Please remove test upload of plugin, which is not yet approved anyways


(Uwe Schindler) #1

I am currently trying to “republish” plugins already published on Maven central also in the plugins portal.

As there is no direct support for this I was trying some variants to achieve this (e.g., download the plugin jar from maven central and republish it with a build.gradle file).

Unfortunately on my last attempt there was a broken JAR file uploaded and there is no way to override it, although the plugin is not yet published (awaiting approval).
Could you undo the upload for me?

ID of plugin: de.thetaphi.forbiddenapis

In general before proceeding I’d like to get information about how to proceed:

  • I have a Gradle plugin (also works in Maven and Ant) that was uploaded to Maven central in various versions (forbiddenapis plugin, which is quite famous already in mayn opensource projects around Apache Lucene)
  • The plugin is not built with Gradle!!! It builds the JAR file with Ant and Maven (there are several reasons for this, one is that it requires very specific versions of Ant, which make a build with Gradle impossible). It is also a single JAR file containing Ant, CLI, Maven and Gradle integration. The plugin works already with the old style “apply plugin”, but I’d like to make it available for the new plugin DSL.

Is there a way to “republish” already existing plugins with JAR files built by different tools (not Gradle) just by pointing the gradle plugin publishing plugin to an existing Maven artifact? I did not find a solution for this. I also did not find the source code of the “plugin publishing plugin”, so I have no idea about its tasks and properties!

Thanks,
Uwe


(Uwe Schindler) #2

Hi,
I was able to get the process right and successfully pushed a previous version of the plugin (which is still not yet approved - that’s good, because it was a test only). But once you published the artifacts, you cannot repeat the same thing as it always complains about it already existing. IMHO this process should be imporved. Once you published a plugin, there should be a way (like on the sonatype Maven reposityory manager) to verify everything and then do the release. Is this planned? The current process is too fragile, especially if you plugin is a non-standard one.

So my question:

  • Could you verify version 2.4 of de.thetaphi.forbiddenapis to conformance with the repository guidelines? And if all is fine approve it.
  • After approval delete all currently pushed artifacts and versions, so I can send them again (most importantly, version 2.5).

For those who are interested, I used the following gradle file as a hack to push the artifacts. It declares my already existing plugin on mavenCentral() as a new configuration. Then it uses a spearate copy Task to copy the artifacts to the libsDir folder. All preexisting Jar tasks from the Java plugin are disabled (so they don’t run - they would only produce empty jar files). This allows to use the publishPlugins task successfully:

/*
 * (C) Copyright Uwe Schindler (Generics Policeman) and others.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

plugins {
  id "com.gradle.plugin-publish" version "0.10.0"
}

def publishGroup = 'de.thetaphi'
group = 'de.thetaphi.ignored'
version = '2.5'

pluginBundle {
  website = 'https://github.com/policeman-tools/forbidden-apis'
  vcsUrl = 'https://github.com/policeman-tools/forbidden-apis'

  plugins {
    forbiddenApisPlugin {
      id = 'de.thetaphi.forbiddenapis'
      displayName = 'Policeman\'s Forbidden API Checker'
      description = 'Allows to parse Java byte code to find invocations of method/class/field signatures and fail build.'
      tags = ['forbiddenapis', 'verification', 'code checker', 'static analysis']
    }
  }

  mavenCoordinates {
    groupId = publishGroup
    artifactId = project.name
  }
}

repositories {
  mavenCentral()
  mavenLocal()
}

configurations {
  pluginArtifacts.transitive = false
}

dependencies {
  pluginArtifacts group: publishGroup, name: project.name, version: project.version
  pluginArtifacts group: publishGroup, name: project.name, version: project.version, classifier: 'sources'
}

task copyPluginArtifacts(type: Copy) {
  group 'Build'
  description 'Copies plugin artifacts (from Maven) to local folder for publishing'
  from configurations.pluginArtifacts
  into libsDir
}

publishPlugins {
  dependsOn('copyPluginArtifacts')
}

afterEvaluate {
  configurations.archives.artifacts.removeAll{
    it.classifier=='javadoc'
  }
  tasks.withType(Jar) {
    enabled = false
  }
}

(Uwe Schindler) #3

FYI, here is the issue requesting the forbiddenapis plugin to be included into the Gradle Plugin portal: https://github.com/policeman-tools/forbidden-apis/issues/107


(Uwe Schindler) #4

Hi,
after the plugin groupId was approved, I was able to delete the 2.5 version and reupload it again!
So this issue should be fine now.

Nevertheless, it would be good to have an option in the plugin-publisher to release plugins already hosted in Maven Central / JCenter using a “pom” only upload.


(Eric Wendelin) #5

Geez you’re quick :slight_smile:

I was just writing to let you know you could delete plugin versions yourself.

Sorry for the approval delay. Have a good day.

Cheers,
Eric


(Uwe Schindler) #6

No problem, many thanks! I now released all versions available via the plugin portal.

Do you have any update if a simpler way without my “hack” build.gradle is planned to release preexisting plugins? IMHO, the artifacts of the main JAR file could stay on Maven Central / JCenter, only the glue artifacts (pom only) should be placed on the plugin portal. Because now the plugin is released 2 times.