From f3918c7a8bcd2f0a4f3959a32b62e683c133360a Mon Sep 17 00:00:00 2001 From: Peter Samarin Date: Thu, 13 Nov 2025 16:53:15 +0100 Subject: [PATCH 1/3] chore: making local bundle doesn't need Sonatype usename or password --- deploy/deploy.sh | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/deploy/deploy.sh b/deploy/deploy.sh index d9c9723a0..2fbf71328 100755 --- a/deploy/deploy.sh +++ b/deploy/deploy.sh @@ -30,10 +30,6 @@ JAZZER_COORDINATES=$1 echo "$RELEASE_SIGNING_KEY_PRIVATE" | gpg --import echo "default-key $RELEASE_SIGNING_KEY_ID" > $HOME/.gnupg/gpg.conf -[ -z "${MAVEN_USER+x}" ] && \ - fail "Set MAVEN_USER to the Sonatype OSSRH user" -[ -z "${MAVEN_PASSWORD+x}" ] && \ - fail "Set MAVEN_PASSWORD to the Sonatype OSSRH password" [ -z "${JAZZER_JAR_PATH+x}" ] && \ fail "Set JAZZER_JAR_PATH to the absolute path of jazzer.jar obtained from the release GitHub Actions workflow" [ ! -f "${JAZZER_JAR_PATH}" ] && \ @@ -68,12 +64,8 @@ JAZZER_DOCS_PATH=$PWD/$(bazel cquery --output=files //deploy:jazzer-docs) JAZZER_SOURCES_PATH=$PWD/$(bazel cquery --output=files //deploy:jazzer-sources) JAZZER_POM_PATH=$PWD/$(bazel cquery --output=files //deploy:jazzer-pom) -bazel run --define "maven_repo=${MAVEN_REPO}" --define "maven_user=${MAVEN_USER}" \ - --define "maven_password=${MAVEN_PASSWORD}" --define gpg_sign=true \ - //deploy:jazzer-api.publish -MAVEN_REPO="$MAVEN_REPO" GPG_SIGN="true" MAVEN_USER="$MAVEN_USER" MAVEN_PASSWORD="$MAVEN_PASSWORD" \ +bazel run --define "maven_repo=${MAVEN_REPO}" --define gpg_sign=true //deploy:jazzer-api.publish +MAVEN_REPO="$MAVEN_REPO" GPG_SIGN="true" \ bazel run @rules_jvm_external//private/tools/java/com/github/bazelbuild/rules_jvm_external/maven:MavenPublisher -- \ "$JAZZER_COORDINATES" "$JAZZER_POM_PATH" "$JAZZER_JAR_PATH" "sources=${JAZZER_SOURCES_PATH},javadoc=${JAZZER_DOCS_PATH}" -bazel run --define "maven_repo=${MAVEN_REPO}" --define "maven_user=${MAVEN_USER}" \ - --define "maven_password=${MAVEN_PASSWORD}" --define gpg_sign=true \ - //deploy:jazzer-junit.publish +bazel run --define "maven_repo=${MAVEN_REPO}" --define gpg_sign=true //deploy:jazzer-junit.publish From 6ef7fc764a2a411e3e039f78e2c5bbfc27ee2a7f Mon Sep 17 00:00:00 2001 From: Peter Samarin Date: Thu, 13 Nov 2025 17:04:38 +0100 Subject: [PATCH 2/3] chore: automatically deploy to Maven Central and create a GH release --- .github/workflows/prerelease.yaml | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/.github/workflows/prerelease.yaml b/.github/workflows/prerelease.yaml index 7e3e96d38..3e0a40693 100644 --- a/.github/workflows/prerelease.yaml +++ b/.github/workflows/prerelease.yaml @@ -94,7 +94,7 @@ jobs: path: _tmp/jazzer.jar if-no-files-found: error - maven_predeploy: + maven_deploy: runs-on: ubuntu-22.04 needs: merge_jars @@ -128,16 +128,31 @@ jobs: env: RELEASE_SIGNING_KEY_ID: ${{ secrets.RELEASE_SIGNING_KEY_ID }} RELEASE_SIGNING_KEY_PRIVATE: ${{ secrets.RELEASE_SIGNING_KEY_PRIVATE }} - MAVEN_USER: ${{ secrets.MAVEN_USER }} - MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} - run: JAZZER_JAR_PATH="$(pwd)/_tmp/jazzer.jar" bazel run deploy + run: | + JAZZER_JAR_PATH="$(pwd)/_tmp/jazzer.jar" bazel run deploy + cd _tmp + tar -czvf jazzer-maven-central-bundle.tar.gz -C release com + # In case something goes