Skip to content

Use ossrh-staging-api releases for Maven Central credential check #10942

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
gh-worker-dd-mergequeue-cf854d merged 4 commits into from
Mar 23, 2026
Merged

Use ossrh-staging-api releases for Maven Central credential check #10942

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
ff73b6c
Use ossrh-staging-api releases for Maven Central credential check
sarahchen6 Mar 23, 2026
62773f9
Temporarily comment out job rules for testing
sarahchen6 Mar 23, 2026
eaaab34
Use bad credentials and except failure
sarahchen6 Mar 23, 2026
42972f0
Revert testing changes
sarahchen6 Mar 23, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 11 additions & 5 deletions .gitlab-ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -222,18 +222,24 @@ maven-central-pre-release-check:
image: ${BUILDER_IMAGE_REPO}:${BUILDER_IMAGE_VERSION_PREFIX}base
stage: .pre
rules:
- if: '$CI_COMMIT_BRANCH == "master"'
when: on_success
allow_failure: false
- if: '$CI_COMMIT_TAG =~ /^v[0-9]+\.[0-9]+\.[0-9]+$/'
when: on_success
allow_failure: false
script:
- |
MAVEN_CENTRAL_USERNAME=$(aws ssm get-parameter --region us-east-1 --name ci.dd-trace-java.central_username --with-decryption --query "Parameter.Value" --out text)
MAVEN_CENTRAL_PASSWORD=$(aws ssm get-parameter --region us-east-1 --name ci.dd-trace-java.central_password --with-decryption --query "Parameter.Value" --out text)
# See https://central.sonatype.org/publish/publish-portal-api/
# 15e0cbbb-deff-421e-9e02-296a24d0cada is deployment, any deployment id listed in central work, the idea is to check whether the token can authenticate
curl --request POST --include --fail https://central.sonatype.com/api/v1/publisher/status?id=15e0cbbb-deff-421e-9e02-296a24d0cada --header "Authorization: Bearer $(printf "$MAVEN_CENTRAL_USERNAME:$MAVEN_CENTRAL_PASSWORD" | base64)"
if [ $? -ne 0 ]; then
echo "Failed to authenticate against central. Check credentials, see https://datadoghq.atlassian.net/wiki/x/Oog5OgE"
# See https://central.sonatype.org/publish/publish-portal-ossrh-staging-api/
# Use the staging API search endpoint to validate the tokens without relying on a specific deployment
AUTHORIZATION_HEADER="Authorization: Bearer $(printf '%s:%s' "$MAVEN_CENTRAL_USERNAME" "$MAVEN_CENTRAL_PASSWORD" | base64)"
if ! curl --silent --show-error --fail \
"https://ossrh-staging-api.central.sonatype.com/manual/search/repositories?ip=any" \
--header "$AUTHORIZATION_HEADER" \
> /dev/null; then
echo "Failed to authenticate tokens against maven central staging API. Check credentials and see https://datadoghq.atlassian.net/wiki/x/Oog5OgE"
exit 1
fi

Expand Down
Loading