diff --git a/build.gradle b/build.gradle index cdf1199..2359245 100644 --- a/build.gradle +++ b/build.gradle @@ -347,14 +347,14 @@ afterEvaluate { } publications { - release(MavenPublication) { - // The plugin-publish plugin enables withSourcesJar()/withJavadocJar() on the java - // component, so components.java already carries the sources and javadoc jars; adding - // them again here would fail with "multiple artifacts with the identical ... classifier". - from components.java - groupId = project.group + // java-gradle-plugin (via plugin-publish) already creates the `pluginMaven` publication + // from components.java, with the sources and javadoc jars attached. Reuse it for BOTH + // Maven Central and the Plugin Portal rather than maintaining a second hand-rolled + // publication: a single publication means a single set of artifacts and a single signing + // task, which avoids two Sign tasks writing the same `*.asc` files. Keep the Maven Central + // coordinate as `com.deploygate:gradle` (not the project name) for back-compat. + pluginMaven { artifactId = archivesBaseName - version = project.version pom { name = "Gradle DeployGate Plugin" description = "This is the DeployGate plugin for the Gradle. You can build and deploy your apps to DeployGate by running a single task." @@ -378,12 +378,22 @@ afterEvaluate { } signing { - required { (isRelease() || System.getenv("RELEASE_SCRIPT_TEST") == "true") && gradle.taskGraph.hasTask("publishReleasePublicationToMavenRepository") } + // Match by task name rather than gradle.taskGraph.hasTask(""): hasTask compares the + // full task path (e.g. ":publishPluginMavenPublicationToMavenRepository"), so the bare name + // never matched and signing was effectively never "required". Matching the name makes the + // gate fail fast when a release runs without a signing key. + required { + (isRelease() || System.getenv("RELEASE_SCRIPT_TEST") == "true") && gradle.taskGraph.allTasks.any { + it.name == "publishPluginMavenPublicationToMavenRepository" + } + } def signingKey = findProperty("signingKey") def signingPassword = findProperty("signingPassword") useInMemoryPgpKeys(signingKey, signingPassword) - publishing.publications.configureEach { publication -> sign publication } + // No explicit `sign` call: the plugin-publish plugin already signs the `pluginMaven` and + // marker publications once the signing plugin is applied. Adding our own `sign` here would + // double-sign the shared jars and produce conflicting `*.asc` outputs. } } } diff --git a/release.sh b/release.sh index 8ef56db..e6b797e 100755 --- a/release.sh +++ b/release.sh @@ -3,10 +3,10 @@ set -euo pipefail # Publish in a single build to: -# * Maven Central -> publishReleasePublicationToMavenRepository (com.deploygate:gradle) -# * Plugin Portal -> publishPlugins (id com.deploygate) +# * Maven Central -> publishPluginMavenPublicationToMavenRepository (com.deploygate:gradle) +# * Plugin Portal -> publishPlugins (id com.deploygate) ./gradlew clean build \ - publishReleasePublicationToMavenRepository \ + publishPluginMavenPublicationToMavenRepository \ publishPlugins \ --stacktrace