRequested ) { + // signing was explicitly requested and/or we are publishing to Sonatype OSSRH + // - we need the signing to happen + signingExtension.required = true + + var signingKey = resolveSigningKey() + var signingPassword = resolveSigningPassphrase() + signingExtension.useInMemoryPgpKeys( signingKey, signingPassword ) + } + else { + // signing was not explicitly requested and we are not publishing to OSSRH, + // - disable all Sign tasks + tasks.withType( Sign ).each { t-> t.enabled = false } + } +} + +static String resolveSigningKey() { + var key = System.getenv().get( "SIGNING_GPG_PRIVATE_KEY" ) if ( key != null ) { return key } - var keyFile = findSigningProperty( "RELEASE_GPG_PRIVATE_KEY_PATH" ) + var keyFile = System.getenv().get( "SIGNING_GPG_PRIVATE_KEY_PATH" ) if ( keyFile != null ) { return new File( keyFile ).text } - return null + throw new RuntimeException( "Cannot perform signing without GPG details." ) } -String findSigningProperty(String propName) { - def sysProp = System.getProperty(propName) - if ( sysProp != null ) { - logger.debug "Found `{}` as a system property", propName - return sysProp - } - - def envVar = System.getenv().get(propName) - if ( envVar != null ) { - logger.debug "Found `{}` as an env-var property", propName - return envVar - } - - def projectProp = project.hasProperty(propName) - if (projectProp) { - logger.debug "Found `{}` as a project property", propName - return projectProp - } - - logger.debug "Did not find `{}`", propName - return null -} - - -var signingTask = project.tasks.getByName( "signPublishedArtifactsPublication" ) as Sign -var signingExtension = project.getExtensions().getByType(SigningExtension) as SigningExtension - -task sign { - dependsOn "signPublications" -} - -task signPublications { t -> - tasks.withType( Sign ).all { s -> - t.dependsOn s - } -} - -signingTask.doFirst { - if ( signingKey == null || signingPassword == null ) { - throw new GradleException( - "Cannot perform signing without GPG details. Please set the `signingKey` and `signingKeyFile` properties" - ) - } -} - - -boolean wasSigningExplicitlyRequested() { - // check whether signing task was explicitly requested when running the build - // - // NOTE: due to https://discuss.gradle.org/t/how-to-tell-if-a-task-was-explicitly-asked-for-on-the-command-line/42853/3 - // we cannot definitively know whether the task was requested. Gradle really just does not expose this information. - // so we make a convention - we check the "start parameters" object to see which task-names were requested; - // the problem is that these are the raw names directly from the command line. e.g. it is perfectly legal to - // say `gradlew signPubArtPub` in place of `gradlew signPublishedArtifactsPublication` - Gradle will simply - // "expand" the name it finds. However, it does not make that available. - // - // so the convention is that we will check for the following task names - // - // for each of: - // 1. `sign` - // 2. `signPublications` - // 3. `signPublishedArtifactsPublication` - // - // and we check both forms: - // 1. "${taskName}" - // 2. project.path + ":${taskName}" - // - // we need to check both again because of the "start parameters" discussion - - def signingTaskNames = ["sign", "signPublications", "signPublishedArtifactsPublication"] - - for ( String taskName : signingTaskNames ) { - if ( gradle.startParameter.taskNames.contains( taskName ) - || gradle.startParameter.taskNames.contains( "${project.path}:${taskName}" ) ) { - return true - } - } - - return false -} - -if ( wasSigningExplicitlyRequested() ) { - // signing was explicitly requested - signingExtension.required = true -} -else { - gradle.taskGraph.whenReady { graph -> - if ( graph.hasTask( signingTask ) ) { - // signing is scheduled to happen. - // - // we know, from above if-check, that it was not explicitly requested - - // so it is triggered via task dependency. make sure we want it to happen - var publishingTask = project.tasks.getByName( "publishPublishedArtifactsPublicationToSonatypeRepository" ) as PublishToMavenRepository - if ( graph.hasTask( publishingTask ) ) { - // we are publishing to Sonatype OSSRH - we need the signing to