Determining Sonatype host on a per-user level, rather than build/project-level?
rtyley opened this issue · comments
Whether publishing action should be performed to oss.sonatype.org
or s01.oss.sonatype.org
seems to be more like a user-level thing than a build/project-level thing. In my organisation we've got several developers, some of whom are on the older oss.sonatype.org
infrastructure, and some who are on the new s01.oss.sonatype.org
service - consequently, we don't want to commit the new sonatypeCredentialHost
into our project repository, as it'll inevitably be incorrect for at least some of our users until they're all migrated over onto s01.oss.sonatype.org
, which we're just evaluating for now.
Possible solutions
Using the host defined in the credentials
setting
Deriving the correct Sonatype host from the plain-old credentials
setting could work? My current ~/.sbt/1.0/sonatype.sbt
file looks like this:
credentials += Credentials("Sonatype Nexus Repository Manager",
"s01.oss.sonatype.org",
"mySonatypeUsername",
"mySonatypePassword")
...the second parameter has to be s01.oss.sonatype.org
- if it's left at oss.sonatype.org
, then this error occurs:
[MISSING_CREDENTIAL] No credential is found for s01.oss.sonatype.org. Prepare ~/.sbt/(sbt_version)/sonatype.sbt file.
at xerial.sbt.sonatype.SonatypeClient.$anonfun$directCredentials$1(SonatypeClient.scala:45)
at scala.Option.getOrElse(Option.scala:189)
at xerial.sbt.sonatype.SonatypeClient.directCredentials$lzycompute(SonatypeClient.scala:43)
...as it already has to be correct, couldn't the host be read from there rather than the new sonatypeCredentialHost
setting?
Workaround
For now, we can kind of achieve the not-committed-to-the-project-repo arrangement by adding the new setting to our user-home level file (~/.sbt/1.0/sonatype.sbt
):
$ grep sonatypeCredentialHost ~/.sbt/1.0/sonatype.sbt
ThisBuild / sonatypeCredentialHost := "s01.oss.sonatype.org"
...unfortunately, as sonatypeCredentialHost
is a setting provided by the sbt-sonatype
plugin, this also means adding sbt-sonatype
as a user-level plugin (when we'd rather that was committed to the project repo):
$ grep sonatype ~/.sbt/1.0/plugins/plugins.sbt
addSbtPlugin("org.xerial.sbt" % "sbt-sonatype" % "3.9.10")
Thanks for the information. I didn't know new users also need to use s01.oss.sonatype.org for the authentication for accessing old projects. I'd like to confirm whether we can use s01.oss.sonatype.org to update old projects hosted at oss.sonatype.org. If the answer is yes, we should extract sonatypeCredentialHost from the user-provided Credential.
I think I was wrong about choice of Sonatype host being a user-level thing than a build/project-level thing. It actually seems to be determined by the project's groupId
, which I realised after asking Sonatype if they could migrate my work's groupId
for me without also requiring all other developers at my work having to update their credentials at the same time - it turns out they can't, the Sonatype host used for a groupId
has to be migrated for everyone at once or not at all.
At the moment I'm in the state where I publish to the new sonatype host s01.oss.sonatype.org
for my personal groupId
(eg this release), and the old sonatype host oss.sonatype.org
for my work groupId
(example).
I'm closing this issue as I was entirely wrong, but I guess there might still be some improvements that could be made - maybe querying both Sonatype hosts to see where the profile/groupId
is recognised (sbt-sonatype
is currently raising a MISSING_PROFILE
error if you use the wrong Sonatype host?) and then use that one?