Sonatype repository change since February 2021
djice opened this issue · comments
Hi,
I've just created a new component and I want to push it on sonatype using your plugin.
I have an issue in github action for task "run sbt ci-release"
[error] java.io.IOException: Server returned HTTP response code: 403 for URL: https://oss.sonatype.org/content/repositories/snapshots/io/github/***/core_2.11/1.0.0-SNAPSHOT/core_2.11-1.0.0-SNAPSHOT.pom
The url used to push the snapshot is https://oss.sonatype.org When I read the official documentation of sonatype https://central.sonatype.org/pages/releasing-the-deployment.html it seems that since feburary the server to used is not "oss.sonatype.org" but "s01.oss.sonatype.org"
Note: As of February 2021, all new projects began being provisioned on https://s01.oss.sonatype.org/. If your project is not provisioned on https://s01.oss.sonatype.org/, please login to the legacy host https://oss.sonatype.org/.
Is there a way to overwrite the sonatype server url ?
Thanks
Publishing to oss.sonatype.org both for releases and snapshots repositories has been working well even in March 2021. I think the reason of the error would be different. Or this change might have been applied only to newly registered sonatype users.
If necessary, you can overwrite sonatypeRepository setting to point to a different repository.
Hi,
yes new users do not have rights on oss.sonatype.org
In my build.sbt I add
sonatypeRepository := "https://s01.oss.sonatype.org/service/local" sonatypeCredentialHost:= "s01.oss.sonatype.org"
But I already have the same issue
[error] java.io.IOException: Server returned HTTP response code: 403 for URL: https://oss.sonatype.org/content/repositories/snapshots/core/core_2.11/1.0.0-SNAPSHOT/core_2.11-1.0.0-SNAPSHOT.pom [error] at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
The 403 error is because the groupId in your POM does not match the groupId you were granted permissions for on s01.oss.sonatype.org. The error text implies that your groupId is simply core, and that doesn't look like any groupId that you'd be allowed to publish under, so the 403 is expected.
Hi,
now I have right on oss.sonatype.org and it works like a charm.
thanks
I can't get this to work.
I struggled for a long time trying to set sonatypeRepository and sonatypeCredentialHost in different scopes only to discover that it has to be on the root project.
Even after doing that it still fails with:
2021-03-06 07:37:22.631Z info [SonatypeService] sonatypeRepository : https://s01.oss.sonatype.org/service/local - (SonatypeService.scala:23)
2021-03-06 07:37:22.635Z info [SonatypeService] sonatypeProfileName : nz.co.bottech - (SonatypeService.scala:24)
[info] Preparing a new staging repository for [sbt-sonatype] scala2plantuml 0.1.9
2021-03-06 07:37:22.636Z info [SonatypeClient] Reading staging repository profiles... - (SonatypeClient.scala:108)
2021-03-06 07:37:23.870Z info [SonatypeClient] Reading staging profiles... - (SonatypeClient.scala:120)
2021-03-06 07:37:23.957Z info [SonatypeService] No previous staging repository for [sbt-sonatype] scala2plantuml 0.1.9 was found - (SonatypeService.scala:96)
2021-03-06 07:37:23.964Z info [SonatypeClient] Creating a staging repository in profile nz.co.bottech with a description key: [sbt-sonatype] scala2plantuml 0.1.9 - (SonatypeClient.scala:126)
2021-03-06 07:37:24.427Z info [SonatypeClient] Created successfully: nzcobottech-1001 - (SonatypeClient.scala:139)
2021-03-06 07:37:24.519Z info [SonatypeClient] Uploading bundle /home/runner/work/scala2plantuml/scala2plantuml/target/sonatype-staging/0.1.9 to https://oss.sonatype.org/service/local/staging/deployByRepositoryId/nzcobottech-1001/ - (SonatypeClient.scala:288)
2021-03-06 07:37:24.802Z error [Sonatype]
java.io.IOException: Failure:java.util.concurrent.ExecutionException: java.io.IOException: Unexpected server response: 401 Unauthorized
at org.sonatype.spice.zapper.internal.transport.AbstractChargerClient.doUpload(AbstractChargerClient.java:65)
at org.sonatype.spice.zapper.internal.transport.AbstractClient.upload(AbstractClient.java:104)
at org.sonatype.spice.zapper.internal.transport.AbstractClient.upload(AbstractClient.java:61)
at xerial.sbt.sonatype.SonatypeClient.$anonfun$uploadBundle$1(SonatypeClient.scala:289)
I've just spent ages trying to track this down and debug it which is not that easy considering I need to replicate my CI environment to get the commands to do the right things and I discovered that despite there being these URL settings the deploy URL is hard coded in xerial.sbt.sonatype.SonatypeClient.StagingRepositoryProfile#deployUrl.
sbt-sonatype 3.9.6 has been released so that we can switch the target just with sonatypeCredentialHost := "s01.oss.sonatype.org" setting. Thanks @steinybot for the PR!
Hi, I still have an issue :
java.io.IOException: Server returned HTTP response code: 403 for URL: https://oss.sonatype.org/content/repositories/snapshots/...
Am I alone ?
@larousso Are you setting sonatypeCredentialHost := "s01.oss.sonatype.org" with sbt-sonatype 3.9.6?
Yes I am
ThisBuild / sonatypeRepository := "https://s01.oss.sonatype.org/service/local"
ThisBuild / sonatypeCredentialHost := "s01.oss.sonatype.org"
publishTo := sonatypePublishToBundle.value
I've tried only with
ThisBuild / sonatypeRepository := "https://s01.oss.sonatype.org/service/local"
But same result.
At the moment, I've tried sbt publishSigned for a snapshot version
I've just found publishing to snapshot repo still points to the legacy repository. ok. I'll add a fix
@xerial what are the symptoms of that? I was trying to do snapshot releases and were getting a "too many redirects" error. From the logs it wasn't obvious that it was using the wrong URL.
sonatypeSnapshot resolver, which is pre-defined in sbt, uses oss.sonatype.org. We need to be able to configure it as well:
Publishing to snapshot repositories is managed by sbt, not by sbt-sonatype. If publishTo is properly configured to use s01 repo in sonatypePublishToBundle setting, I think it would work as expected.
@larousso @steinybot Just created a snapshot version #220 that probably fixes this issue https://oss.sonatype.org/content/repositories/snapshots/org/xerial/sbt/sbt-sonatype_2.12_1.0/3.9.7-SNAPSHOT/
Could you try it to confirm whether it fixes the issue?
@larousso @steinybot Just created a snapshot version #220 that probably fixes this issue https://oss.sonatype.org/content/repositories/snapshots/org/xerial/sbt/sbt-sonatype_2.12_1.0/3.9.7-SNAPSHOT/
Could you try it to confirm whether it fixes the issue?
It works! I was able to publish a snapshot version of my multi-project to the new Sonatype repo with 3.9.7-SNAPSHOT. Thank you all!!
Hi, it works fine for both snapshot and release! Thanks
Great! ok. I'll release this version as 3.9.7.
Published sbt-sonatype 3.9.7
I'm using sbt-sonatype 3.9.7 with
sonatypeCredentialHost := "s01.oss.sonatype.org",
sonatypeRepository := "https://s01.oss.sonatype.org/service/local",
It still isn't working, I can't get SNAPSHOT published, I'm getting
java.net.ProtocolException: Server redirected too many times (20)
What am I doing wrong?
What am I doing wrong?
You, idiot, have been using token credentials from oss.sonatype.org (the old host) the whole time. You are supposed to use token credentials from s01.oss.sonatype.org (the new host).