almost automatic release to Maven Central

.github/workflows/prerelease.yaml

@@ -94,7 +94,7 @@ jobs:
           path: _tmp/jazzer.jar
           if-no-files-found: error
 
-  maven_predeploy:
+  maven_deploy:
     runs-on: ubuntu-22.04
     needs: merge_jars
 
@@ -128,16 +128,31 @@ jobs:
         env:
           RELEASE_SIGNING_KEY_ID: ${{ secrets.RELEASE_SIGNING_KEY_ID }}
           RELEASE_SIGNING_KEY_PRIVATE: ${{ secrets.RELEASE_SIGNING_KEY_PRIVATE }}
-          MAVEN_USER: ${{ secrets.MAVEN_USER }}
-          MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }}
-        run: JAZZER_JAR_PATH="$(pwd)/_tmp/jazzer.jar" bazel run deploy
+        run: |
+          JAZZER_JAR_PATH="$(pwd)/_tmp/jazzer.jar" bazel run deploy
+          cd _tmp
+          tar -czvf jazzer-maven-central-bundle.tar.gz -C release com
 
+      # In case something goes wrong, we can still reupload the bundle manually
       - name: Upload Jazzer Bundle to Github Artifacts
         uses: actions/upload-artifact@v5
         with:
           name: jazzer-maven-central-bundle
-          path: _tmp/release
+          path: _tmp/jazzer-maven-central-bundle.tar.gz
           if-no-files-found: error
+          # don't wrap .tar.gz in a .zip
+          compression-level: 0
+
+      - name: Deploy to Maven Central
+        shell: bash
+        run: |
+          TAG=${{ github.ref_name }}
+          curl --request POST \
+                --verbose \
+                --fail-with-body \
+                --header "Authorization: Bearer ${{ secrets.SONATYPE_BEARER_TOKEN }}" \
+                --form bundle=@_tmp/jazzer-maven-central-bundle.tar.gz \
+                "https://central.sonatype.com/api/v1/publisher/upload?name=Jazzer%20${TAG#v}&publishingType=AUTOMATIC"
 
   create_release:
     needs: build_release

CONTRIBUTING.md

@@ -131,11 +131,13 @@ Run `./format.sh` to format all source files in the way enforced by the "Check f
 
 ## Releasing (CI employees only)
 
-1. Push a tag of the form `v1.2.3` to trigger the "Prerelease" GitHub Actions workflow.
-2. Wait for the workflow to finish (about 10 minutes).
-3. Download the artifact called "jazzer-maven-central-bundle" from the prerelease workflow run.
-4. Log into https://central.sonatype.com/publishing and click on "Publish Component".
-5. In the dialog that follows, under "Upload Your File", select the downloaded artifact. The "Deployment Name" doesn't matter. Click "Publish Component".
-6. Refresh the page, and you should see "Deployment Info" with status "VALIDATED".
-7. Click "Publish" to publish the component to Maven Central and wait for the status to change to "PUBLISHED" (a refresh or two may be necessary).
-8. Release the draft Github release. This will automatically create a tag, push the docker images and deploy the docs (can take about a few minutes to appear at [jazzer-docs]( https://codeintelligencetesting.github.io/jazzer-docs)).
+1. Push a tag of the form `v1.2.3` to trigger the "Prerelease" GitHub Actions workflow followed by the "Release" workflow.
+2. Make sure that Jazzer was actually published on Maven Central.
+3. Publish the draft releas on Github. This will also automatically update the [jazzer-docs](https://codeintelligencetesting.github.io/jazzer-docs).
+
+Upon a failure to deploy to Maven Central, you can eather log into https://central.sonatype.com/publishing and see the status of the last attempt to publish, or follow these steps to manually deploy the artifacts:
+1. Download the bundle artifact called "jazzer-maven-central-bundle".
+2. Log into https://central.sonatype.com/publishing and click on "Publish Component".
+3. In the dialog that follows, under "Upload Your File", select the downloaded artifact. The "Deployment Name" doesn't matter. Click "Publish Component".
+4. Refresh the page, and you should see "Deployment Info" with status "VALIDATED".
+5. Click "Publish" to publish the component to Maven Central and wait for the status to change to "PUBLISHED" (a refresh or two may be necessary).

deploy/deploy.sh

@@ -30,10 +30,6 @@ JAZZER_COORDINATES=$1
 echo "$RELEASE_SIGNING_KEY_PRIVATE" | gpg --import
 echo "default-key $RELEASE_SIGNING_KEY_ID" > $HOME/.gnupg/gpg.conf
 
-[ -z "${MAVEN_USER+x}" ] && \
-  fail "Set MAVEN_USER to the Sonatype OSSRH user"
-[ -z "${MAVEN_PASSWORD+x}" ] && \
-  fail "Set MAVEN_PASSWORD to the Sonatype OSSRH password"
 [ -z "${JAZZER_JAR_PATH+x}" ] && \
   fail "Set JAZZER_JAR_PATH to the absolute path of jazzer.jar obtained from the release GitHub Actions workflow"
 [ ! -f "${JAZZER_JAR_PATH}" ] && \
@@ -68,12 +64,8 @@ JAZZER_DOCS_PATH=$PWD/$(bazel cquery --output=files //deploy:jazzer-docs)
 JAZZER_SOURCES_PATH=$PWD/$(bazel cquery --output=files //deploy:jazzer-sources)
 JAZZER_POM_PATH=$PWD/$(bazel cquery --output=files //deploy:jazzer-pom)
 
-bazel run --define "maven_repo=${MAVEN_REPO}" --define "maven_user=${MAVEN_USER}" \
-  --define "maven_password=${MAVEN_PASSWORD}" --define gpg_sign=true \
-  //deploy:jazzer-api.publish
-MAVEN_REPO="$MAVEN_REPO" GPG_SIGN="true" MAVEN_USER="$MAVEN_USER" MAVEN_PASSWORD="$MAVEN_PASSWORD" \
+bazel run --define "maven_repo=${MAVEN_REPO}" --define gpg_sign=true //deploy:jazzer-api.publish
+MAVEN_REPO="$MAVEN_REPO" GPG_SIGN="true" \
   bazel run @rules_jvm_external//private/tools/java/com/github/bazelbuild/rules_jvm_external/maven:MavenPublisher -- \
   "$JAZZER_COORDINATES" "$JAZZER_POM_PATH" "$JAZZER_JAR_PATH" "sources=${JAZZER_SOURCES_PATH},javadoc=${JAZZER_DOCS_PATH}"
-bazel run --define "maven_repo=${MAVEN_REPO}" --define "maven_user=${MAVEN_USER}" \
-  --define "maven_password=${MAVEN_PASSWORD}" --define gpg_sign=true \
-  //deploy:jazzer-junit.publish
+bazel run --define "maven_repo=${MAVEN_REPO}" --define gpg_sign=true //deploy:jazzer-junit.publish