Use JReleaser to publish to new Maven Central API

Publishing to Maven Central using OSSRH is deprecated and is sunset on
2025-06-30. The build needs to be migrated to use the Central Publishing
Portal. There is currently no support for this in Gradle's own
publishing capability, and no official Sonatype Gradle publishing
plugin. JReleaser is currently recommended by Sonatype for Gradle
publishing to Maven Central.

Signed-off-by: Mark S. Lewis <[email protected]>

Author: bestbeforetoday

.github/workflows/release.yml

@@ -15,14 +15,7 @@ env:
   IMAGE_NAME: ${{ github.repository_owner }}/fabric-javaenv
 
 jobs:
-  # Publishing steps to both the Github Packages and the Sonatype
-  publishjars:
-    strategy:
-      fail-fast: false
-      matrix:
-        publish_target:
-          - publishAllPublicationsToGithubPackagesRepository
-          - publishAllPublicationsToReleaseRepository
+  publish-github:
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -34,18 +27,38 @@ jobs:
           distribution: "temurin"
           java-version: 21
       - uses: gradle/actions/setup-gradle@v4
-      - name: Push to registry ${{ matrix.publish_target }}
+      - name: Publish to GitHub Packages
         run: |
-          set -xev
-          ./gradlew -Psigning.key="${SIGNING_KEY}" -Psigning.password="${SIGNING_PASSWORD}" -PossrhUsername="${OSSRH_USER}" -PossrhPassword="${OSSRH_PASSWORD}" ${TARGET}
+          ./gradlew publishAllPublicationsToGitHubRepository
         env:
-          SIGNING_PASSWORD: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}
-          SIGNING_KEY: ${{ secrets.OSSRH_GPG_SECRET_KEY }}
-          OSSRH_USER: ${{ secrets.OSSRH_USERNAME }}
-          OSSRH_PASSWORD: ${{ secrets.OSSRH_TOKEN }}
-          TARGET: ${{ matrix.publish_target }}
+          ORG_GRADLE_PROJECT_signingKey: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}
+          ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.OSSRH_GPG_SECRET_KEY }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
+  publish-maven:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-java@v4
+        with:
+          distribution: "temurin"
+          java-version: 21
+      - uses: gradle/actions/setup-gradle@v4
+      - name: Publish to local staging
+        run: |
+          ./gradlew publishAllPublicationsToStagingRepository
+        env:
+          ORG_GRADLE_PROJECT_signingKey: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}
+          ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.OSSRH_GPG_SECRET_KEY }}
+      - name: Publish to Maven Central
+        run: |
+          ./gradlew jreleaserDeploy --stacktrace
+        env:
+          JRELEASER_MAVENCENTRAL_USERNAME: ${{ secrets.MAVENCENTRAL_USERNAME }}
+          JRELEASER_MAVENCENTRAL_PASSWORD: ${{ secrets.MAVENCENTRAL_PASSWORD }}
+
   docker-build-push:
     name: Push Docker image
     runs-on: ${{ matrix.arch.runner }}

fabric-chaincode-shim/build.gradle

@@ -6,8 +6,9 @@
 
 plugins {
     id 'maven-publish'
-    id 'jacoco'
     id 'signing'
+    id 'org.jreleaser' version '1.18.0'
+    id 'jacoco'
     id 'pmd'
 }
 
@@ -137,7 +138,7 @@ jacocoTestCoverageVerification {
 test.finalizedBy(jacocoTestReport)
 test.finalizedBy(jacocoTestCoverageVerification)
 
-task licenseCheck {
+tasks.register('licenseCheck') {
     group = "license"
     description = "Checks the License part of each source file"
 
@@ -146,34 +147,37 @@ task licenseCheck {
     def missing = new LinkedList<File>()
     sourceSets.forEach {
         sourceSet ->
-            sourceSet.allSource.findAll { !it.path.contains("build") && !(it.path.contains("test") && it.path.contains("resources"))}.each {
+            sourceSet.allSource.findAll {
+                !it.path.contains("build") &&
+                  !(it.path.contains("test") && it.path.contains("resources"))
+            }.each {
                 file ->
-                if  (!file.name.contains("json")){
-                    BufferedReader r = new BufferedReader(new FileReader(file))
-                    def line, hasSPDX = false, hasTraditional = false
-                    while ((line = r.readLine()) != null) {
-                        if (line.contains("SPDX-License-Identifier")) {
-                            hasSPDX = true
-                            break
+                    if (!file.name.contains("json")) {
+                        BufferedReader r = new BufferedReader(new FileReader(file))
+                        def line, hasSPDX = false, hasTraditional = false
+                        while ((line = r.readLine()) != null) {
+                            if (line.contains("SPDX-License-Identifier")) {
+                                hasSPDX = true
+                                break
+                            }
+                            if (line.contains("http://www.apache.org/licenses/LICENSE-2.0")) {
+                                hasTraditional = true
+                                break
+                            }
                         }
-                        if (line.contains("http://www.apache.org/licenses/LICENSE-2.0")) {
-                            hasTraditional = true
-                            break
-                        }
-                    }
-                    if (!hasSPDX) {
-                        if (hasTraditional) {
-                            noSPDX.add(file)
-                        } else {
-                            missing.add(file)
+                        if (!hasSPDX) {
+                            if (hasTraditional) {
+                                noSPDX.add(file)
+                            } else {
+                                missing.add(file)
+                            }
                         }
                     }
-                }
             }
     }
 
