mavenDeployer publishing jars that do not match the pom

My problem is probably a misunderstanding on my part, and not an issue with gradle, but I’m not sure.

I have a gradle project (https://raw.github.com/barrybecker4/bb4-puzzles/master/build.gradle) that publishes a list of jar files to a Sonatype staging repository. The uploadArchives task appears to run successfully and upload everything, except for one little detail - some of the class jars appear to have gotten rearranged in the process of uploading.

To avoid a lot of duplication, I created a map which describes the jars to be published and the include/exclude directories that correspond to each like this

ext.appMap = new LinkedHashMap()
appMap.put('puzzle', [include:['com/barrybecker4/puzzle/common/**']])
appMap.put('adventure',
    [include:['com/barrybecker4/puzzle/adventure/**'],
     exclude:['com/barrybecker4/puzzle/adventure/**/*.pdf']])
appMap.put('hiq', [include:['com/barrybecker4/puzzle/hiq/**']])
appMap.put('maze', [include:['com/barrybecker4/puzzle/maze/**']])
appMap.put('redpuzzle', [include:['com/barrybecker4/puzzle/redpuzzle/**']])
appMap.put('sudoku', [include:['com/barrybecker4/puzzle/sudoku/**']])
appMap.put('tantrix', [include:['com/barrybecker4/puzzle/tantrix/**']])

Then I apply a common gradle file (https://raw.github.com/barrybecker4/bb4-common/master/bb4-publish.gradle) that will handle the publishing based on this map. I dynamically create tasks for creating the class jars, source jars, and javadoc jars based on the map structure. I thought this was a nice use of the ability to dynamically create tasks. The artifacts and signing configuration similarly use the map to make sure the right archives and signing entries are added. I believe these parts are all working fine.

The problem is most likely in the mavenDeployer configuration and it may be subtle. When I run uploadArchive, everything appears to be signed and uploaded to the Sonatype staging repository correctly, except that some of the jars that were uploaded are not the right size. Upon further inspection, I see that while some are correct, others have been swapped (for example the bb4-maze-1.1.2.jar was uploaded as the bb4-redpuzzle-1.1.2.jar). The manner of the swapping is not reproducible - different jars are wrong each time I upload archives. When I try to close the staging repo, (not surprisingly) it fails on the Signature Validation step with some random subset of the 7 jars reporting a message like

Invalid Signature: ‘/com/barrybecker4/bb4-sudoku/1.1.2/bb4-sudoku-1.1.2.jar.asc’ is not a valid signature for ‘bb4-sudoku-1.1.2.jar’.

It makes me think that there may be some sort of race condition going on, but I’m not sure. Here is what the uploadArchives task looks like:

uploadArchives {
    repositories {
        mavenDeployer {
              beforeDeployment { MavenDeployment deployment ->
                signing.signPom(deployment)
            }
              repository(url: "https://oss.sonatype.org/service/local/staging/deploy/maven2/") {
                authentication(userName: sonatypeUsername, password: sonatypePassword)
            }
            snapshotRepository(url: "https://oss.sonatype.org/content/repositories/snapshots/") {
                authentication(userName: sonatypeUsername, password: sonatypePassword)
            }
              pom.project jarPomConfig
              // creates filters for each jar produced by appMap entries (if any)
            appMap.each { String key, Map value ->
                def jarName = "bb4-$key"
                def jarPom = addFilter("${key}Jar") { artifact, file ->
                    artifact.name == jarName
                }
                jarPom.project jarPomConfig
                jarPom.artifactId = jarName
                jarPom.name = jarName
                  def ascPom = addFilter("${key}Jar.asc") { artifact, file ->
                    artifact.name == "bb4-${key}-${version}.jar.asc"
                }
                ascPom.project jarPomConfig
                ascPom.artifactId = jarName
                ascPom.name = 'asc-' + jarName
                  def ascJavadocPom = addFilter("${key}JavadocJar.asc") { artifact, file ->
                    artifact.name == "bb4-${key}-${version}-javadoc.jar.asc"
                }
                ascJavadocPom.project jarPomConfig
                ascJavadocPom.artifactId = jarName
                ascJavadocPom.name = 'javadoc-' + jarName
                  def ascSourcesPom = addFilter("${key}SourcesJar.asc") { artifact, file ->
                    artifact.name == "bb4-${key}-${version}-sources.jar.asc"
                }
                ascSourcesPom.project jarPomConfig
                ascSourcesPom.artifactId = jarName
                ascSourcesPom.name = 'sources-' + jarName
            }
        }
    }
}

