diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d04018591e..8eab1f2e47 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -43,3 +43,25 @@ jobs: # Only run tests in `graal-native-image-test` (and implicitly build and run tests in `gson`), # everything else is covered already by regular build job above run: mvn test --batch-mode --update-snapshots --no-transfer-progress --activate-profiles native-image-test --projects graal-native-image-test --also-make + + verify-reproducible-build: + name: "Verify that build is reproducible" + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - name: "Set up JDK 17" + uses: actions/setup-java@v3 + with: + distribution: 'temurin' + java-version: 17 + cache: 'maven' + + - name: "Verify no plugin issues" + run: mvn artifact:check-buildplan + + - name: "Verify reproducible build" + # See https://maven.apache.org/guides/mini/guide-reproducible-builds.html#how-to-test-my-maven-build-reproducibility + run: | + mvn clean install --batch-mode --update-snapshots --no-transfer-progress -Dproguard.skip -DskipTests + mvn clean verify artifact:compare --batch-mode --update-snapshots --no-transfer-progress -Dproguard.skip -DskipTests diff --git a/ReleaseProcess.md b/ReleaseProcess.md index 35103557ea..7f2b816b35 100644 --- a/ReleaseProcess.md +++ b/ReleaseProcess.md @@ -37,6 +37,72 @@ This section was borrowed heavily from [Doclava release process](https://code.go See [OSSRH Publish Guide](https://central.sonatype.org/publish/publish-guide/). +## Testing Maven release workflow locally + +The following describes how to perform the steps of the release locally to verify that they work as desired. + +**Warning:** Be careful with this, these steps might be outdated or incomplete. Doublecheck that you are working on a copy of your local Gson Git repository and make sure you have followed all steps. To be safe you can also temporarily turn off your internet connection to avoid accidentally pushing changes to the real remote Git or Maven repository.\ +As an alternative to the steps described below you can instead [perform a dry run](https://maven.apache.org/maven-release/maven-release-plugin/usage.html#do-a-dry-run), though this might not behave identical to a real release. + +1. Make a copy of your local Gson Git repository and only work with that copy +2. Make sure you are on the `main` branch +3. Create a temp directory outside the Gson directory\ + In the following steps this will be called `#gson-remote-temp#`; replace this with the actual absolute file path of the directory, using only forward slashes. For example under Windows `C:\my-dir` becomes `C:/my-dir`. +4. Create the directory `#gson-remote-temp#/git-repo` +5. In that directory run + + ```sh + git init --bare --initial-branch=main . + ``` + +6. Create the directory `#gson-remote-temp#/maven-repo` +7. Edit the root `pom.xml` of Gson + 1. Change the `` to + + ```txt + scm:git:file:///#gson-remote-temp#/git-repo + ``` + + 2. Change the `` of the `` to + + ```txt + file:///#gson-remote-temp#/maven-repo + ``` + + 3. If you don't want to use GPG, remove the `maven-gpg-plugin` entry from the 'release' profile.\ + There is also an entry under ``; you can remove that as well. +8. Commit the changes using Git +9. Change the remote repository of the Git project + + + ```txt + git remote set-url origin file:///#gson-remote-temp#/git-repo + ``` + +10. Push the changes + + ```sh + git push origin main + ``` + +Now you can perform the steps of the release: + +1. ```sh + mvn release:clean + ``` + +2. ```sh + mvn release:prepare + ``` + +3. ```sh + mvn release:perform + ``` + +4. Verify that `#gson-remote-temp#/git-repo` and `#gson-remote-temp#/maven-repo` contain all the desired changes +5. Afterwards delete all Gson files under `${user.home}/.m2/repository/com/google/code/gson` which have been installed in your local Maven repository during the release.\ + Otherwise Maven might not download the real Gson artifacts with these version numbers, once they are released. + ## Running Benchmarks or Tests on Android * Download vogar diff --git a/extras/pom.xml b/extras/pom.xml index d958bea74b..c792292ebc 100644 --- a/extras/pom.xml +++ b/extras/pom.xml @@ -27,6 +27,12 @@ Gson Extras Google Gson grab bag of utilities, type adapters, etc. + + + + 2023-01-01T00:00:00Z + + Apache-2.0 diff --git a/graal-native-image-test/pom.xml b/graal-native-image-test/pom.xml index 6f5db9cbee..02d395c839 100644 --- a/graal-native-image-test/pom.xml +++ b/graal-native-image-test/pom.xml @@ -13,9 +13,7 @@ See the License for the specific language governing permissions and limitations under the License. --> - + 4.0.0 @@ -27,6 +25,10 @@ graal-native-image-test + + + 2023-01-01T00:00:00Z + 11 diff --git a/gson/pom.xml b/gson/pom.xml index 36c12cfa73..527800d390 100644 --- a/gson/pom.xml +++ b/gson/pom.xml @@ -34,6 +34,10 @@ + + + 2023-01-01T00:00:00Z + **/Java17* diff --git a/metrics/pom.xml b/metrics/pom.xml index bfc10c2b2c..fed952242d 100644 --- a/metrics/pom.xml +++ b/metrics/pom.xml @@ -27,6 +27,12 @@ Gson Metrics Performance Metrics for Google Gson library + + + + 2023-01-01T00:00:00Z + + Apache-2.0 diff --git a/pom.xml b/pom.xml index 7169230b6c..2e27d2ac13 100644 --- a/pom.xml +++ b/pom.xml @@ -14,8 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. --> - + 4.0.0 com.google.code.gson @@ -40,6 +39,10 @@ UTF-8 7 11 + + + + 2023-01-01T00:00:00Z - - + + true @@ -175,10 +178,29 @@ true true - + + + + + + org.apache.maven.plugins + maven-artifact-plugin + 3.5.0 + + + + buildinfo + + + + @@ -350,6 +372,7 @@ + com.github.siom79.japicmp @@ -381,6 +404,7 @@ + + + 2023-01-01T00:00:00Z + + Apache-2.0 diff --git a/shrinker-test/pom.xml b/shrinker-test/pom.xml index 0420a8b494..0c96a4749f 100644 --- a/shrinker-test/pom.xml +++ b/shrinker-test/pom.xml @@ -14,9 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. --> - + 4.0.0 @@ -28,6 +26,10 @@ shrinker-test + + + 2023-01-01T00:00:00Z + 8