happen - signingExtension.required = true - } - else { - // signing was not explicitly requested and we are not publishing to OSSRH, - // so do not sign. - signingTask.enabled = false - } - } - +static String resolveSigningPassphrase() { + var passphrase = System.getenv().get( "SIGNING_GPG_PASSPHRASE" ) + if ( passphrase == null ) { + throw new RuntimeException( "Cannot perform signing without GPG details." ) } + return passphrase } // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ // Release / publishing tasks -task ciBuild { +tasks.register('ciBuild') { dependsOn test, tasks.publishToSonatype } @@ -195,7 +147,7 @@ tasks.publishToSonatype.mustRunAfter test // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ // Ancillary tasks -task showPublications { +tasks.register('showPublications') { doFirst { project.publishing.publications.each { publication -> println "Publication (${publication.name}): ${publication.groupId}:${publication.artifactId}:${publication.version}" diff --git a/tooling/hibernate-gradle-plugin/hibernate-gradle-plugin.gradle b/tooling/hibernate-gradle-plugin/hibernate-gradle-plugin.gradle index f1717e5056..7b8edd11aa 100644 --- a/tooling/hibernate-gradle-plugin/hibernate-gradle-plugin.gradle +++ b/tooling/hibernate-gradle-plugin/hibernate-gradle-plugin.gradle @@ -63,7 +63,7 @@ tasks.withType(AbstractArchiveTask).configureEach { test { useJUnitPlatform() if ( project.hasProperty( 'excludeTests' ) ) { - exclude project.property( 'excludeTests' ) + exclude project.property( 'excludeTests' ) as String } } @@ -107,14 +107,14 @@ processResources { filter( ReplaceTokens, tokens: [ 'hibernateVersion': getVersion() ] ) } -tasks.withType( JavaCompile ) { +tasks.withType(JavaCompile).configureEach { options.encoding = 'UTF-8' } if ( !jdkVersions.explicit ) { - tasks.withType( GroovyCompile ) { - sourceCompatibility = JavaVersion.toVersion( jdkVersions.baseline ) - targetCompatibility = JavaVersion.toVersion( jdkVersions.baseline ) + tasks.withType(GroovyCompile).configureEach { + sourceCompatibility = JavaVersion.toVersion(jdkVersions.baseline) + targetCompatibility = JavaVersion.toVersion(jdkVersions.baseline) } } else { @@ -133,20 +133,25 @@ tasks.publish.enabled !project.ormVersion.isSnapshot tasks.publishPlugins.enabled !project.ormVersion.isSnapshot gradle.taskGraph.whenReady { tg -> - if ( tg.hasTask( project.tasks.publishPlugins ) && project.tasks.publishPlugins.enabled ) { - // look for sys-prop or env-var overrides of the tokens used for publishing - if ( project.properties.containsKey( 'gradle.publish.key' ) - || project.properties.containsKey( 'gradle.publish.secret' ) ) { - // nothing to do - already explicitly set + // verify credentials for publishing the plugin up front to avoid any work (only if we are publishing) + if ( tg.hasTask( ":publishPlugins" ) && project.tasks.publishPlugins.enabled ) { + // we are publishing the plugin - make sure there is a credentials pair + // + // first, check the `GRADLE_PUBLISH_KEY` / `GRADLE_PUBLISH_SECRET` combo (env vars) + // and then the `gradle.publish.key` / `gradle.publish.secret` combo (project prop) + // - see https://docs.gradle.org/current/userguide/publishing_gradle_plugins.html#account_setup + if ( System.getenv().get("GRADLE_PUBLISH_KEY") != null ) { + if ( System.getenv().get("GRADLE_PUBLISH_SECRET") != null ) { + throw new RuntimeException( "`GRADLE_PUBLISH_KEY` specified, but not `GRADLE_PUBLISH_SECRET` for publishing Gradle plugin" ) + } + } + else if ( project.findProperty( 'gradle.publish.key' ) != null ) { + if ( project.findProperty( 'gradle.publish.secret' ) != null ) { + throw new RuntimeException( "`gradle.publish.key` specified, but not `gradle.publish.secret` for publishing Gradle plugin" ) + } } else { - // use the values from the credentials provider, if any - if ( project.property( 'gradle.publish.key' ) == null ) { - throw new RuntimeException( "`-Pgradle.publish.key=...` not found" ) - } - if ( project.property( 'gradle.publish.secret' ) == null ) { - throw new RuntimeException( "`-Pgradle.publish.secret=...` not found" ) - } + throw new RuntimeException( "No credentials specified for publishing Gradle plugin" ) } } }