Skip to content

feat(ci): configure maven publish job #653

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
DeviaVir wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat(ci): configure maven publish job #653

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitlab-ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ variables:

stages:
- build
- deploy

default:
image: ${CI_IMAGE}:${CI_IMAGE_VER} # set in CI env vars
Expand Down
52 changes: 52 additions & 0 deletions gitlab/deploy-maven.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
# maven credentials and gpg settings
# in runner's ~/.gradle/gradle.properties
publish_to_maven:
stage: deploy
tags:
- m4
rules:
- if: "$CI_COMMIT_TAG"
when: manual
needs: []
script:
- cd libs/gl-sdk-android
- ./gradlew publish --no-daemon
artifacts:
paths:
- libs/gl-sdk-android/lib/build/libs
- libs/gl-sdk-android/lib/build/outputs
- libs/gl-sdk-android/lib/build/publications
when: always
expire_in: 7 days
Comment on lines +14 to +20
Copy link

Copilot AI Jan 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The artifacts section captures build outputs including build/publications. These artifacts may contain signed artifacts or sensitive metadata. Consider whether these artifacts should be available for download or if they should be restricted, especially since this is a publishing job where the primary goal is to push artifacts to Maven Central, not to store them as CI artifacts.

Copilot uses AI. Check for mistakes.
allow_failure: true
Copy link

Copilot AI Jan 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The publish_to_maven job has allow_failure: true, which means a failed Maven publish will not fail the pipeline. For a tagged release that is manually triggered, a publishing failure should likely cause the pipeline to fail so that the issue is clearly visible and addressed. Consider setting allow_failure: false for release publishes.

Suggested change
allow_failure: true
allow_failure: false

Copilot uses AI. Check for mistakes.

publish_snapshot_to_maven:
stage: deploy
tags:
- m4
needs: []
rules:
- if: '$CI_COMMIT_BRANCH == "main"'
when: on_success
script:
- cd libs/gl-sdk-android
- RAW_VERSION=$(grep '^libraryVersion=' gradle.properties | cut -d'=' -f2)
- BASE_VERSION=${RAW_VERSION%-SNAPSHOT}
- VERSION_CORE=$(echo "$BASE_VERSION" | sed -E 's/[^0-9.].*$//')
Copy link

Copilot AI Jan 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The version extraction logic assumes the version follows a semantic versioning pattern. The sed command on line 35 will strip any suffix after the numeric version (e.g., -alpha, -beta), which may not be the intended behavior if the project uses such suffixes. Consider validating that the version format matches expectations or documenting this assumption.

Suggested change
- VERSION_CORE=$(echo "$BASE_VERSION" | sed -E 's/[^0-9.].*$//')
- if ! echo "$BASE_VERSION" | grep -Eq '^[0-9]+(\.[0-9]+){0,2}$'; then echo "Unsupported libraryVersion format: $BASE_VERSION" >&2; exit 1; fi
- VERSION_CORE="$BASE_VERSION"

Copilot uses AI. Check for mistakes.
- IFS='.' read -r MAJOR MINOR PATCH <<< "$VERSION_CORE"
- MAJOR=${MAJOR:-0}
- MINOR=${MINOR:-0}
- PATCH=${PATCH:-0}
Comment on lines +34 to +39
Copy link

Copilot AI Jan 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The version parsing logic doesn't validate that the version format is valid before processing. If VERSION_CORE is empty or malformed, the script will continue with default values (0.0.0), potentially publishing an incorrect snapshot version. Consider adding validation to ensure the version from gradle.properties is in the expected format before proceeding.

Suggested change
- BASE_VERSION=${RAW_VERSION%-SNAPSHOT}
- VERSION_CORE=$(echo "$BASE_VERSION" | sed -E 's/[^0-9.].*$//')
- IFS='.' read -r MAJOR MINOR PATCH <<< "$VERSION_CORE"
- MAJOR=${MAJOR:-0}
- MINOR=${MINOR:-0}
- PATCH=${PATCH:-0}
- if [ -z "$RAW_VERSION" ]; then echo "Error: libraryVersion not found in gradle.properties"; exit 1; fi
- BASE_VERSION=${RAW_VERSION%-SNAPSHOT}
- VERSION_CORE=$(echo "$BASE_VERSION" | sed -E 's/[^0-9.].*$//')
- if ! echo "$VERSION_CORE" | grep -Eq '^[0-9]+\.[0-9]+\.[0-9]+$'; then echo "Error: Invalid version format '$RAW_VERSION' (expected MAJOR.MINOR.PATCH[-suffix])"; exit 1; fi
- IFS='.' read -r MAJOR MINOR PATCH <<< "$VERSION_CORE"

Copilot uses AI. Check for mistakes.
- NEXT_PATCH=$((PATCH + 1))
- NEXT_VERSION="${MAJOR}.${MINOR}.${NEXT_PATCH}"
- SNAPSHOT_VERSION="${NEXT_VERSION}-SNAPSHOT"
- echo "Publishing snapshot version ${SNAPSHOT_VERSION} (base=${BASE_VERSION})"
- ./gradlew -PlibraryVersion=${SNAPSHOT_VERSION} publish --no-daemon
artifacts:
paths:
- libs/gl-sdk-android/lib/build/libs
- libs/gl-sdk-android/lib/build/outputs
- libs/gl-sdk-android/lib/build/publications
when: always
expire_in: 7 days
Comment on lines +45 to +51
Copy link

Copilot AI Jan 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The artifacts section captures build outputs including build/publications. These artifacts may contain signed artifacts or sensitive metadata. Consider whether these artifacts should be available for download or if they should be restricted, especially since this is a publishing job where the primary goal is to push artifacts to Maven Central, not to store them as CI artifacts.

Copilot uses AI. Check for mistakes.
allow_failure: true
6 changes: 3 additions & 3 deletions libs/gl-sdk-android/lib/build.gradle.kts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -136,8 +136,8 @@ mavenPublishing {
}
}

//publishToMavenCentral()
//signAllPublications()
publishToMavenCentral()
signAllPublications()
}

extensions.configure<SigningExtension> {
Expand All @@ -152,4 +152,4 @@ tasks.withType<Sign>().configureEach {
// Skip signing if the build is targeting the local Maven repository
taskNames.none { it.contains("publishToMavenLocal", ignoreCase = true) || it.contains("publishToLocalMaven", ignoreCase = true) }
}
}
}
Loading