[ https://issues.apache.org/jira/browse/LOG4J2-3466?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matt Sicker resolved LOG4J2-3466. --------------------------------- Resolution: Fixed This has been completed as of 2.20.something (I forget which) after Volkan implemented this in smaller repos here first. 🎉 > Automate artifact publishing and release preparation > ---------------------------------------------------- > > Key: LOG4J2-3466 > URL: https://issues.apache.org/jira/browse/LOG4J2-3466 > Project: Log4j 2 > Issue Type: Improvement > Components: Build > Affects Versions: 3.0.0, 2.18.0 > Reporter: Matt Sicker > Assignee: Volkan Yazici > Priority: Major > > Ever since migrating from Jenkins to GitHub Actions, we no longer have > snapshots being published. Besides remedying just that missing piece, we > should step things up here and automate as much of the snapshot and release > process as possible. This will allow interested users following development > to try out snapshots again, and it will enable release managers in the PMC to > almost trivially cut release candidates for a release vote. > To do this, this will involve updating our workflows to support building, > testing, packaging, signing, and publishing the resulting artifacts to the > ASF Maven repository. On Jenkins, it was simple to publish snapshots as there > was an included Maven settings file for doing so. In order to do the same > from an Action, a Nexus API key would likely need to be generated and > imported as a secret into Actions. > For signing purposes, there's the [sigstore > project|https://www.sigstore.dev/] that has an interesting approach to > signing artifacts built in these types of automation environments. This > should hopefully alleviate the need for importing GPG keys into Actions. See > [https://github.com/sigstore/sigstore-maven-plugin] for a Maven plugin. > [Airflow|https://cwiki.apache.org/confluence/display/INFRA/Github+Actions+to+DockerHub] > has some docs related to how they've managed to automate things similarly > and how to work with the existing ASF release policy (it may be that a > release manager will still have to manually add GPG sigs to staged artifacts > or something like that). -- This message was sent by Atlassian Jira (v8.20.10#820010)