HHH-19341 Backport JReleaser config to 6.4

Author: marko-bekhta

build.gradle

@@ -28,8 +28,6 @@ plugins {
 	id 'org.checkerframework' version '0.6.34'
 	id 'org.hibernate.orm.build.jdks'
 
-	id 'io.github.gradle-nexus.publish-plugin' version '1.1.0'
-
 	id 'idea'
 	id 'org.jetbrains.gradle.plugin.idea-ext' version '1.0'
 	id 'eclipse'
@@ -61,13 +59,6 @@ tasks.register('publish') {
 			"themselves if they have any publish-related activities to perform"
 }
 
-nexusPublishing {
-	repositories {
-		sonatype()
-	}
-}
-
-
 // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 // CI Build Task
 
@@ -98,6 +89,3 @@ idea {
 		name = "hibernate-orm"
 	}
 }
-
-
-

ci/release/Jenkinsfile

@@ -170,6 +170,7 @@ pipeline {
 					env.RELEASE_VERSION = releaseVersion.toString()
 					env.DEVELOPMENT_VERSION = developmentVersion.toString()
 					env.SCRIPT_OPTIONS = params.RELEASE_DRY_RUN ? "-d" : ""
+					env.JRELEASER_DRY_RUN = params.RELEASE_DRY_RUN
 
 					// Determine version id to check if Jira version exists
 					sh ".release/scripts/determine-jira-version-id.sh ${env.JIRA_KEY} ${releaseVersion.withoutFinalQualifier}"
@@ -191,12 +192,11 @@ pipeline {
 							// tags the version
 							// changes the version to the provided development version
 							withEnv([
-									"BRANCH=${env.GIT_BRANCH}",
 									"DISABLE_REMOTE_GRADLE_CACHE=true",
 									// Increase the amount of memory for this part since asciidoctor doc rendering consumes a lot of metaspace
 									"GRADLE_OPTS=-Dorg.gradle.jvmargs='-Dlog4j2.disableJmx -Xmx4g -XX:MaxMetaspaceSize=768m -XX:+HeapDumpOnOutOfMemoryError -Duser.language=en -Duser.country=US -Duser.timezone=UTC -Dfile.encoding=UTF-8'"
 							]) {
-								sh ".release/scripts/prepare-release.sh ${env.PROJECT} ${env.RELEASE_VERSION} ${env.DEVELOPMENT_VERSION}"
+								sh ".release/scripts/prepare-release.sh -j -b ${env.GIT_BRANCH} -v ${env.DEVELOPMENT_VERSION} ${env.PROJECT} ${env.RELEASE_VERSION}"
 							}
 						}
 					}
@@ -214,20 +214,28 @@ pipeline {
 					]) {
 						withCredentials([
 							// https://github.com/gradle-nexus/publish-plugin#publishing-to-maven-central-via-sonatype-ossrh
-							usernamePassword(credentialsId: 'ossrh.sonatype.org', passwordVariable: 'ORG_GRADLE_PROJECT_sonatypePassword', usernameVariable: 'ORG_GRADLE_PROJECT_sonatypeUsername'),
+							// TODO: HHH-19309:
+							//  Once we switch to maven-central publishing (from nexus2) we need to add a new credentials
+							//  to use the following env variable names to set the user/password:
+							//  - JRELEASER_MAVENCENTRAL_USERNAME
+							//  - JRELEASER_MAVENCENTRAL_TOKEN
+							//  Also use the new `credentialsId` for Maven Central, e.g.:
+							//  usernamePassword(credentialsId: '???????', passwordVariable: 'JRELEASER_MAVENCENTRAL_TOKEN', usernameVariable: 'JRELEASER_MAVENCENTRAL_USERNAME'),
+							usernamePassword(credentialsId: 'ossrh.sonatype.org', passwordVariable: 'JRELEASER_NEXUS2_PASSWORD', usernameVariable: 'JRELEASER_NEXUS2_USERNAME'),
 							// https://docs.gradle.org/current/userguide/publishing_gradle_plugins.html#account_setup
 							usernamePassword(credentialsId: 'gradle-plugin-portal-api-key', passwordVariable: 'GRADLE_PUBLISH_SECRET', usernameVariable: 'GRADLE_PUBLISH_KEY'),
-							file(credentialsId: 'release.gpg.private-key', variable: 'SIGNING_GPG_PRIVATE_KEY_PATH'),
-							string(credentialsId: 'release.gpg.passphrase', variable: 'SIGNING_GPG_PASSPHRASE'),
-							gitUsernamePassword(credentialsId: 'username-and-token.Hibernate-CI.github.com', gitToolName: 'Default')
+							gitUsernamePassword(credentialsId: 'username-and-token.Hibernate-CI.github.com', gitToolName: 'Default'),
+							file(credentialsId: 'release.gpg.private-key', variable: 'RELEASE_GPG_PRIVATE_KEY_PATH'),
+							string(credentialsId: 'release.gpg.passphrase', variable: 'JRELEASER_GPG_PASSPHRASE'),
+							string(credentialsId: 'Hibernate-CI.github.com', variable: 'JRELEASER_GITHUB_TOKEN')
 						]) {
 							sshagent(['ed25519.Hibernate-CI.github.com', 'hibernate.filemgmt.jboss.org', 'hibernate-ci.frs.sourceforge.net']) {
 								// performs documentation upload and Sonatype release
 								// push to github
 								withEnv([
 										"DISABLE_REMOTE_GRADLE_CACHE=true"
 								]) {
-									sh ".release/scripts/publish.sh ${env.SCRIPT_OPTIONS} ${env.PROJECT} ${env.RELEASE_VERSION} ${env.DEVELOPMENT_VERSION} ${env.GIT_BRANCH}"
+									sh ".release/scripts/publish.sh -j ${env.SCRIPT_OPTIONS} ${env.PROJECT} ${env.RELEASE_VERSION} ${env.DEVELOPMENT_VERSION} ${env.GIT_BRANCH}"
 								}
 							}
 						}