     if (noSPDX.isEmpty()) {
-        println "All remaining files have Apache 2.0 headers"
+        println "All remaining files have Apache 2.0 headers."
     } else {
         println "We are standardizing with the SPDX style license headers."
         println "The following files contain the traditional license headers which are still valid:"
@@ -212,17 +216,13 @@ javadoc {
 
     classpath = sourceSets.main.runtimeClasspath
 
-    javadoc.options.addStringOption('Xdoclint:none', '-quiet')
+    options.addStringOption('Xdoclint:none', '-quiet')
+    options.addStringOption('Xwerror', '-quiet')
     options.overview = "src/main/java/org/hyperledger/fabric/overview.html"
-}
 
-if (JavaVersion.current().isJava8Compatible()) {
-    project.tasks.withType(Javadoc) {
-        options.addStringOption('Xdoclint:all', '-quiet')
-        options.addStringOption('Xwerror', '-quiet')
-    }
 }
 
+def final stagingDeployUrl = layout.buildDirectory.dir('staging-deploy')
 
 publishing {
      publications {
@@ -235,10 +235,12 @@ publishing {
                 name = 'JavaChaincodeShim'
                 packaging = 'jar'
                 description = 'Hyperledger Fabric Java Chaincode Shim'
-                url = 'http://www.hyperledger.org/'
+                url = 'https://hyperledger.github.io/fabric-chaincode-java/'
 
                 scm {
-                    url = 'https://github.com/hyperledger/fabric-chaincode-java.git'
+                    connection = 'scm:git:https://github.com/hyperledger/fabric-chaincode-java.git'
+                    developerConnection = 'scm:git:ssh://github.com:hyperledger/fabric-chaincode-java.git'
+                    url = 'https://github.com/hyperledger/fabric-chaincode-java'
                 }
                 licenses {
                     license {
@@ -248,26 +250,16 @@ publishing {
                 }
 
                 developers {
-                    developer {
-                        id = 'gennadylaventman'
-                        name = 'Gennady Laventman'
-                        email = '[email protected]'
-                    }
-                    developer {
-                        id = 'luiss'
-                        name = 'Luis Sanchez'
-                        email = '[email protected]'
-                    }
-                    developer {
-                        id = 'C0rWin'
-                        name = 'Artem Barger'
-                        email = '[email protected]'
-                    }
                     developer {
                         id = 'denyeart'
                         name = 'David Enyeart'
                         email = '[email protected]'
                     }
+                    developer {
+                        id = 'bestbeforetoday'
+                        name = 'Mark S. Lewis'
+                        email = '[email protected]'
+                    }
                 }
             }
          }
@@ -276,17 +268,12 @@ publishing {
 
     repositories {
         maven {
-            name = "release"
-            url = "https://oss.sonatype.org/service/local/staging/deploy/maven2/"
-            credentials {
-                username = project.findProperty('ossrhUsername')
-                password = project.findProperty('ossrhPassword')
-            }
-
+            name = "Staging"
+            url = stagingDeployUrl
         }
 
         maven {
-            name = "GitHubPackages"
+            name = "GitHub"
             url = "https://maven.pkg.github.com/hyperledger/fabric-chaincode-java"
             credentials {
                 username = System.getenv("GITHUB_ACTOR")
@@ -297,25 +284,42 @@ publishing {
 }
 
 signing {
-    println "Signing"
-    if (project.findProperty('signing.key')) {
-        def signingKey = project.findProperty('signing.key')
-        def signingPassword = project.findProperty('signing.password')
-        useInMemoryPgpKeys(signingKey, signingPassword)
-
-        sign publishing.publications.shim
-        println "... signed"
-    } else {
-        println "... no keys to use "
+    required = { gradle.taskGraph.hasTask(":${project.name}:publishAllPublicationsToStagingRepository") }
+
+    def signingKey = findProperty('signingKey')
+    def signingPassword = findProperty('signingPassword')
+    useInMemoryPgpKeys(signingKey, signingPassword)
+
+    sign publishing.publications.shim
+}
+
+jreleaser {
+    gitRootSearch = true
+    deploy {
+        maven {
+            mavenCentral {
+                sonatype {
+                    active = 'ALWAYS'
+                    url = 'https://central.sonatype.com/api/v1/publisher'
+                    sign = false
+                    stagingRepository(file(stagingDeployUrl).toString())
+                }
+            }
+        }
+    }
+    release {
+        github {
+            enabled = false
+        }
     }
 }
 
