Skip to content

Commit ba2d3ed

Browse files
committed
fix(ci): commit the prebuilt Maven extension jar instead of building at release
The release runs behind Socket Firewall, which intercepts the Maven wrapper's download of Maven (and the extension's plugin dependencies) and fails the build, so the jar cannot be compiled during the publish workflow. Commit the shaded jar and drop the build:maven-extension step from provenance.yml. Rebuild the jar locally with build-jar.sh after changing the extension source; the dist build copies the committed jar and still fails closed if it is missing.
1 parent 68d109f commit ba2d3ed

5 files changed

Lines changed: 8 additions & 19 deletions

File tree

.config/rollup.dist.config.mjs

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -82,9 +82,8 @@ async function copyInitGradle() {
8282

8383
// Copy the JVM build-tool resolution assets (Gradle init script, sbt plugin,
8484
// Maven extension jar) into dist/manifest-scripts, where run.mts resolves them
85-
// at runtime. The Maven jar is compiled by maven-extension/build-jar.sh (run in
86-
// CI / local dev) and is absent from a fresh checkout — copy it only if present;
87-
// run.mts surfaces a build hint when it's missing.
85+
// at runtime. The Maven jar is committed (rebuilt by maven-extension/build-jar.sh
86+
// after source changes); the published build fails closed if it is missing.
8887
async function copyManifestScripts() {
8988
const srcDir = path.join(constants.srcPath, 'commands/manifest/scripts')
9089
const destDir = path.join(constants.distPath, 'manifest-scripts')

.github/workflows/provenance.yml

Lines changed: 0 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -204,18 +204,6 @@ jobs:
204204
- name: Install dependencies
205205
run: pnpm install --loglevel error
206206

207-
# Compile the Maven manifest extension jar so the dist build bundles it
208-
# into dist/manifest-scripts (the jar is never committed; it ships only in
209-
# the published package). The org action allowlist forbids actions/setup-java,
210-
# so use a JDK pre-installed on the runner image (JAVA_HOME_17_X64), falling
211-
# back to the runner's default `java`. build-jar.sh uses the Maven wrapper.
212-
- name: Build Maven manifest extension jar
213-
run: |
214-
if [ -n "${JAVA_HOME_17_X64:-}" ]; then
215-
export JAVA_HOME="$JAVA_HOME_17_X64"
216-
fi
217-
pnpm run build:maven-extension
218-
219207
- run: INLINED_SOCKET_CLI_PUBLISHED_BUILD=1 pnpm run build:dist
220208
- name: Publish socket
221209
id: publish_socket

src/commands/manifest/scripts/maven-extension/.gitignore

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1-
# Build artifacts — the jar is compiled from source (build-jar.sh), never committed.
1+
# Maven build output. The shaded jar (coana-maven-extension.jar) is committed so
2+
# the published package ships it without a build-time network fetch; rebuild it
3+
# with build-jar.sh after changing the extension source.
24
target/
3-
coana-maven-extension.jar

src/commands/manifest/scripts/maven-extension/build-jar.sh

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,8 @@
11
#!/usr/bin/env bash
22
# Compile the Coana Maven core extension to a self-contained jar and place it at the path the TS
3-
# runner resolves: manifest-scripts/maven-extension/coana-maven-extension.jar. Run by the npm-package
4-
# build and the manifest-maven CI job. Uses the bundled Maven wrapper, so it needs only a JDK.
3+
# runner resolves: manifest-scripts/maven-extension/coana-maven-extension.jar. The jar is committed,
4+
# so run this to refresh it after changing the extension source. Uses the bundled Maven wrapper, so
5+
# it needs only a JDK (and network access to fetch Maven and the plugin dependencies).
56
set -euo pipefail
67

78
here="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
Binary file not shown.

0 commit comments

Comments
 (0)