ci/snapshot-publish.Jenkinsfile

@@ -10,6 +10,14 @@ if (currentBuild.getBuildCauses().toString().contains('BranchIndexingCause')) {
   	return
 }
 
+def checkoutReleaseScripts() {
+    dir('.release/scripts') {
+        checkout scmGit(branches: [[name: '*/main']], extensions: [],
+                userRemoteConfigs: [[credentialsId: 'ed25519.Hibernate-CI.github.com',
+                                     url: 'https://github.com/hibernate/hibernate-release-scripts.git']])
+    }
+}
+
 pipeline {
     agent {
         label 'Release'
@@ -30,21 +38,31 @@ pipeline {
 		}
 		stage('Publish') {
 			steps {
-                withCredentials([
-                    // https://github.com/gradle-nexus/publish-plugin#publishing-to-maven-central-via-sonatype-ossrh
-                    usernamePassword(credentialsId: 'ossrh.sonatype.org', passwordVariable: 'ORG_GRADLE_PROJECT_sonatypePassword', usernameVariable: 'ORG_GRADLE_PROJECT_sonatypeUsername'),
-                    // https://docs.gradle.org/current/userguide/publishing_gradle_plugins.html#account_setup
-                    usernamePassword(credentialsId: 'gradle-plugin-portal-api-key', passwordVariable: 'GRADLE_PUBLISH_SECRET', usernameVariable: 'GRADLE_PUBLISH_KEY'),
-                    file(credentialsId: 'release.gpg.private-key', variable: 'SIGNING_GPG_PRIVATE_KEY_PATH'),
-                    string(credentialsId: 'release.gpg.passphrase', variable: 'SIGNING_GPG_PASSPHRASE')
-                    gitUsernamePassword(credentialsId: 'username-and-token.Hibernate-CI.github.com', gitToolName: 'Default')
-                ]) {
-					withEnv([
-							"DISABLE_REMOTE_GRADLE_CACHE=true"
-					]) {
-						sh './gradlew clean publish -x test --no-scan --no-daemon --no-build-cache --stacktrace'
-					}
-				}
+                script {
+                    withCredentials([
+                            // https://github.com/gradle-nexus/publish-plugin#publishing-to-maven-central-via-sonatype-ossrh
+                            // TODO: HHH-19309:
+                            //  Once we switch to maven-central publishing (from nexus2) we need to update credentialsId:
+                            // https://docs.gradle.org/current/samples/sample_publishing_credentials.html#:~:text=via%20environment%20variables
+                            usernamePassword(credentialsId: 'ossrh.sonatype.org', passwordVariable: 'ORG_GRADLE_PROJECT_snapshotsPassword', usernameVariable: 'ORG_GRADLE_PROJECT_snapshotsUsername'),
+                            string(credentialsId: 'Hibernate-CI.github.com', variable: 'JRELEASER_GITHUB_TOKEN'),
+                            // https://docs.gradle.org/current/userguide/publishing_gradle_plugins.html#account_setup
+                            usernamePassword(credentialsId: 'gradle-plugin-portal-api-key', passwordVariable: 'GRADLE_PUBLISH_SECRET', usernameVariable: 'GRADLE_PUBLISH_KEY'),
+                            gitUsernamePassword(credentialsId: 'username-and-token.Hibernate-CI.github.com', gitToolName: 'Default')
+                    ]) {
+                        withEnv([
+                                "DISABLE_REMOTE_GRADLE_CACHE=true"
+                        ]) {
+                            checkoutReleaseScripts()
+                            def version = sh(
+                                    script: ".release/scripts/determine-current-version.sh orm",
+                                    returnStdout: true
+                            ).trim()
+                            echo "Current version: '${version}'"
+                            sh "bash -xe .release/scripts/snapshot-deploy.sh orm ${version}"
+                        }
+                    }
+                }
 			}
         }
     }
@@ -55,4 +73,4 @@ pipeline {
             }
         }
     }
-}
+}

gradle/published-java-module.gradle

@@ -9,8 +9,6 @@ apply from: rootProject.file( 'gradle/releasable.gradle' )
 apply from: rootProject.file( 'gradle/java-module.gradle' )
 apply from: rootProject.file( 'gradle/publishing-pom.gradle' )
 
