Make gpg passphrase optional in publish method.

[Baccata]

My team uses a private artifact repository (artifactory) which exposes the same API as sonatype.

However, the signing of the artifacts is not required. I'd like to make the gpg passphrase optional in PublishModule#publish, or have another task (publishWithoutSigning) that would not require the passphrase.

Thoughts ?

[rockjam]

What happens when you pass null?

[Baccata]

What happens when you pass null?

1 targets failed
scribe.recursion.publish java.lang.NullPointerException
    java.lang.ProcessBuilder.start(ProcessBuilder.java:1012)
    ammonite.ops.Shellout$.executeInteractive(Shellout.scala:27)
    ammonite.ops.Shellout$.$anonfun$$percent$1(Shellout.scala:14)
    ammonite.ops.Shellout$.$anonfun$$percent$1$adapted(Shellout.scala:14)
    ammonite.ops.Command.applyDynamic(Shellout.scala:118)
    mill.scalalib.publish.SonatypePublisher.poorMansSign(SonatypePublisher.scala:141)

[rockjam]

I think that having optional gpg passphrase is reasonable

[lihaoyi]

Maybe we could give publish a separate flag --signed false? The reason is that there are three cases here:

• Signed with passphrase
• Signed without passphrase
• Unsigned

If we're going to change this we might as well make sure we handle all three cases

[Baccata]

Closing this as the problem it describes is solved. There is still a problem with publishing to artifactory with the default PublishModule. I need to have a closer look at how it's API differs from sonatype's API to formulate a new issue.

[ddelautre]

@Baccata Did you succeed publishing to Artifactory?

[Baccata]

@ddelautre, yeah, here's a snippet I used. It might need updating to the latest mill version, but it should do the trick :

import java.math.BigInteger
import java.security.MessageDigest

import ammonite.ops._
import mill.scalalib.publish.{ SonatypeHttpApi, _ }
import mill.util.Logger
import scalaj.http.HttpResponse

// Basically a copy of https://github.com/lihaoyi/mill/blob/0.2.2/scalalib/src/mill/scalalib/publish/SonatypePublisher.scala
// to avoid requiring a gpg passphrase.
class ArtifactoryPublisher(uri: String, snapshotUri: String, credentials: String, log: Logger) {

  private val api = new SonatypeHttpApi(uri, credentials)

  def publish(fileMapping: Seq[(Path, String)], artifact: Artifact): Unit = {
    publishAll(release = true, fileMapping -> artifact)
  }
  def publishAll(release: Boolean, artifacts: (Seq[(Path, String)], Artifact)*): Unit = {

    val mappings = for ((fileMapping0, artifact) <- artifacts) yield {
      val publishPath = Seq(
        artifact.group.replace(".", "/"),
        artifact.id,
        artifact.version
      ).mkString("/")
      val fileMapping = fileMapping0.map { case (file, name) => (file, publishPath + "/" + name) }

      artifact -> fileMapping.flatMap {
        case (file, name) =>
          val content = read.bytes(file)

          Seq(
            name             -> content,
            (name + ".md5")  -> md5hex(content),
            (name + ".sha1") -> sha1hex(content)
          )
      }
    }

    val (snapshots, releases) = mappings.partition(_._1.isSnapshot)
    if (snapshots.nonEmpty) {
      doPublish(snapshots.flatMap(_._2), snapshots.map(_._1), snapshotUri)
    }
    val releaseGroups = releases.groupBy(_._1.group)
    for ((group, groupReleases) <- releaseGroups) {
      doPublish(groupReleases.flatMap(_._2), releases.map(_._1), uri)
    }
  }

  private def doPublish(
    payloads: Seq[(String, Array[Byte])],
    artifacts: Seq[Artifact],
    uri: String
  ): Unit = {

    val publishResults = payloads.map {
      case (fileName, data) =>
        log.info(s"Uploading $fileName")
        val resp = api.upload(s"$uri/$fileName", data)
        resp
    }
    reportPublishResults(publishResults, artifacts)
  }

  private def reportPublishResults(
    publishResults: Seq[HttpResponse[String]],
    artifacts: Seq[Artifact]
  ) = {
    if (publishResults.forall(_.is2xx)) {
      log.info(s"Published ${artifacts.map(_.id).mkString(", ")} to Sonatype")
    } else {
      val errors = publishResults.filterNot(_.is2xx).map { response =>
        s"Code: ${response.code}, message: ${response.body}"
      }
      throw new RuntimeException(
        s"Failed to publish ${artifacts.map(_.id).mkString(", ")} to Sonatype. Errors: \n${errors.mkString("\n")}"
      )
    }
  }

  private def awaitRepoStatus(status: String, stagingRepoId: String, attempts: Int = 20): Unit = {
    def isRightStatus =
      api.getStagingRepoState(stagingRepoId).equalsIgnoreCase(status)
    var attemptsLeft = attempts

    while (attemptsLeft > 0 && !isRightStatus) {
      Thread.sleep(3000)
      attemptsLeft -= 1
      if (attemptsLeft == 0) {
        throw new RuntimeException(s"Couldn't wait for staging repository to be ${status}. Failing")
      }
    }
  }

  private def md5hex(bytes: Array[Byte]): Array[Byte] =
    hexArray(md5.digest(bytes)).getBytes

  private def sha1hex(bytes: Array[Byte]): Array[Byte] =
    hexArray(sha1.digest(bytes)).getBytes

  private def md5 = MessageDigest.getInstance("md5")

  private def sha1 = MessageDigest.getInstance("sha1")

  private def hexArray(arr: Array[Byte]) =
    String.format("%0" + (arr.length << 1) + "x", new BigInteger(1, arr))

}

[lefou]

For those who came here in need to publish to Artifactory. Mill > 0.6.1 now has a artifactory module. See #783