I think we'll have to "agree to disagree" on this one.
But I'll note that by following the same logic presented below,
CloudFormation and Terraform would require the developer to log into the
AWS console to finalize a deployment. That similarly would be
unacceptable to me.
Thanks for pointing out that this plugin is end-of-life and explaining
the implications of dropping it.
Garret
On 7/30/2023 6:44 PM, Tamás Cservenák wrote:
Well, I disagree:
The App UI you are staging to will show you:
- who staged,
- what is staged
- in case or error (ie. signature mismatch or checksum mismatch) where are
the problems
- etc
Is not prone to errors, as you do not modify content at all by doing that
(Maven did deliver it already), reproducibility really depends only on your
build, not this 3rd party service (they blindly accepts bytes and just
checks some rules "ok"/"not ok"), as for security you already provided
credentials while staging.
Given the "stability" history of oss or s01, I have to say that it is even
_desirable_ to be able to use UI for these steps, as otherwise you are just
"burning" versions (failed releases) for reasons totally unrelated to
Maven, but for some 3rd party service that provides you "way" to get
something to Central.
Unless... we talk about some private Nx instance? Or Sonatype oss one? As
in that case scripting would work for it.
After all, this is proprietary software (they call it "oss" but is more
like "free"), with its own proprietary REST API...
T
On Sun, Jul 30, 2023 at 11:37 PM Garret Wilson <gar...@globalmentor.com>
wrote:
On 7/30/2023 6:32 PM, Tamás Cservenák wrote:
There is no need for another plugin... well, let me explain:
all the "vanilla" plugins of Maven (install, deploy, release) support
everything that aforementioned plugin does: install at end, deploy at
end,
stage/deploy, there is ONLY two things they cannot do: "close" and
"release" (the staging repo).
For those two things, you'd need to use the browser, navigate to oss or
s01
server, log in, and using Nexus UI close or release your staging
repository.
If this is acceptable to you, you should just drop the use of that
plugin.
Requiring me to use my browser and log into a site and muck around with
a mouse just to release software is not acceptable.
That might have been acceptable in 2003.
We just don't do things like that nowadays. It's not just for
convenience. It's bad practice, prone to errors, hard to reproduce,
introduces security issues, unwieldy to maintain, and a general
infrastructure-as-code anti-pattern for 100 reasons, which you can
probably recite as well as I can.
Garret
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
For additional commands, e-mail: users-h...@maven.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
For additional commands, e-mail: users-h...@maven.apache.org