-apply plugin: 'signing'
-
 // Make sure that the publishReleaseArtifacts task of the release module runs the release task of this sub module
 tasks.getByPath( ':release:publishReleaseArtifacts' ).dependsOn tasks.release
 
@@ -98,6 +96,19 @@ publishing {
 			}
 		}
 	}
+    repositories {
+        maven {
+            name = "staging"
+            url = rootProject.layout.buildDirectory.dir("staging-deploy${File.separator}maven")
+        }
+        maven {
+            name = 'snapshots'
+            url = "https://oss.sonatype.org/content/repositories/snapshots/"
+            // So that Gradle uses the `ORG_GRADLE_PROJECT_snapshotsPassword` / `ORG_GRADLE_PROJECT_snapshotsUsername`
+            //  env variables to read the username/password for the `snapshots` repository publishing:
+            credentials(PasswordCredentials)
+        }
+    }
 }
 
 tasks.withType(PublishToMavenLocal).configureEach {
@@ -122,81 +133,20 @@ tasks.withType(PublishToMavenRepository).configureEach {
 	}
 }
 
-
-// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-// Signing
-
-def signingKey = resolveSigningKey()
-def signingPassphrase = resolveSigningPassphrase()
-
-var signingExtension = project.getExtensions().getByType(SigningExtension) as SigningExtension
-signingExtension.sign publishing.publications.publishedArtifacts
-signingExtension.useInMemoryPgpKeys(signingKey, signingPassphrase)
-
-
-gradle.taskGraph.whenReady { TaskExecutionGraph graph ->
-	// are we publishing to OSSRH?
-	boolean wasPublishingRequested = false
-
-	graph.allTasks.each {task ->
-		if ( task instanceof PublishToMavenRepository ) {
-			if ( "sonatype" == task.repository.name ) {
-				wasPublishingRequested = true
-			}
-		}
-	}
-
-	if ( wasPublishingRequested ) {
-		def ossrhUser = System.getenv().get( "ORG_GRADLE_PROJECT_sonatypeUsername" )
-		def ossrhPass = System.getenv().get( "ORG_GRADLE_PROJECT_sonatypePassword" )
-		if ( ossrhUser == null || ossrhPass == null ) {
-			throw new RuntimeException( "Cannot perform publishing to OSSRH without credentials." )
-		}
-		logger.lifecycle "Publishing {} : {} : {}", project.group, project.name, project.version
-		signingExtension.required = true
-	}
-	else if ( signingKey == null || signingPassphrase == null ) {
-		tasks.withType( Sign ).each { t-> t.enabled = false }
-	}
-}
-
-static String resolveSigningKey() {
-	var key = System.getenv().get( "SIGNING_GPG_PRIVATE_KEY" )
-	if ( key != null ) {
-		return key
-	}
-
-	var keyFile = System.getenv().get( "SIGNING_GPG_PRIVATE_KEY_PATH" )
-	if ( keyFile != null ) {
-		return new File( keyFile ).text
-	}
-
-	return null
-}
-
-static String resolveSigningPassphrase() {
-	return System.getenv().get( "SIGNING_GPG_PASSPHRASE" )
-}
-
-
 // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 // Release / publishing tasks
 
 tasks.register('ciBuild') {
-	dependsOn test, tasks.publishToSonatype
+	dependsOn test
 }
 
-tasks.release.dependsOn tasks.test, tasks.publishToSonatype
+tasks.release.dependsOn tasks.test
 
 tasks.preVerifyRelease.dependsOn build
 tasks.preVerifyRelease.dependsOn generateMetadataFileForPublishedArtifactsPublication
 tasks.preVerifyRelease.dependsOn generatePomFileForPublishedArtifactsPublication
 tasks.preVerifyRelease.dependsOn generatePomFileForRelocationPomPublication
 
-tasks.publishToSonatype.mustRunAfter test
-
-
-
 // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 // Ancillary tasks
 

hibernate-platform/hibernate-platform.gradle

@@ -75,9 +75,3 @@ publishing {
         }
     }
 }
-
-project( ":release" ).getTasks().named( "publishReleaseArtifacts" ).configure {
-    dependsOn tasks.release
-}
-
-tasks.release.dependsOn tasks.publishToSonatype

tooling/hibernate-gradle-plugin/hibernate-gradle-plugin.gradle

@@ -167,9 +167,9 @@ gradle.taskGraph.whenReady { tg ->
 		if ( t.repository == null ) {
 			logger.info( "Task `{}` had null repository", t.path )
 		}
-		else if ( t.repository.name == "sonatype" ) {
-			logger.debug( "Disabling task `{}` because it publishes to Sonatype", t.path )
+		else if ( t.repository.name == "staging" || t.repository.name == "snapshots" ) {
+			logger.debug( "Disabling task `{}` because it publishes to remote Maven repository", t.path )
 			t.enabled = false
 		}
 	}
-}
+}