You don’t want to publish checksums, Javadoc, and sources as separate Maven modules. They all belong to the same module as the main Jar. They just need to be declared as additional ‘artifacts {}’ of the ‘archives’ configuration.

Thanks! That got me closer. There are no more jar size mismatches. The poms, javadoc, sources, and their corresponding asc files are all getting uploaded. The only thing missing is that the

bb4-<jarname>-1.1.2.jar.asc files did not upload (even though they are in the build/lib directory).

Here is what I have now. The artifacts and signing configuration now include entries for the ‘asc’ files as you suggested.

artifacts {
    appMap.each { String key, Map value ->
        archives tasks["${key}Jar"]
        archives tasks["${key}JavadocJar"]
        archives tasks["${key}SourcesJar"]
        archives file("build/libs/bb4-${key}-${version}.jar.asc")
        archives file("build/libs/bb4-${key}-${version}-javadoc.jar.asc")
        archives file("build/libs/bb4-${key}-${version}-sources.jar.asc")
    }
}
  signing {
    appMap.each { String key, Map value ->
        sign tasks["${key}Jar"]
        sign tasks["${key}JavadocJar"]
        sign tasks["${key}SourcesJar"]
        sign file("build/libs/bb4-${key}-${version}.jar.asc")
        sign file("build/libs/bb4-${key}-${version}-javadoc.jar.asc")
        sign file("build/libs/bb4-${key}-${version}-sources.jar.asc")
    }
}

And I removed the separate maven modules from the mavenDeployer and now only have one per project.

uploadArchives {
    repositories {
        mavenDeployer {
              beforeDeployment { MavenDeployment deployment ->
                signing.signPom(deployment)
            }
              repository(url: "https://oss.sonatype.org/service/local/staging/deploy/maven2/") {
                authentication(userName: sonatypeUsername, password: sonatypePassword)
            }
            snapshotRepository(url: "https://oss.sonatype.org/content/repositories/snapshots/") {
                authentication(userName: sonatypeUsername, password: sonatypePassword)
            }
              pom.project jarPomConfig
              appMap.each { String key, Map value ->
                def jarName = "bb4-$key"
                def jarPom = addFilter("${key}Jar") { artifact, file ->
                    artifact.name == jarName
                }
                jarPom.project jarPomConfig
                jarPom.artifactId = jarName
                jarPom.name = jarName
            }
        }
    }
}

You don’t need any filter. Shouldn’t need to set project/artifactId/name either, unless the defaults prove to be inadequate. If you do the signing as described in the signing plugin chapter of the Gradle User Guide, signatures should be uploaded correctly.

I worked out the problem. I do need the filter and the project/artifactId to get all the different jars and poms, but I needed to change the artifacts and signing config to the following (I had changed the signing config from this initial setting in early attempts to fix).

artifacts {
    appMap.each { String key, Map value ->
        archives tasks["${key}Jar"]
        archives tasks["${key}JavadocJar"]
        archives tasks["${key}SourcesJar"]
        archives file("build/libs/bb4-${key}-${version}.jar.asc")
    }
}
  signing {
    required { isReleaseVersion }
    sign configurations.archives
}

Thank you so much for your assistance! I successfully created my 1.1.2 release. Final working publish gradle is https://raw.github.com/barrybecker4/bb4-common/master/bb4-publish.gradle