wrong, we can still reupload the bundle manually - name: Upload Jazzer Bundle to Github Artifacts uses: actions/upload-artifact@v5 with: name: jazzer-maven-central-bundle - path: _tmp/release + path: _tmp/jazzer-maven-central-bundle.tar.gz if-no-files-found: error + # don't wrap .tar.gz in a .zip + compression-level: 0 + + - name: Deploy to Maven Central + shell: bash + run: | + TAG=${{ github.ref_name }} + curl --request POST \ + --verbose \ + --fail-with-body \ + --header "Authorization: Bearer ${{ secrets.SONATYPE_BEARER_TOKEN }}" \ + --form bundle=@_tmp/jazzer-maven-central-bundle.tar.gz \ + "https://central.sonatype.com/api/v1/publisher/upload?name=Jazzer%20${TAG#v}&publishingType=AUTOMATIC" create_release: needs: build_release From 2b271e2f37e229f9bd3eaed3ad6461ba45e4303d Mon Sep 17 00:00:00 2001 From: Peter Samarin Date: Fri, 14 Nov 2025 15:00:00 +0100 Subject: [PATCH 3/3] chore: update the release instructions --- CONTRIBUTING.md | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index db7d4e355..0a97bcd7b 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -131,11 +131,13 @@ Run `./format.sh` to format all source files in the way enforced by the "Check f ## Releasing (CI employees only) -1. Push a tag of the form `v1.2.3` to trigger the "Prerelease" GitHub Actions workflow. -2. Wait for the workflow to finish (about 10 minutes). -3. Download the artifact called "jazzer-maven-central-bundle" from the prerelease workflow run. -4. Log into https://central.sonatype.com/publishing and click on "Publish Component". -5. In the dialog that follows, under "Upload Your File", select the downloaded artifact. The "Deployment Name" doesn't matter. Click "Publish Component". -6. Refresh the page, and you should see "Deployment Info" with status "VALIDATED". -7. Click "Publish" to publish the component to Maven Central and wait for the status to change to "PUBLISHED" (a refresh or two may be necessary). -8. Release the draft Github release. This will automatically create a tag, push the docker images and deploy the docs (can take about a few minutes to appear at [jazzer-docs]( https://codeintelligencetesting.github.io/jazzer-docs)). +1. Push a tag of the form `v1.2.3` to trigger the "Prerelease" GitHub Actions workflow followed by the "Release" workflow. +2. Make sure that Jazzer was actually published on Maven Central. +3. Publish the draft releas on Github. This will also automatically update the [jazzer-docs](https://codeintelligencetesting.github.io/jazzer-docs). + +Upon a failure to deploy to Maven Central, you can eather log into https://central.sonatype.com/publishing and see the status of the last attempt to publish, or follow these steps to manually deploy the artifacts: +1. Download the bundle artifact called "jazzer-maven-central-bundle". +2. Log into https://central.sonatype.com/publishing and click on "Publish Component". +3. In the dialog that follows, under "Upload Your File", select the downloaded artifact. The "Deployment Name" doesn't matter. Click "Publish Component". +4. Refresh the page, and you should see "Deployment Info" with status "VALIDATED". +5. Click "Publish" to publish the component to Maven Central and wait for the status to change to "PUBLISHED" (a refresh or two may be necessary).