diff --git a/.config/rollup.dist.config.mjs b/.config/rollup.dist.config.mjs index e9341c3e7..f719f4aa8 100644 --- a/.config/rollup.dist.config.mjs +++ b/.config/rollup.dist.config.mjs @@ -82,9 +82,8 @@ async function copyInitGradle() { // Copy the JVM build-tool resolution assets (Gradle init script, sbt plugin, // Maven extension jar) into dist/manifest-scripts, where run.mts resolves them -// at runtime. The Maven jar is compiled by maven-extension/build-jar.sh (run in -// CI / local dev) and is absent from a fresh checkout — copy it only if present; -// run.mts surfaces a build hint when it's missing. +// at runtime. The Maven jar is committed (rebuilt by maven-extension/build-jar.sh +// after source changes); the published build fails closed if it is missing. async function copyManifestScripts() { const srcDir = path.join(constants.srcPath, 'commands/manifest/scripts') const destDir = path.join(constants.distPath, 'manifest-scripts') diff --git a/.github/workflows/provenance.yml b/.github/workflows/provenance.yml index 3cc35b6de..4de4ff206 100644 --- a/.github/workflows/provenance.yml +++ b/.github/workflows/provenance.yml @@ -204,18 +204,6 @@ jobs: - name: Install dependencies run: pnpm install --loglevel error - # Compile the Maven manifest extension jar so the dist build bundles it - # into dist/manifest-scripts (the jar is never committed; it ships only in - # the published package). The org action allowlist forbids actions/setup-java, - # so use a JDK pre-installed on the runner image (JAVA_HOME_17_X64), falling - # back to the runner's default `java`. build-jar.sh uses the Maven wrapper. - - name: Build Maven manifest extension jar - run: | - if [ -n "${JAVA_HOME_17_X64:-}" ]; then - export JAVA_HOME="$JAVA_HOME_17_X64" - fi - pnpm run build:maven-extension - - run: INLINED_SOCKET_CLI_PUBLISHED_BUILD=1 pnpm run build:dist - name: Publish socket id: publish_socket diff --git a/src/commands/manifest/scripts/maven-extension/.gitignore b/src/commands/manifest/scripts/maven-extension/.gitignore index b8d44bdac..3a5bb8614 100644 --- a/src/commands/manifest/scripts/maven-extension/.gitignore +++ b/src/commands/manifest/scripts/maven-extension/.gitignore @@ -1,3 +1,4 @@ -# Build artifacts — the jar is compiled from source (build-jar.sh), never committed. +# Maven build output. The shaded jar (coana-maven-extension.jar) is committed so +# the published package ships it without a build-time network fetch; rebuild it +# with build-jar.sh after changing the extension source. target/ -coana-maven-extension.jar diff --git a/src/commands/manifest/scripts/maven-extension/build-jar.sh b/src/commands/manifest/scripts/maven-extension/build-jar.sh index eeaef2f67..ab51159b7 100755 --- a/src/commands/manifest/scripts/maven-extension/build-jar.sh +++ b/src/commands/manifest/scripts/maven-extension/build-jar.sh @@ -1,7 +1,8 @@ #!/usr/bin/env bash # Compile the Coana Maven core extension to a self-contained jar and place it at the path the TS -# runner resolves: manifest-scripts/maven-extension/coana-maven-extension.jar. Run by the npm-package -# build and the manifest-maven CI job. Uses the bundled Maven wrapper, so it needs only a JDK. +# runner resolves: manifest-scripts/maven-extension/coana-maven-extension.jar. The jar is committed, +# so run this to refresh it after changing the extension source. Uses the bundled Maven wrapper, so +# it needs only a JDK (and network access to fetch Maven and the plugin dependencies). set -euo pipefail here="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" diff --git a/src/commands/manifest/scripts/maven-extension/coana-maven-extension.jar b/src/commands/manifest/scripts/maven-extension/coana-maven-extension.jar new file mode 100644 index 000000000..095aba396 Binary files /dev/null and b/src/commands/manifest/scripts/maven-extension/coana-maven-extension.jar differ