Publish test fixtures everywhere and simplify signature configuration #1207
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Previously we had two nearly identical publications: `local` and `remote`. `local` was unsigned, and was only intended for local installation, but we could not really enforce that very well. Conversely, `remote` was signed (for non-snapshots) and was only intended for remote installation, which we likewise could not enforce very well. Now we just have a single `maven` publication. We always attempt to sign this publication's artifacts. However, signature misconfiguration is quietly allowed unless we are publishing a non-snapshot to a real Maven remote repository. Near as I can tell, this is the idiomatic way to sign official remote releases but not sign local installations or snapshot releases. **Note:** [this wiki documentation](https://github.com/wala/WALA/wiki/Creating-Releases-and-Snapshots#publishing-released-versions-locally) should be updated after this commit is merged into `master`. In fact, that entire section can probably just be deleted: after this change, the obvious `publishToMavenLocal` target works as expected. No signatures are required when installing only into the local Maven repository, even for non-snapshot releases.
msridhar
approved these changes
Jan 15, 2023
|
Agreed! |
For now, I have added a note that the paragraph only applies to releases 1.5.9 and earlier. Once we cut our next release, I will further clarify. |
liblit
deleted the
publish-testFixtures-everywhere-and-simplify-signature-configuration
branch
liblit
restored the
publish-testFixtures-everywhere-and-simplify-signature-configuration
branch
Excellent! Thank you for keeping this documentation in such good shape, @msridhar. |
liblit
deleted the
publish-testFixtures-everywhere-and-simplify-signature-configuration
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Publish test fixtures everywhere
Resolves #1201.
Simplify signature configuration
Previously we had two nearly identical publications:
localandremote.localwas unsigned, and was only intended for local installation, but we could not really enforce that very well. Conversely,remotewas signed (for non-snapshots) and was only intended for remote installation, which we likewise could not enforce very well.Now we just have a single
mavenpublication. We always attempt to sign this publication's artifacts. However, signature misconfiguration is quietly allowed unless we are publishing a non-snapshot to a real Maven remote repository. Near as I can tell, this is the idiomatic way to sign official remote releases but not sign local installations or snapshot releases.Note: this wiki documentation should be updated after this commit is merged into
master. In fact, that entire section can probably just be deleted: after this change, the obviouspublishToMavenLocaltarget works as expected. No signatures are required when installing only into the local Maven repository, even for non-snapshot releases.