 // Need to specify the sourcesJar task BEFORE the java{withSourcesJar()} so that it picks up the duplicatesStratergy
 // otherwise this fails with a duplicates error.
 // (see https://github.com/gradle/gradle/issues/17236)
 
-task sourcesJar(type: Jar) {
-    duplicatesStrategy = 'include'
+tasks.register('sourcesJar', Jar) {
+    duplicatesStrategy = DuplicatesStrategy.INCLUDE
     archiveClassifier = 'sources'
     from sourceSets.main.allSource
 }
@@ -332,16 +336,16 @@ build.dependsOn licenseCheck
 import org.gradle.api.tasks.testing.logging.TestExceptionFormat
 import org.gradle.api.tasks.testing.logging.TestLogEvent
 
-tasks.withType(Test) {
+tasks.withType(Test).configureEach {
 
     environment "CORE_PEER_LOCALMSPID", "mymsp"
 
     testLogging {
         // set options for log level LIFECYCLE
         events TestLogEvent.FAILED,
-               TestLogEvent.PASSED,
-               TestLogEvent.SKIPPED,
-               TestLogEvent.STANDARD_OUT
+          TestLogEvent.PASSED,
+          TestLogEvent.SKIPPED,
+          TestLogEvent.STANDARD_OUT
         exceptionFormat = TestExceptionFormat.FULL
         showExceptions = true
         showCauses = true
@@ -350,22 +354,23 @@ tasks.withType(Test) {
         // set options for log level DEBUG and INFO
         debug {
             events TestLogEvent.STARTED,
-                   TestLogEvent.FAILED,
-                   TestLogEvent.PASSED,
-                   TestLogEvent.SKIPPED,
-                   TestLogEvent.STANDARD_ERROR,
-                   TestLogEvent.STANDARD_OUT
+              TestLogEvent.FAILED,
+              TestLogEvent.PASSED,
+              TestLogEvent.SKIPPED,
+              TestLogEvent.STANDARD_ERROR,
+              TestLogEvent.STANDARD_OUT
             exceptionFormat = TestExceptionFormat.FULL
         }
         info.events = debug.events
         info.exceptionFormat = debug.exceptionFormat
 
-        afterSuite { desc, result ->
+        afterSuite {desc, result ->
             if (!desc.parent) { // will match the outermost suite
                 def output = "Results: ${result.resultType} (${result.testCount} tests, ${result.successfulTestCount} successes, ${result.failedTestCount} failures, ${result.skippedTestCount} skipped)"
                 def startItem = '|  ', endItem = '  |'
                 def repeatLength = startItem.length() + output.length() + endItem.length()
-                println('\n' + ('-' * repeatLength) + '\n' + startItem + output + endItem + '\n' + ('-' * repeatLength))
+                println('\n' + ('-' * repeatLength) + '\n' + startItem + output + endItem + '\n' +
+                  ('-' * repeatLength))
             }
         }
     }

gradle/wrapper/gradle-wrapper.jar

@@ -86,8 +86,7 @@ done
 # shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
 # Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
-APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s
-' "$PWD" ) || exit
+APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s\n' "$PWD" ) || exit
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum
@@ -115,7 +114,7 @@ case "$( uname )" in                #(
   NONSTOP* )        nonstop=true ;;
 esac
 
-CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
+CLASSPATH="\\\"\\\""
 
 
 # Determine the Java command to use to start the JVM.
@@ -206,15 +205,15 @@ fi
 DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
 
 # Collect all arguments for the java command:
-#   * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
 #     and any embedded shellness will be escaped.
 #   * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
 #     treated as '${Hostname}' itself on the command line.
 
 set -- \
         "-Dorg.gradle.appname=$APP_BASE_NAME" \
         -classpath "$CLASSPATH" \
-        org.gradle.wrapper.GradleWrapperMain \
+        -jar "$APP_HOME/gradle/wrapper/gradle-wrapper.jar" \
         "$@"
 
 # Stop when "xargs" is not available.

gradlew

@@ -70,11 +70,11 @@ goto fail
 :execute
 @rem Setup the command line
 
-set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
+set CLASSPATH=
 
 
 @rem Execute Gradle
-"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" -jar "%APP_HOME%\gradle\wrapper\gradle-wrapper.jar" %*
 
 :end
 @rem End local scope for the variables with windows NT shell